# Flog Txt Version 1 # Analyzer Version: 2024.2.1 # Analyzer Build Date: Mar 23 2024 12:02:19 # Log Creation Date: 06.04.2024 09:36:25.898 Process: id = "1" image_name = "installer.exe" filename = "c:\\users\\oqxzraykm\\desktop\\installer.exe" page_root = "0x2a88b000" os_pid = "0x75c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0xa64" cmd_line = "\"C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe\" " cur_dir = "C:\\Users\\OqXZRaykm\\Desktop\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001bd08" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 137 start_va = 0x10000 end_va = 0x83fff monitored = 1 entry_point = 0x73e7e region_type = mapped_file name = "installer.exe" filename = "\\Users\\OqXZRaykm\\Desktop\\Installer.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe") Region: id = 138 start_va = 0x90000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 139 start_va = 0xb0000 end_va = 0xb1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 140 start_va = 0xc0000 end_va = 0xdcfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 141 start_va = 0xe0000 end_va = 0x11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 142 start_va = 0x120000 end_va = 0x123fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 143 start_va = 0x130000 end_va = 0x130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000130000" filename = "" Region: id = 144 start_va = 0x140000 end_va = 0x141fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 145 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 146 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 147 start_va = 0x77d40000 end_va = 0x77ee1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 148 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 149 start_va = 0xfffb0000 end_va = 0xfffb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fffb0000" filename = "" Region: id = 150 start_va = 0xfffc0000 end_va = 0xfffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fffc0000" filename = "" Region: id = 151 start_va = 0xffff0000 end_va = 0xffffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000ffff0000" filename = "" Region: id = 152 start_va = 0x7fffcca30000 end_va = 0x7fffccc23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 305 start_va = 0xfffa0000 end_va = 0xfffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffa0000" filename = "" Region: id = 306 start_va = 0xfff70000 end_va = 0xfff90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff70000" filename = "" Region: id = 307 start_va = 0x500000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 308 start_va = 0x7fffcc7d0000 end_va = 0x7fffcc828fff monitored = 0 entry_point = 0x7fffcc7e8ff0 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 309 start_va = 0x7fffcba50000 end_va = 0x7fffcbad2fff monitored = 0 entry_point = 0x7fffcba5fb00 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 310 start_va = 0x77d30000 end_va = 0x77d39fff monitored = 0 entry_point = 0x77d312e0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 311 start_va = 0xfff60000 end_va = 0xfff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff60000" filename = "" Region: id = 312 start_va = 0xfff40000 end_va = 0xfff50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff40000" filename = "" Region: id = 313 start_va = 0x640000 end_va = 0x86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 314 start_va = 0x70380000 end_va = 0x703d1fff monitored = 1 entry_point = 0x703af100 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 315 start_va = 0x75ce0000 end_va = 0x75dcffff monitored = 0 entry_point = 0x75cff5a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 316 start_va = 0x77580000 end_va = 0x77792fff monitored = 0 entry_point = 0x77694030 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 317 start_va = 0x90000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000090000" filename = "" Region: id = 318 start_va = 0xffe40000 end_va = 0xfff3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000ffe40000" filename = "" Region: id = 319 start_va = 0x150000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 320 start_va = 0x500000 end_va = 0x5c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 321 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 322 start_va = 0x7fff0000 end_va = 0x7fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 323 start_va = 0x80000000 end_va = 0x8000ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000080000000" filename = "" Region: id = 324 start_va = 0x75b80000 end_va = 0x75c1efff monitored = 0 entry_point = 0x75bb85c0 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 325 start_va = 0xa0000 end_va = 0xa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 326 start_va = 0xffa60000 end_va = 0xffe3cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 327 start_va = 0x75ff0000 end_va = 0x76068fff monitored = 0 entry_point = 0x76001a00 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 328 start_va = 0x77ad0000 end_va = 0x77b8efff monitored = 0 entry_point = 0x77b05ac0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 329 start_va = 0x150000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 330 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 331 start_va = 0x640000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 332 start_va = 0x770000 end_va = 0x86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 333 start_va = 0x76c20000 end_va = 0x76c94fff monitored = 0 entry_point = 0x76c3f710 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 334 start_va = 0x75c20000 end_va = 0x75cd9fff monitored = 0 entry_point = 0x75c5a2c0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 335 start_va = 0x870000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 336 start_va = 0x702f0000 end_va = 0x7037cfff monitored = 1 entry_point = 0x70302870 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 337 start_va = 0x76bd0000 end_va = 0x76c14fff monitored = 0 entry_point = 0x76be7870 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 338 start_va = 0x870000 end_va = 0x8defff monitored = 1 entry_point = 0x8d3e7e region_type = mapped_file name = "installer.exe" filename = "\\Users\\OqXZRaykm\\Desktop\\Installer.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe") Region: id = 339 start_va = 0x930000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 340 start_va = 0x758f0000 end_va = 0x758fefff monitored = 0 entry_point = 0x758f4830 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 341 start_va = 0x752b0000 end_va = 0x752b7fff monitored = 0 entry_point = 0x752b1800 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 342 start_va = 0x6fb40000 end_va = 0x702effff monitored = 1 entry_point = 0x6fb5d1d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 343 start_va = 0x769d0000 end_va = 0x76b63fff monitored = 0 entry_point = 0x76a09860 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 344 start_va = 0x6fb20000 end_va = 0x6fb33fff monitored = 0 entry_point = 0x6fb2ac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 345 start_va = 0x77ab0000 end_va = 0x77ac7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\SysWOW64\\win32u.dll" (normalized: "c:\\windows\\syswow64\\win32u.dll") Region: id = 346 start_va = 0x767c0000 end_va = 0x767e2fff monitored = 0 entry_point = 0x767c73c0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 347 start_va = 0x190000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 348 start_va = 0x940000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000940000" filename = "" Region: id = 349 start_va = 0x6fa70000 end_va = 0x6fb1afff monitored = 0 entry_point = 0x6fb05f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 350 start_va = 0x774a0000 end_va = 0x7757afff monitored = 0 entry_point = 0x774ffc10 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\SysWOW64\\gdi32full.dll" (normalized: "c:\\windows\\syswow64\\gdi32full.dll") Region: id = 351 start_va = 0x76740000 end_va = 0x767bafff monitored = 0 entry_point = 0x76757800 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\SysWOW64\\msvcp_win.dll" (normalized: "c:\\windows\\syswow64\\msvcp_win.dll") Region: id = 352 start_va = 0x77380000 end_va = 0x7749ffff monitored = 0 entry_point = 0x773ab170 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 353 start_va = 0xb0000 end_va = 0xb7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000b0000" filename = "" Region: id = 354 start_va = 0x5d0000 end_va = 0x5f2fff monitored = 0 entry_point = 0x5d4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 355 start_va = 0xa40000 end_va = 0xc3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 356 start_va = 0x75ec0000 end_va = 0x75ee4fff monitored = 0 entry_point = 0x75ec4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 357 start_va = 0xc40000 end_va = 0xdc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c40000" filename = "" Region: id = 358 start_va = 0xdd0000 end_va = 0x21d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000dd0000" filename = "" Region: id = 359 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 360 start_va = 0x777e0000 end_va = 0x77a5ffff monitored = 0 entry_point = 0x7791a960 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 361 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 362 start_va = 0x5d0000 end_va = 0x5d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 363 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 364 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 365 start_va = 0x600000 end_va = 0x60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 366 start_va = 0x610000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000610000" filename = "" Region: id = 367 start_va = 0x620000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 368 start_va = 0x740000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 369 start_va = 0x750000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 370 start_va = 0x760000 end_va = 0x760fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 371 start_va = 0x870000 end_va = 0x870fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 372 start_va = 0x21e0000 end_va = 0x235ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 373 start_va = 0x2360000 end_va = 0x255ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 374 start_va = 0x880000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 375 start_va = 0x21e0000 end_va = 0x22dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 376 start_va = 0x2350000 end_va = 0x235ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 377 start_va = 0x8c0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 378 start_va = 0x2560000 end_va = 0x455ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 379 start_va = 0x2360000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 380 start_va = 0x2550000 end_va = 0x255ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002550000" filename = "" Region: id = 381 start_va = 0x8c0000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 382 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 383 start_va = 0x4560000 end_va = 0x4897fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 384 start_va = 0x6e660000 end_va = 0x6fa6dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll") Region: id = 385 start_va = 0x77290000 end_va = 0x77372fff monitored = 0 entry_point = 0x772bc600 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 386 start_va = 0x777e0000 end_va = 0x77a5ffff monitored = 0 entry_point = 0x7791a960 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 387 start_va = 0x48a0000 end_va = 0x4939fff monitored = 0 entry_point = 0x48d5a20 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 388 start_va = 0x77230000 end_va = 0x7728bfff monitored = 0 entry_point = 0x77260900 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 389 start_va = 0x74e80000 end_va = 0x74ef3fff monitored = 0 entry_point = 0x74eb7550 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 390 start_va = 0x48a0000 end_va = 0x49bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048a0000" filename = "" Region: id = 391 start_va = 0x900000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 392 start_va = 0x6dc00000 end_va = 0x6e656fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\dad683d51ebee37f8c55ac9c2f867e12\\system.ni.dll") Region: id = 393 start_va = 0x6d3e0000 end_va = 0x6dbf7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\77d580262e90f1a2bf25b9b1b608c6e6\\system.core.ni.dll") Region: id = 394 start_va = 0x6cfc0000 end_va = 0x6d3dafff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "windowsbase.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\WindowsBase\\eec592cafd8ccf52872d1d23769d81a6\\WindowsBase.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\windowsbase\\eec592cafd8ccf52872d1d23769d81a6\\windowsbase.ni.dll") Region: id = 395 start_va = 0x72cf0000 end_va = 0x72d02fff monitored = 0 entry_point = 0x72cf5d30 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 396 start_va = 0x910000 end_va = 0x916fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 397 start_va = 0x716e0000 end_va = 0x7170efff monitored = 0 entry_point = 0x716ebb00 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 398 start_va = 0x76070000 end_va = 0x76088fff monitored = 0 entry_point = 0x760793e0 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 399 start_va = 0x73b90000 end_va = 0x73b99fff monitored = 0 entry_point = 0x73b92a60 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 400 start_va = 0x6c380000 end_va = 0x6cfbcfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "presentationcore.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\PresentationCore\\b0d978303701c987200711127e3107e5\\PresentationCore.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentationcore\\b0d978303701c987200711127e3107e5\\presentationcore.ni.dll") Region: id = 401 start_va = 0x6af90000 end_va = 0x6c373fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "presentationframework.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Presentatio5ae0f00f#\\b291ddc51cbbc19e0382aec3451822d2\\PresentationFramework.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentatio5ae0f00f#\\b291ddc51cbbc19e0382aec3451822d2\\presentationframework.ni.dll") Region: id = 402 start_va = 0x6ad80000 end_va = 0x6af82fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xaml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xaml\\d6ea68da718706006115d7861d0f2687\\System.Xaml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xaml\\d6ea68da718706006115d7861d0f2687\\system.xaml.ni.dll") Region: id = 403 start_va = 0x725c0000 end_va = 0x727cbfff monitored = 0 entry_point = 0x72678fe0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 404 start_va = 0x6abf0000 end_va = 0x6ad7cfff monitored = 1 entry_point = 0x6ac09800 region_type = mapped_file name = "wpfgfx_v0400.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpfgfx_v0400.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wpf\\wpfgfx_v0400.dll") Region: id = 405 start_va = 0x76ca0000 end_va = 0x76d3afff monitored = 0 entry_point = 0x76cd5a20 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 406 start_va = 0x6ab80000 end_va = 0x6abeafff monitored = 0 entry_point = 0x6abba900 region_type = mapped_file name = "msvcp140_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcp140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcp140_clr0400.dll") Region: id = 407 start_va = 0x6aa90000 end_va = 0x6ab72fff monitored = 1 entry_point = 0x6aac68e0 region_type = mapped_file name = "presentationnative_v0400.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wpf\\presentationnative_v0400.dll") Region: id = 408 start_va = 0x6aa00000 end_va = 0x6aa88fff monitored = 1 entry_point = 0x6aa01130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 409 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 410 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 411 start_va = 0x6a8f0000 end_va = 0x6a9f4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\bdd5625eea3b03a8be11204987738096\\system.configuration.ni.dll") Region: id = 412 start_va = 0x6a170000 end_va = 0x6a8e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\system.xml.ni.dll") Region: id = 413 start_va = 0x76090000 end_va = 0x76636fff monitored = 0 entry_point = 0x76209e50 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 414 start_va = 0x733d0000 end_va = 0x739d2fff monitored = 0 entry_point = 0x735aae30 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 415 start_va = 0x733a0000 end_va = 0x733c2fff monitored = 0 entry_point = 0x733a8580 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\SysWOW64\\wldp.dll" (normalized: "c:\\windows\\syswow64\\wldp.dll") Region: id = 416 start_va = 0x76640000 end_va = 0x766c6fff monitored = 0 entry_point = 0x76682d70 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 417 start_va = 0x22f0000 end_va = 0x22f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022f0000" filename = "" Region: id = 418 start_va = 0x72f20000 end_va = 0x72f37fff monitored = 0 entry_point = 0x72f2a250 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 419 start_va = 0x48a0000 end_va = 0x4901fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 420 start_va = 0x49b0000 end_va = 0x49bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 421 start_va = 0x75dd0000 end_va = 0x75ea1fff monitored = 0 entry_point = 0x75e1d9d0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 422 start_va = 0x2300000 end_va = 0x2300fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002300000" filename = "" Region: id = 423 start_va = 0x49c0000 end_va = 0x4aa1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000049c0000" filename = "" Region: id = 424 start_va = 0x2300000 end_va = 0x2303fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002300000" filename = "" Region: id = 425 start_va = 0x2310000 end_va = 0x2310fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002310000" filename = "" Region: id = 426 start_va = 0x2320000 end_va = 0x2323fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002320000" filename = "" Region: id = 427 start_va = 0x2330000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 428 start_va = 0x75f50000 end_va = 0x75f55fff monitored = 0 entry_point = 0x75f514d0 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 429 start_va = 0x739e0000 end_va = 0x73b87fff monitored = 0 entry_point = 0x73a61b70 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 430 start_va = 0x75950000 end_va = 0x75b79fff monitored = 0 entry_point = 0x75b094e0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 431 start_va = 0x6a000000 end_va = 0x6a16ffff monitored = 0 entry_point = 0x6a081390 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 432 start_va = 0x69f60000 end_va = 0x69ff2fff monitored = 0 entry_point = 0x69f76ce0 region_type = mapped_file name = "mscms.dll" filename = "\\Windows\\SysWOW64\\mscms.dll" (normalized: "c:\\windows\\syswow64\\mscms.dll") Region: id = 433 start_va = 0x75280000 end_va = 0x752a4fff monitored = 0 entry_point = 0x75288820 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 434 start_va = 0x69f50000 end_va = 0x69f5bfff monitored = 0 entry_point = 0x69f55b60 region_type = mapped_file name = "coloradapterclient.dll" filename = "\\Windows\\SysWOW64\\coloradapterclient.dll" (normalized: "c:\\windows\\syswow64\\coloradapterclient.dll") Region: id = 435 start_va = 0x2500000 end_va = 0x253ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 436 start_va = 0x4910000 end_va = 0x494ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004910000" filename = "" Region: id = 437 start_va = 0x4950000 end_va = 0x498ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 438 start_va = 0x4ab0000 end_va = 0x4baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ab0000" filename = "" Region: id = 439 start_va = 0x69f10000 end_va = 0x69f4afff monitored = 0 entry_point = 0x69f1df10 region_type = mapped_file name = "windowscodecsext.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecsExt.dll" (normalized: "c:\\windows\\syswow64\\windowscodecsext.dll") Region: id = 440 start_va = 0x69ed0000 end_va = 0x69f0dfff monitored = 0 entry_point = 0x69ed9ae0 region_type = mapped_file name = "icm32.dll" filename = "\\Windows\\SysWOW64\\icm32.dll" (normalized: "c:\\windows\\syswow64\\icm32.dll") Region: id = 441 start_va = 0x4bb0000 end_va = 0x4caffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bb0000" filename = "" Region: id = 442 start_va = 0x69e40000 end_va = 0x69ecbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "presentationframework.aero2.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Presentatioaec034ca#\\47fce836fb35b4d7a6319dad226c54d1\\PresentationFramework.Aero2.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\presentatioaec034ca#\\47fce836fb35b4d7a6319dad226c54d1\\presentationframework.aero2.ni.dll") Region: id = 443 start_va = 0x4990000 end_va = 0x49a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004990000" filename = "" Region: id = 444 start_va = 0x69d60000 end_va = 0x69e38fff monitored = 0 entry_point = 0x69d6fe40 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 445 start_va = 0x69d30000 end_va = 0x69d5afff monitored = 0 entry_point = 0x69d33290 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 446 start_va = 0x69d10000 end_va = 0x69d20fff monitored = 0 entry_point = 0x69d137e0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 447 start_va = 0x766d0000 end_va = 0x76732fff monitored = 0 entry_point = 0x766d4b40 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 448 start_va = 0x72e90000 end_va = 0x72ee1fff monitored = 0 entry_point = 0x72e99e70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 449 start_va = 0x4cb0000 end_va = 0x4deefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 450 start_va = 0x4910000 end_va = 0x494ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004910000" filename = "" Region: id = 451 start_va = 0x4df0000 end_va = 0x4eeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004df0000" filename = "" Region: id = 452 start_va = 0x4950000 end_va = 0x498ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 453 start_va = 0x4ef0000 end_va = 0x4feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ef0000" filename = "" Region: id = 454 start_va = 0x751b0000 end_va = 0x75272fff monitored = 0 entry_point = 0x751f8980 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 455 start_va = 0x72ef0000 end_va = 0x72f01fff monitored = 0 entry_point = 0x72ef4620 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 456 start_va = 0x72e50000 end_va = 0x72e81fff monitored = 0 entry_point = 0x72e5c340 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 457 start_va = 0x769c0000 end_va = 0x769c6fff monitored = 0 entry_point = 0x769c1d30 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 458 start_va = 0x69cf0000 end_va = 0x69d03fff monitored = 0 entry_point = 0x69cf2f20 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 459 start_va = 0x69cd0000 end_va = 0x69ce5fff monitored = 0 entry_point = 0x69cd42f0 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 460 start_va = 0x4ff0000 end_va = 0x502ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ff0000" filename = "" Region: id = 461 start_va = 0x5030000 end_va = 0x512ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005030000" filename = "" Region: id = 462 start_va = 0x5130000 end_va = 0x516ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 463 start_va = 0x5170000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 464 start_va = 0x5270000 end_va = 0x52affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 465 start_va = 0x52b0000 end_va = 0x53affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052b0000" filename = "" Region: id = 466 start_va = 0x53b0000 end_va = 0x53effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053b0000" filename = "" Region: id = 467 start_va = 0x53f0000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 468 start_va = 0x2340000 end_va = 0x2342fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 469 start_va = 0x2540000 end_va = 0x254afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 470 start_va = 0x2340000 end_va = 0x2342fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 471 start_va = 0x2540000 end_va = 0x254afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 472 start_va = 0x2340000 end_va = 0x2340fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 473 start_va = 0x2340000 end_va = 0x2340fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 474 start_va = 0x2340000 end_va = 0x2340fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 475 start_va = 0x71230000 end_va = 0x712bffff monitored = 0 entry_point = 0x71242f70 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 476 start_va = 0x72e40000 end_va = 0x72e47fff monitored = 0 entry_point = 0x72e42220 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 477 start_va = 0x71190000 end_va = 0x71197fff monitored = 0 entry_point = 0x71191960 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 478 start_va = 0x711d0000 end_va = 0x71227fff monitored = 0 entry_point = 0x711e91a0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 479 start_va = 0x2340000 end_va = 0x234ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 480 start_va = 0x70910000 end_va = 0x70919fff monitored = 0 entry_point = 0x70911820 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 481 start_va = 0x73c00000 end_va = 0x73c20fff monitored = 0 entry_point = 0x73c0ca40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 482 start_va = 0x71110000 end_va = 0x71187fff monitored = 0 entry_point = 0x711342d0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 483 start_va = 0x71100000 end_va = 0x7110ffff monitored = 0 entry_point = 0x711031d0 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 484 start_va = 0x710d0000 end_va = 0x710f7fff monitored = 0 entry_point = 0x710e5950 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 485 start_va = 0x710a0000 end_va = 0x710c0fff monitored = 0 entry_point = 0x710a8730 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 486 start_va = 0x71080000 end_va = 0x7109efff monitored = 0 entry_point = 0x71089bf0 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 487 start_va = 0x77b90000 end_va = 0x77c8efff monitored = 0 entry_point = 0x77be54d0 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 488 start_va = 0x71710000 end_va = 0x7171dfff monitored = 0 entry_point = 0x71715690 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 489 start_va = 0x54f0000 end_va = 0x552ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054f0000" filename = "" Region: id = 490 start_va = 0x5530000 end_va = 0x562ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005530000" filename = "" Region: id = 491 start_va = 0x2540000 end_va = 0x2543fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002540000" filename = "" Region: id = 492 start_va = 0x5630000 end_va = 0x566ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005630000" filename = "" Region: id = 493 start_va = 0x5670000 end_va = 0x56affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005670000" filename = "" Region: id = 494 start_va = 0x56b0000 end_va = 0x56b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000056b0000" filename = "" Region: id = 495 start_va = 0x56b0000 end_va = 0x56effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056b0000" filename = "" Region: id = 496 start_va = 0x56f0000 end_va = 0x57effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056f0000" filename = "" Region: id = 497 start_va = 0x57f0000 end_va = 0x582ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 498 start_va = 0x5830000 end_va = 0x586ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005830000" filename = "" Region: id = 499 start_va = 0x69cc0000 end_va = 0x69ccefff monitored = 0 entry_point = 0x69cc2c70 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll") Region: id = 500 start_va = 0x69c70000 end_va = 0x69cb6fff monitored = 0 entry_point = 0x69c88f50 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\SysWOW64\\winsta.dll" (normalized: "c:\\windows\\syswow64\\winsta.dll") Region: id = 501 start_va = 0x73bb0000 end_va = 0x73bf3fff monitored = 0 entry_point = 0x73bb6ed0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 502 start_va = 0x73ba0000 end_va = 0x73bacfff monitored = 0 entry_point = 0x73ba7560 region_type = mapped_file name = "umpdc.dll" filename = "\\Windows\\SysWOW64\\umpdc.dll" (normalized: "c:\\windows\\syswow64\\umpdc.dll") Region: id = 503 start_va = 0x711a0000 end_va = 0x711c3fff monitored = 0 entry_point = 0x711a53d0 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 504 start_va = 0x5870000 end_va = 0x58affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005870000" filename = "" Region: id = 505 start_va = 0x58b0000 end_va = 0x59affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058b0000" filename = "" Region: id = 506 start_va = 0x59b0000 end_va = 0x5aaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059b0000" filename = "" Region: id = 507 start_va = 0x69ae0000 end_va = 0x69c6dfff monitored = 0 entry_point = 0x69b56420 region_type = mapped_file name = "d3d9.dll" filename = "\\Windows\\SysWOW64\\d3d9.dll" (normalized: "c:\\windows\\syswow64\\d3d9.dll") Region: id = 508 start_va = 0x70990000 end_va = 0x70f51fff monitored = 0 entry_point = 0x70e4a210 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\SysWOW64\\d3d10warp.dll" (normalized: "c:\\windows\\syswow64\\d3d10warp.dll") Region: id = 509 start_va = 0x5ab0000 end_va = 0x5ab0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ab0000" filename = "" Region: id = 510 start_va = 0x5ac0000 end_va = 0x5fb1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005ac0000" filename = "" Region: id = 511 start_va = 0x5fc0000 end_va = 0x721ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 512 start_va = 0x69a40000 end_va = 0x69ad4fff monitored = 0 entry_point = 0x69acfe80 region_type = mapped_file name = "textshaping.dll" filename = "\\Windows\\SysWOW64\\TextShaping.dll" (normalized: "c:\\windows\\syswow64\\textshaping.dll") Region: id = 513 start_va = 0x7220000 end_va = 0x7223fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007220000" filename = "" Region: id = 514 start_va = 0x7230000 end_va = 0x723ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007230000" filename = "" Region: id = 515 start_va = 0x7240000 end_va = 0x7240fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007240000" filename = "" Region: id = 516 start_va = 0x77c90000 end_va = 0x77d0dfff monitored = 0 entry_point = 0x77cfbd50 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 517 start_va = 0x57f0000 end_va = 0x57f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000057f0000" filename = "" Region: id = 518 start_va = 0x724b0000 end_va = 0x724e1fff monitored = 0 entry_point = 0x724be240 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\SysWOW64\\DataExchange.dll" (normalized: "c:\\windows\\syswow64\\dataexchange.dll") Region: id = 519 start_va = 0x722d0000 end_va = 0x724affff monitored = 0 entry_point = 0x7234a7a0 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\SysWOW64\\d3d11.dll" (normalized: "c:\\windows\\syswow64\\d3d11.dll") Region: id = 520 start_va = 0x72160000 end_va = 0x722c3fff monitored = 0 entry_point = 0x721ccc80 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\SysWOW64\\dcomp.dll" (normalized: "c:\\windows\\syswow64\\dcomp.dll") Region: id = 521 start_va = 0x724f0000 end_va = 0x725b1fff monitored = 0 entry_point = 0x725239f0 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\SysWOW64\\dxgi.dll" (normalized: "c:\\windows\\syswow64\\dxgi.dll") Region: id = 522 start_va = 0x71fd0000 end_va = 0x7215efff monitored = 0 entry_point = 0x720533a0 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll") Region: id = 523 start_va = 0x7250000 end_va = 0x72cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007250000" filename = "" Region: id = 524 start_va = 0x5800000 end_va = 0x580ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005800000" filename = "" Region: id = 525 start_va = 0x5800000 end_va = 0x580ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005800000" filename = "" Region: id = 526 start_va = 0x72d0000 end_va = 0x76dafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000072d0000" filename = "" Region: id = 527 start_va = 0x5800000 end_va = 0x582ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 528 start_va = 0x5800000 end_va = 0x580ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005800000" filename = "" Region: id = 529 start_va = 0x5810000 end_va = 0x581ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005810000" filename = "" Region: id = 530 start_va = 0x5820000 end_va = 0x582ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005820000" filename = "" Region: id = 531 start_va = 0x76e0000 end_va = 0x7ae5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000076e0000" filename = "" Region: id = 532 start_va = 0x5830000 end_va = 0x5830fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005830000" filename = "" Region: id = 533 start_va = 0x7af0000 end_va = 0x7b36fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000007af0000" filename = "" Region: id = 534 start_va = 0x69a30000 end_va = 0x69a3efff monitored = 0 entry_point = 0x69a342f0 region_type = mapped_file name = "resourcepolicyclient.dll" filename = "\\Windows\\SysWOW64\\ResourcePolicyClient.dll" (normalized: "c:\\windows\\syswow64\\resourcepolicyclient.dll") Region: id = 535 start_va = 0x5830000 end_va = 0x5830fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005830000" filename = "" Region: id = 536 start_va = 0x5840000 end_va = 0x5840fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005840000" filename = "" Region: id = 537 start_va = 0x5850000 end_va = 0x5850fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005850000" filename = "" Region: id = 538 start_va = 0x5860000 end_va = 0x5860fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005860000" filename = "" Region: id = 539 start_va = 0x7b40000 end_va = 0x9b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b40000" filename = "" Region: id = 540 start_va = 0x9b40000 end_va = 0x9b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009b40000" filename = "" Region: id = 541 start_va = 0x9b80000 end_va = 0x9c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009b80000" filename = "" Region: id = 542 start_va = 0x70960000 end_va = 0x7098bfff monitored = 0 entry_point = 0x7097a570 region_type = mapped_file name = "dxcore.dll" filename = "\\Windows\\SysWOW64\\DXCore.dll" (normalized: "c:\\windows\\syswow64\\dxcore.dll") Region: id = 543 start_va = 0x777a0000 end_va = 0x777dafff monitored = 0 entry_point = 0x777ad450 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 544 start_va = 0x9c80000 end_va = 0x9c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 545 start_va = 0xffe30000 end_va = 0xffe3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000ffe30000" filename = "" Region: id = 546 start_va = 0x9c80000 end_va = 0x9e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009c80000" filename = "" Region: id = 547 start_va = 0x9e80000 end_va = 0x9e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e80000" filename = "" Region: id = 548 start_va = 0x9e90000 end_va = 0x9e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e90000" filename = "" Region: id = 549 start_va = 0x9ea0000 end_va = 0x9eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ea0000" filename = "" Region: id = 550 start_va = 0x9eb0000 end_va = 0x9ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009eb0000" filename = "" Region: id = 551 start_va = 0x9ec0000 end_va = 0x9ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ec0000" filename = "" Region: id = 552 start_va = 0x9ea0000 end_va = 0x9eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ea0000" filename = "" Region: id = 553 start_va = 0x9eb0000 end_va = 0x9ebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009eb0000" filename = "" Region: id = 554 start_va = 0x9ea0000 end_va = 0x9f71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ea0000" filename = "" Region: id = 555 start_va = 0x9f80000 end_va = 0x9f9afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009f80000" filename = "" Region: id = 556 start_va = 0x9fb0000 end_va = 0x9fb7fff monitored = 1 entry_point = 0x9fb370e region_type = mapped_file name = "presentationframework-systemxml.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\PresentationFramework-SystemXml\\v4.0_4.0.0.0__b77a5c561934e089\\PresentationFramework-SystemXml.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\presentationframework-systemxml\\v4.0_4.0.0.0__b77a5c561934e089\\presentationframework-systemxml.dll") Region: id = 557 start_va = 0x9fa0000 end_va = 0x9fa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009fa0000" filename = "" Region: id = 558 start_va = 0x70810000 end_va = 0x708c8fff monitored = 0 entry_point = 0x7084fcd0 region_type = mapped_file name = "textinputframework.dll" filename = "\\Windows\\SysWOW64\\TextInputFramework.dll" (normalized: "c:\\windows\\syswow64\\textinputframework.dll") Region: id = 559 start_va = 0x70590000 end_va = 0x7080dfff monitored = 0 entry_point = 0x705ee8f0 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\SysWOW64\\CoreUIComponents.dll" (normalized: "c:\\windows\\syswow64\\coreuicomponents.dll") Region: id = 560 start_va = 0x704f0000 end_va = 0x7058afff monitored = 0 entry_point = 0x70550d90 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\SysWOW64\\CoreMessaging.dll" (normalized: "c:\\windows\\syswow64\\coremessaging.dll") Region: id = 561 start_va = 0x704c0000 end_va = 0x704e8fff monitored = 0 entry_point = 0x704c7e90 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 562 start_va = 0x71ce0000 end_va = 0x71dbcfff monitored = 0 entry_point = 0x71d57530 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 563 start_va = 0x9fc0000 end_va = 0x9fd5fff monitored = 0 entry_point = 0x9fd1c30 region_type = mapped_file name = "msctfui.dll" filename = "\\Windows\\SysWOW64\\msctfui.dll" (normalized: "c:\\windows\\syswow64\\msctfui.dll") Region: id = 564 start_va = 0x69a20000 end_va = 0x69a37fff monitored = 0 entry_point = 0x69a31c30 region_type = mapped_file name = "msctfui.dll" filename = "\\Windows\\SysWOW64\\msctfui.dll" (normalized: "c:\\windows\\syswow64\\msctfui.dll") Region: id = 565 start_va = 0x9fa0000 end_va = 0x9fa0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msctfui.dll.mui" filename = "\\Windows\\System32\\en-US\\msctfui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\msctfui.dll.mui") Region: id = 566 start_va = 0x9fc0000 end_va = 0x9fe7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009fc0000" filename = "" Region: id = 567 start_va = 0xa030000 end_va = 0xa067fff monitored = 1 entry_point = 0xa063c1a region_type = mapped_file name = "uiautomationtypes.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\UIAutomationTypes\\v4.0_4.0.0.0__31bf3856ad364e35\\UIAutomationTypes.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\uiautomationtypes\\v4.0_4.0.0.0__31bf3856ad364e35\\uiautomationtypes.dll") Region: id = 568 start_va = 0xa000000 end_va = 0xa00dfff monitored = 1 entry_point = 0xa00951e region_type = mapped_file name = "uiautomationprovider.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\UIAutomationProvider\\v4.0_4.0.0.0__31bf3856ad364e35\\UIAutomationProvider.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\uiautomationprovider\\v4.0_4.0.0.0__31bf3856ad364e35\\uiautomationprovider.dll") Region: id = 569 start_va = 0x9ff0000 end_va = 0x9ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009ff0000" filename = "" Region: id = 570 start_va = 0x697b0000 end_va = 0x69a1ffff monitored = 0 entry_point = 0x6984b210 region_type = mapped_file name = "uiautomationcore.dll" filename = "\\Windows\\SysWOW64\\UIAutomationCore.dll" (normalized: "c:\\windows\\syswow64\\uiautomationcore.dll") Region: id = 571 start_va = 0x71e80000 end_va = 0x71f41fff monitored = 0 entry_point = 0x71ee09b0 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 572 start_va = 0x9ff0000 end_va = 0x9ff0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000009ff0000" filename = "" Region: id = 573 start_va = 0xa010000 end_va = 0xa01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a010000" filename = "" Region: id = 574 start_va = 0xa010000 end_va = 0xa02afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a010000" filename = "" Region: id = 575 start_va = 0xa070000 end_va = 0xa073fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 576 start_va = 0xa080000 end_va = 0xa0c8fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db") Region: id = 577 start_va = 0xa0d0000 end_va = 0xa0d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 578 start_va = 0xa0e0000 end_va = 0xa17bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 579 start_va = 0xa180000 end_va = 0xa18ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 580 start_va = 0xa190000 end_va = 0xa193fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 581 start_va = 0xa1a0000 end_va = 0xa1b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000006.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000006.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000006.db") Region: id = 582 start_va = 0xa190000 end_va = 0xa190fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a190000" filename = "" Region: id = 583 start_va = 0x71e60000 end_va = 0x71e7afff monitored = 0 entry_point = 0x71e647c0 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 584 start_va = 0xa1c0000 end_va = 0xa1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a1c0000" filename = "" Region: id = 585 start_va = 0xa200000 end_va = 0xa2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a200000" filename = "" Region: id = 586 start_va = 0xa300000 end_va = 0xa301fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a300000" filename = "" Region: id = 587 start_va = 0xa310000 end_va = 0xa34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a310000" filename = "" Region: id = 588 start_va = 0xa350000 end_va = 0xa44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a350000" filename = "" Region: id = 589 start_va = 0x71dc0000 end_va = 0x71e52fff monitored = 0 entry_point = 0x71e3cac0 region_type = mapped_file name = "windows.staterepositoryps.dll" filename = "\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll" (normalized: "c:\\windows\\syswow64\\windows.staterepositoryps.dll") Region: id = 668 start_va = 0xa300000 end_va = 0xa300fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a300000" filename = "" Region: id = 672 start_va = 0x71c70000 end_va = 0x71cdffff monitored = 0 entry_point = 0x71cc7c50 region_type = mapped_file name = "appresolver.dll" filename = "\\Windows\\SysWOW64\\AppResolver.dll" (normalized: "c:\\windows\\syswow64\\appresolver.dll") Region: id = 673 start_va = 0x71c20000 end_va = 0x71c67fff monitored = 0 entry_point = 0x71c3ea70 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\SysWOW64\\BCP47Langs.dll" (normalized: "c:\\windows\\syswow64\\bcp47langs.dll") Region: id = 674 start_va = 0x71c00000 end_va = 0x71c1efff monitored = 0 entry_point = 0x71c02200 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 675 start_va = 0x71be0000 end_va = 0x71bfbfff monitored = 0 entry_point = 0x71be7970 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\SysWOW64\\sppc.dll" (normalized: "c:\\windows\\syswow64\\sppc.dll") Region: id = 676 start_va = 0xa450000 end_va = 0xa453fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.3.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db") Region: id = 677 start_va = 0xa460000 end_va = 0xa471fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001b.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001b.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001b.db") Region: id = 678 start_va = 0xa480000 end_va = 0xa483fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.3.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db") Region: id = 679 start_va = 0xa450000 end_va = 0xa450fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a450000" filename = "" Region: id = 680 start_va = 0x71ba0000 end_va = 0x71bdcfff monitored = 0 entry_point = 0x71bd0280 region_type = mapped_file name = "onecorecommonproxystub.dll" filename = "\\Windows\\SysWOW64\\OneCoreCommonProxyStub.dll" (normalized: "c:\\windows\\syswow64\\onecorecommonproxystub.dll") Region: id = 1208 start_va = 0x71800000 end_va = 0x71b9cfff monitored = 0 entry_point = 0x71b179e0 region_type = mapped_file name = "onecoreuapcommonproxystub.dll" filename = "\\Windows\\SysWOW64\\OneCoreUAPCommonProxyStub.dll" (normalized: "c:\\windows\\syswow64\\onecoreuapcommonproxystub.dll") Region: id = 1209 start_va = 0xffa50000 end_va = 0xffe2cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1236 start_va = 0xa450000 end_va = 0xa48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a450000" filename = "" Region: id = 1237 start_va = 0xa490000 end_va = 0xa58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a490000" filename = "" Region: id = 1238 start_va = 0xa590000 end_va = 0xa593fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a590000" filename = "" Region: id = 1239 start_va = 0xa5a0000 end_va = 0xa5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a5a0000" filename = "" Thread: id = 1 os_tid = 0x29c [0174.412] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0174.719] RoInitialize () returned 0x1 [0174.720] RoUninitialize () returned 0x0 [0187.592] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x7e6dd0 [0187.611] _calloc_base (_Count=0x1, _Size=0x8) returned 0x7e5cf0 [0187.613] RtlInitializeSListHead (in: ListHead=0x7e5cf0 | out: ListHead=0x7e5cf0) [0187.633] malloc (_Size=0x1) returned 0x7e5c70 [0187.645] SetProcessDPIAware () returned 1 [0187.649] GetEnvironmentVariableW (in: lpName="COMPLUS_Version", lpBuffer=0x4fe260, nSize=0x104 | out: lpBuffer="") returned 0x0 [0187.655] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Net Framework Setup\\NDP\\v4\\Client", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe23c | out: phkResult=0x4fe23c*=0x2e8) returned 0x0 [0187.657] RegQueryValueExW (in: hKey=0x2e8, lpValueName="InstallPath", lpReserved=0x0, lpType=0x4fe238, lpData=0x4fe494, lpcbData=0x4fe234*=0x208 | out: lpType=0x4fe238*=0x1, lpData="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpcbData=0x4fe234*=0x5e) returned 0x0 [0187.659] RegCloseKey (hKey=0x2e8) returned 0x0 [0187.674] PathAppendW (in: pszPath="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", pMore="WPF" | out: pszPath="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF") returned 1 [0187.675] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0187.676] GetProcAddress (hModule=0x75ce0000, lpProcName="AddDllDirectory") returned 0x7772d7c0 [0187.677] LoadLibraryExW (lpLibFileName="dwrite.dll", hFile=0x0, dwFlags=0x800) returned 0x725c0000 [0187.693] GetProcAddress (hModule=0x725c0000, lpProcName="DWriteCreateFactory") returned 0x72660700 [0187.695] PathCombineW (in: pszDest=0x4fe268, pszDir="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF", pszFile="wpfgfx_v0400.dll" | out: pszDest="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpfgfx_v0400.dll") returned="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpfgfx_v0400.dll" [0187.696] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\wpfgfx_v0400.dll") returned 0x6abf0000 [0187.900] PathCombineW (in: pszDest=0x4fe268, pszDir="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF", pszFile="PresentationNative_v0400.dll" | out: pszDest="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll") returned="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll" [0187.901] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll") returned 0x6aa90000 [0188.373] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Tracing\\WPF", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fde80 | out: phkResult=0x4fde80*=0x0) returned 0x2 [0188.377] IsDebuggerPresent () returned 0 [0188.766] EtwEventRegister (in: ProviderId=0x257a278, EnableCallback=0x22e05ce, CallbackContext=0x0, RegHandle=0x257a254 | out: RegHandle=0x257a254) returned 0x0 [0188.771] EtwEventSetInformation (RegHandle=0x7df8d0, InformationClass=0x48, EventInformation=0x2, InformationLength=0x257a20c) returned 0x0 [0188.795] EnumerateTraceGuidsEx () returned 0x0 [0188.796] GetCurrentProcessId () returned 0x75c [0188.818] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Winevt\\Publishers\\{6a7dfda1-a101-5a70-eade-2ecfec4034d8}", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe8e4 | out: phkResult=0x4fe8e4*=0x0) returned 0x2 [0188.955] GetCurrentProcessId () returned 0x75c [0188.971] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fece0 | out: phkResult=0x4fece0*=0x324) returned 0x0 [0188.972] RegQueryValueExW (in: hKey=0x324, lpValueName="Release", lpReserved=0x0, lpType=0x4fed00, lpData=0x0, lpcbData=0x4fecfc*=0x0 | out: lpType=0x4fed00*=0x4, lpData=0x0, lpcbData=0x4fecfc*=0x4) returned 0x0 [0188.972] RegQueryValueExW (in: hKey=0x324, lpValueName="Release", lpReserved=0x0, lpType=0x4fed00, lpData=0x4fecec, lpcbData=0x4fecfc*=0x4 | out: lpType=0x4fed00*=0x4, lpData=0x4fecec*=0x80ff4, lpcbData=0x4fecfc*=0x4) returned 0x0 [0189.383] RegisterClipboardFormatW (lpszFormat="DispatcherProcessQueue") returned 0xc150 [0189.410] RegisterClipboardFormatW (lpszFormat="HwndWrapper.GetGCMemMessage") returned 0xc1e4 [0189.412] RegisterClipboardFormatW (lpszFormat="HwndSubclass.DetachMessage") returned 0xc1a1 [0189.413] GetModuleHandleW (lpModuleName="user32.dll") returned 0x769d0000 [0189.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x4fec34, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x0bmiû¹}\x84þ´oPîO", lpUsedDefaultChar=0x0) returned 14 [0189.415] GetProcAddress (hModule=0x769d0000, lpProcName="DefWindowProcW") returned 0x75bb4410 [0189.550] GetStockObject (i=5) returned 0x900015 [0189.550] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0189.552] CoCreateGuid (in: pguid=0x4ff3b4 | out: pguid=0x4ff3b4*(Data1=0x35993f57, Data2=0x2a92, Data3=0x4da7, Data4=([0]=0x85, [1]=0x61, [2]=0xd4, [3]=0x29, [4]=0xd7, [5]=0x6a, [6]=0x5c, [7]=0x3a))) returned 0x0 [0189.559] CoTaskMemAlloc (cb=0x2) returned 0x7e5a00 [0189.559] CoTaskMemAlloc (cb=0x82) returned 0x7ddc90 [0189.559] RegisterClassExW (param_1=0x4ff32c) returned 0xc1e6 [0189.561] CoTaskMemFree (pv=0x7e5a00) [0189.561] CoTaskMemFree (pv=0x7ddc90) [0189.562] CreateWindowExW (dwExStyle=0x0, lpClassName="HwndWrapper[Installer.exe;;35993f57-2a92-4da7-8561-d429d76a5c3a]", lpWindowName="", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x401ee [0189.568] GetEnvironmentVariableW (in: lpName="COMPLUS_Version", lpBuffer=0x4fd8e0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0189.571] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Net Framework Setup\\NDP\\v4\\Client", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fd9c0 | out: phkResult=0x4fd9c0*=0x328) returned 0x0 [0189.574] RegQueryValueExW (in: hKey=0x328, lpValueName="InstallPath", lpReserved=0x0, lpType=0x4fd9dc, lpData=0x0, lpcbData=0x4fd9d8*=0x0 | out: lpType=0x4fd9dc*=0x1, lpData=0x0, lpcbData=0x4fd9d8*=0x5e) returned 0x0 [0189.574] RegQueryValueExW (in: hKey=0x328, lpValueName="InstallPath", lpReserved=0x0, lpType=0x4fd9dc, lpData=0x2582088, lpcbData=0x4fd9d8*=0x5e | out: lpType=0x4fd9dc*=0x1, lpData="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpcbData=0x4fd9d8*=0x5e) returned 0x0 [0189.575] RegCloseKey (hKey=0x328) returned 0x0 [0189.583] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fd280 | out: phkResult=0x4fd280*=0x0) returned 0x2 [0189.583] RegCloseKey (hKey=0x80000002) returned 0x0 [0189.624] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll") returned 0x6aa90000 [0190.277] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", nBufferLength=0x105, lpBuffer=0x4fde78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", lpFilePart=0x0) returned 0x2f [0190.920] GetCurrentProcess () returned 0xffffffff [0190.921] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe1b0 | out: TokenHandle=0x4fe1b0*=0xe8) returned 1 [0190.931] LocalAlloc (uFlags=0x0, uBytes=0x208) returned 0x7f1768 [0190.934] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x104, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0190.939] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x4fe1a8 | out: lpFileInformation=0x4fe1a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca4fcd11, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x4c05a00b, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7b8c0d16, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0190.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0190.943] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x44, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0190.944] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x4fe1b0 | out: lpFileInformation=0x4fe1b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca4fcd11, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x4c05a00b, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7b8c0d16, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0190.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0190.945] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x44, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0190.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4fe0e8) returned 1 [0190.947] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x328 [0190.963] GetFileType (hFile=0x328) returned 0x1 [0190.963] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4fe0e4) returned 1 [0190.963] GetFileType (hFile=0x328) returned 0x1 [0192.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0192.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x44, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0192.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0192.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x44, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0192.394] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4fd6c4) returned 1 [0192.395] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x4fd988 | out: lpFileInformation=0x4fd988*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca4fcd11, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x4c05a00b, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7b8c0d16, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0192.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4fd6c0) returned 1 [0192.477] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x4fd854 | out: pfEnabled=0x4fd854) returned 0x0 [0192.536] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe134 | out: phkResult=0x4fe134*=0x0) returned 0x2 [0192.536] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe134 | out: phkResult=0x4fe134*=0x0) returned 0x2 [0192.541] GetFileSize (in: hFile=0x328, lpFileSizeHigh=0x4fe1a4 | out: lpFileSizeHigh=0x4fe1a4*=0x0) returned 0x8c8e [0192.542] ReadFile (in: hFile=0x328, lpBuffer=0x25ac454, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fe160, lpOverlapped=0x0 | out: lpBuffer=0x25ac454*, lpNumberOfBytesRead=0x4fe160*=0x1000, lpOverlapped=0x0) returned 1 [0192.564] ReadFile (in: hFile=0x328, lpBuffer=0x25ac454, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fe010, lpOverlapped=0x0 | out: lpBuffer=0x25ac454*, lpNumberOfBytesRead=0x4fe010*=0x1000, lpOverlapped=0x0) returned 1 [0192.565] ReadFile (in: hFile=0x328, lpBuffer=0x25ac454, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fdec4, lpOverlapped=0x0 | out: lpBuffer=0x25ac454*, lpNumberOfBytesRead=0x4fdec4*=0x1000, lpOverlapped=0x0) returned 1 [0192.566] ReadFile (in: hFile=0x328, lpBuffer=0x25ac454, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fdec4, lpOverlapped=0x0 | out: lpBuffer=0x25ac454*, lpNumberOfBytesRead=0x4fdec4*=0x1000, lpOverlapped=0x0) returned 1 [0192.566] ReadFile (in: hFile=0x328, lpBuffer=0x25ac454, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fdec4, lpOverlapped=0x0 | out: lpBuffer=0x25ac454*, lpNumberOfBytesRead=0x4fdec4*=0x1000, lpOverlapped=0x0) returned 1 [0192.567] ReadFile (in: hFile=0x328, lpBuffer=0x25ac454, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fddfc, lpOverlapped=0x0 | out: lpBuffer=0x25ac454*, lpNumberOfBytesRead=0x4fddfc*=0x1000, lpOverlapped=0x0) returned 1 [0192.570] ReadFile (in: hFile=0x328, lpBuffer=0x25ac454, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fdf68, lpOverlapped=0x0 | out: lpBuffer=0x25ac454*, lpNumberOfBytesRead=0x4fdf68*=0x1000, lpOverlapped=0x0) returned 1 [0192.572] ReadFile (in: hFile=0x328, lpBuffer=0x25ac454, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fde5c, lpOverlapped=0x0 | out: lpBuffer=0x25ac454*, lpNumberOfBytesRead=0x4fde5c*=0x1000, lpOverlapped=0x0) returned 1 [0192.572] ReadFile (in: hFile=0x328, lpBuffer=0x25ac454, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fde5c, lpOverlapped=0x0 | out: lpBuffer=0x25ac454*, lpNumberOfBytesRead=0x4fde5c*=0xc8e, lpOverlapped=0x0) returned 1 [0192.573] ReadFile (in: hFile=0x328, lpBuffer=0x25ac454, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fdf20, lpOverlapped=0x0 | out: lpBuffer=0x25ac454*, lpNumberOfBytesRead=0x4fdf20*=0x0, lpOverlapped=0x0) returned 1 [0192.573] CloseHandle (hObject=0x328) returned 1 [0192.574] CloseHandle (hObject=0xe8) returned 1 [0192.575] GetCurrentProcess () returned 0xffffffff [0192.575] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe2fc | out: TokenHandle=0x4fe2fc*=0xe8) returned 1 [0192.575] CloseHandle (hObject=0xe8) returned 1 [0192.576] GetCurrentProcess () returned 0xffffffff [0192.576] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe2fc | out: TokenHandle=0x4fe2fc*=0xe8) returned 1 [0192.576] CloseHandle (hObject=0xe8) returned 1 [0192.583] GetCurrentProcess () returned 0xffffffff [0192.584] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe1b0 | out: TokenHandle=0x4fe1b0*=0xe8) returned 1 [0192.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x4fe1a8 | out: lpFileInformation=0x4fe1a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0192.584] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x30 [0192.585] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", nBufferLength=0x30, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", lpFilePart=0x0) returned 0x2f [0192.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x4fe1b0 | out: lpFileInformation=0x4fe1b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0192.585] CloseHandle (hObject=0xe8) returned 1 [0192.586] GetCurrentProcess () returned 0xffffffff [0192.586] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe2fc | out: TokenHandle=0x4fe2fc*=0xe8) returned 1 [0192.586] CloseHandle (hObject=0xe8) returned 1 [0192.587] GetCurrentProcess () returned 0xffffffff [0192.587] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe2fc | out: TokenHandle=0x4fe2fc*=0xe8) returned 1 [0192.588] CloseHandle (hObject=0xe8) returned 1 [0192.598] GetCurrentProcess () returned 0xffffffff [0192.598] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe114 | out: TokenHandle=0x4fe114*=0xe8) returned 1 [0192.603] CloseHandle (hObject=0xe8) returned 1 [0192.604] GetCurrentProcess () returned 0xffffffff [0192.604] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe12c | out: TokenHandle=0x4fe12c*=0xe8) returned 1 [0192.610] CloseHandle (hObject=0xe8) returned 1 [0192.616] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Avalon.Packaging", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe40c | out: phkResult=0x4fe40c*=0x0) returned 0x2 [0192.617] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0x24, wParam=0x0, lParam=0x4fee54) returned 0x0 [0192.617] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0x24, wParam=0x0, lParam=0x4fee54) returned 0x0 [0192.617] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0x81, wParam=0x0, lParam=0x4fee48) returned 0x1 [0192.617] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0x81, wParam=0x0, lParam=0x4fee48) returned 0x1 [0192.619] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0x83, wParam=0x0, lParam=0x4fee34) returned 0x0 [0192.619] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0x83, wParam=0x0, lParam=0x4fee34) returned 0x0 [0192.620] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0x1, wParam=0x0, lParam=0x4fee48) returned 0x0 [0192.620] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0x1, wParam=0x0, lParam=0x4fee48) returned 0x0 [0192.670] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Avalon.Graphics", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fece4 | out: phkResult=0x4fece4*=0xe8) returned 0x0 [0192.671] RegQueryValueExW (in: hKey=0xe8, lpValueName="ClassicETW", lpReserved=0x0, lpType=0x4fed00, lpData=0x0, lpcbData=0x4fecfc*=0x0 | out: lpType=0x4fed00*=0x0, lpData=0x0, lpcbData=0x4fecfc*=0x0) returned 0x2 [0192.671] RegCloseKey (hKey=0xe8) returned 0x0 [0192.677] EtwEventRegister (in: ProviderId=0x4fed9c, EnableCallback=0x22e079e, CallbackContext=0x0, RegHandle=0x4fed84 | out: RegHandle=0x4fed84) returned 0x0 [0192.704] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0193.020] EtwEventRegister (in: ProviderId=0x25cb04c, EnableCallback=0x22e07c6, CallbackContext=0x0, RegHandle=0x25cb028 | out: RegHandle=0x25cb028) returned 0x0 [0193.021] EtwEventSetInformation (RegHandle=0x7e0f98, InformationClass=0x62, EventInformation=0x2, InformationLength=0x25cafec) returned 0x0 [0193.025] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", nBufferLength=0x105, lpBuffer=0x4feca8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", lpFilePart=0x0) returned 0x2f [0193.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4feef0) returned 1 [0193.026] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x4ff1b4 | out: lpFileInformation=0x4ff1b4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0193.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4feeec) returned 1 [0193.236] IsDebuggerPresent () returned 0 [0193.515] GetEnvironmentVariableW (in: lpName="ENABLE_XAML_DIAGNOSTICS_SOURCE_INFO", lpBuffer=0x4fe9e8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0193.705] IsDebuggerPresent () returned 0 [0193.715] GetEnvironmentVariableW (in: lpName="ENABLE_XAML_DIAGNOSTICS_SOURCE_INFO", lpBuffer=0x4fe934, nSize=0x80 | out: lpBuffer="") returned 0x0 [0193.770] GetStockObject (i=5) returned 0x900015 [0193.770] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0193.770] CoCreateGuid (in: pguid=0x4ff3dc | out: pguid=0x4ff3dc*(Data1=0xe4394c8a, Data2=0xdf18, Data3=0x4376, Data4=([0]=0x94, [1]=0x9e, [2]=0xfe, [3]=0xfe, [4]=0x3d, [5]=0x37, [6]=0x75, [7]=0x7f))) returned 0x0 [0193.771] CoTaskMemAlloc (cb=0x2) returned 0x7f1ce8 [0193.771] CoTaskMemAlloc (cb=0x82) returned 0x7dea10 [0193.771] RegisterClassExW (param_1=0x4ff354) returned 0xc1e7 [0193.772] CoTaskMemFree (pv=0x7f1ce8) [0193.772] CoTaskMemFree (pv=0x7dea10) [0193.772] CreateWindowExW (dwExStyle=0x0, lpClassName="HwndWrapper[Installer.exe;;e4394c8a-df18-4376-949e-fefe3d37757f]", lpWindowName="", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x601f4 [0193.804] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601f4, Msg=0x24, wParam=0x0, lParam=0x4fee7c) returned 0x0 [0193.805] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601f4, Msg=0x24, wParam=0x0, lParam=0x4fee7c) returned 0x0 [0193.805] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601f4, Msg=0x81, wParam=0x0, lParam=0x4fee70) returned 0x1 [0193.805] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601f4, Msg=0x81, wParam=0x0, lParam=0x4fee70) returned 0x1 [0193.821] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601f4, Msg=0x83, wParam=0x0, lParam=0x4fee5c) returned 0x0 [0193.821] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601f4, Msg=0x83, wParam=0x0, lParam=0x4fee5c) returned 0x0 [0193.831] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601f4, Msg=0x1, wParam=0x0, lParam=0x4fee70) returned 0x0 [0193.831] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601f4, Msg=0x1, wParam=0x0, lParam=0x4fee70) returned 0x0 [0193.837] GetMessageW (in: lpMsg=0x4ff464, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4ff464) returned 1 [0193.840] TranslateMessage (lpMsg=0x4ff464) returned 0 [0193.841] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0193.841] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x0 [0193.841] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0193.861] EtwEventRegister (in: ProviderId=0x25dec8c, EnableCallback=0x22e083e, CallbackContext=0x0, RegHandle=0x25dec68 | out: RegHandle=0x25dec68) returned 0x0 [0193.862] EtwEventSetInformation (RegHandle=0x7e1148, InformationClass=0x66, EventInformation=0x2, InformationLength=0x25dec38) returned 0x0 [0193.862] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0193.862] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0193.862] GetMessageW (in: lpMsg=0x4ff464, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4ff464) returned 1 [0193.862] TranslateMessage (lpMsg=0x4ff464) returned 0 [0193.862] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0193.862] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601f4, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0193.862] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601f4, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0193.862] GetMessageW (in: lpMsg=0x4ff464, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4ff464) returned 1 [0193.863] TranslateMessage (lpMsg=0x4ff464) returned 0 [0193.863] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0193.863] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0194.048] GetSystemMetrics (nIndex=82) returned 1 [0194.278] SystemParametersInfoW (in: uiAction=0x66, uiParam=0x0, pvParam=0x628de0, fWinIni=0x0 | out: pvParam=0x628de0) returned 1 [0194.399] SystemParametersInfoW (in: uiAction=0x29, uiParam=0x1f4, pvParam=0x4fcde0, fWinIni=0x0 | out: pvParam=0x4fcde0) returned 1 [0194.408] GetEnvironmentVariableW (in: lpName="windir", lpBuffer=0x4fc788, nSize=0x80 | out: lpBuffer="") returned 0xa [0194.409] GetDC (hWnd=0x0) returned 0x1e0106ec [0194.424] GetDeviceCaps (hdc=0x1e0106ec, index=90) returned 96 [0194.424] ReleaseDC (hWnd=0x0, hDC=0x1e0106ec) returned 1 [0194.480] GetSysColor (nIndex=18) returned 0x0 [0194.482] SystemParametersInfoW (in: uiAction=0x100a, uiParam=0x0, pvParam=0x4fd2d0, fWinIni=0x0 | out: pvParam=0x4fd2d0) returned 1 [0194.484] RegisterClipboardFormatW (lpszFormat="TaskbarButtonCreated") returned 0xc0a7 [0194.484] RegisterClipboardFormatW (lpszFormat="WPF_ApplyTaskbarItemInfo") returned 0xc1e8 [0194.504] GetSystemMetrics (nIndex=36) returned 4 [0194.504] GetSystemMetrics (nIndex=37) returned 4 [0194.505] GetDoubleClickTime () returned 0x1f4 [0194.971] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", nBufferLength=0x105, lpBuffer=0x4fdef4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", lpFilePart=0x0) returned 0x2f [0194.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2f [0194.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x2f, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0194.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0194.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x44, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0194.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0194.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x44, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0194.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4fe0b4) returned 1 [0194.982] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x4fe378 | out: lpFileInformation=0x4fe378*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca4fcd11, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x568ca9ae, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7b8c0d16, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0194.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4fe0b0) returned 1 [0194.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0194.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x44, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0194.984] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4fe2d8) returned 1 [0194.984] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3cc [0194.984] GetFileType (hFile=0x3cc) returned 0x1 [0194.984] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4fe2d4) returned 1 [0194.984] GetFileType (hFile=0x3cc) returned 0x1 [0194.986] GetFileSize (in: hFile=0x3cc, lpFileSizeHigh=0x4fe304 | out: lpFileSizeHigh=0x4fe304*=0x0) returned 0x8c8e [0194.987] ReadFile (in: hFile=0x3cc, lpBuffer=0x2615b28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fe2c0, lpOverlapped=0x0 | out: lpBuffer=0x2615b28*, lpNumberOfBytesRead=0x4fe2c0*=0x1000, lpOverlapped=0x0) returned 1 [0194.991] ReadFile (in: hFile=0x3cc, lpBuffer=0x2615b28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fe274, lpOverlapped=0x0 | out: lpBuffer=0x2615b28*, lpNumberOfBytesRead=0x4fe274*=0x1000, lpOverlapped=0x0) returned 1 [0194.991] ReadFile (in: hFile=0x3cc, lpBuffer=0x2615b28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fe1f0, lpOverlapped=0x0 | out: lpBuffer=0x2615b28*, lpNumberOfBytesRead=0x4fe1f0*=0x1000, lpOverlapped=0x0) returned 1 [0194.992] ReadFile (in: hFile=0x3cc, lpBuffer=0x2615b28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fe1f0, lpOverlapped=0x0 | out: lpBuffer=0x2615b28*, lpNumberOfBytesRead=0x4fe1f0*=0x1000, lpOverlapped=0x0) returned 1 [0194.992] ReadFile (in: hFile=0x3cc, lpBuffer=0x2615b28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fe1f0, lpOverlapped=0x0 | out: lpBuffer=0x2615b28*, lpNumberOfBytesRead=0x4fe1f0*=0x1000, lpOverlapped=0x0) returned 1 [0194.992] ReadFile (in: hFile=0x3cc, lpBuffer=0x2615b28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fe1f0, lpOverlapped=0x0 | out: lpBuffer=0x2615b28*, lpNumberOfBytesRead=0x4fe1f0*=0x1000, lpOverlapped=0x0) returned 1 [0194.992] ReadFile (in: hFile=0x3cc, lpBuffer=0x2615b28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fe270, lpOverlapped=0x0 | out: lpBuffer=0x2615b28*, lpNumberOfBytesRead=0x4fe270*=0x1000, lpOverlapped=0x0) returned 1 [0194.993] ReadFile (in: hFile=0x3cc, lpBuffer=0x2615b28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fe1f0, lpOverlapped=0x0 | out: lpBuffer=0x2615b28*, lpNumberOfBytesRead=0x4fe1f0*=0x1000, lpOverlapped=0x0) returned 1 [0194.993] ReadFile (in: hFile=0x3cc, lpBuffer=0x2615b28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fe1f0, lpOverlapped=0x0 | out: lpBuffer=0x2615b28*, lpNumberOfBytesRead=0x4fe1f0*=0xc8e, lpOverlapped=0x0) returned 1 [0194.993] ReadFile (in: hFile=0x3cc, lpBuffer=0x2615b28, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x4fe29c, lpOverlapped=0x0 | out: lpBuffer=0x2615b28*, lpNumberOfBytesRead=0x4fe29c*=0x0, lpOverlapped=0x0) returned 1 [0194.994] CloseHandle (hObject=0x3cc) returned 1 [0194.995] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x30 [0194.995] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", nBufferLength=0x30, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", lpFilePart=0x0) returned 0x2f [0194.995] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x30 [0194.995] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", nBufferLength=0x30, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config", lpFilePart=0x0) returned 0x2f [0194.995] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4fe0b0) returned 1 [0194.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe.config" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x4fe374 | out: lpFileInformation=0x4fe374*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0194.996] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4fe0ac) returned 1 [0195.005] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework\\Windows Presentation Foundation\\Features", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe414 | out: phkResult=0x4fe414*=0x0) returned 0x2 [0195.037] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3cc [0195.038] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3d0 [0195.048] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fd32c | out: phkResult=0x4fd32c*=0x3d4) returned 0x0 [0195.049] RegQueryValueExW (in: hKey=0x3d4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x4fd34c, lpData=0x0, lpcbData=0x4fd348*=0x0 | out: lpType=0x4fd34c*=0x1, lpData=0x0, lpcbData=0x4fd348*=0xe) returned 0x0 [0195.049] RegQueryValueExW (in: hKey=0x3d4, lpValueName="InstallationType", lpReserved=0x0, lpType=0x4fd34c, lpData=0x261f008, lpcbData=0x4fd348*=0xe | out: lpType=0x4fd34c*=0x1, lpData="Client", lpcbData=0x4fd348*=0xe) returned 0x0 [0195.049] RegCloseKey (hKey=0x3d4) returned 0x0 [0195.074] GetCurrentProcess () returned 0xffffffff [0195.074] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fcf80 | out: TokenHandle=0x4fcf80*=0x3d4) returned 1 [0195.095] CloseHandle (hObject=0x3d4) returned 1 [0195.095] GetCurrentProcess () returned 0xffffffff [0195.095] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fcf98 | out: TokenHandle=0x4fcf98*=0x3d4) returned 1 [0195.096] CloseHandle (hObject=0x3d4) returned 1 [0195.113] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f4 | out: phkResult=0x4fe0f4*=0x3d4) returned 0x0 [0195.113] RegQueryValueExW (in: hKey=0x3d4, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x4fe110, lpData=0x0, lpcbData=0x4fe10c*=0x0 | out: lpType=0x4fe110*=0x0, lpData=0x0, lpcbData=0x4fe10c*=0x0) returned 0x2 [0195.114] RegCloseKey (hKey=0x3d4) returned 0x0 [0195.119] GetCurrentProcessId () returned 0x75c [0195.159] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x4fd994 | out: lpLuid=0x4fd994*(LowPart=0x14, HighPart=0)) returned 1 [0195.162] GetCurrentProcess () returned 0xffffffff [0195.163] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x4fd990 | out: TokenHandle=0x4fd990*=0x3dc) returned 1 [0195.164] AdjustTokenPrivileges (in: TokenHandle=0x3dc, DisableAllPrivileges=0, NewState=0x26233bc*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0195.164] CloseHandle (hObject=0x3dc) returned 1 [0195.166] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x75c) returned 0x3dc [0195.180] EnumProcessModules (in: hProcess=0x3dc, lphModule=0x2623400, cb=0x100, lpcbNeeded=0x4fe100 | out: lphModule=0x2623400, lpcbNeeded=0x4fe100) returned 1 [0195.183] GetModuleInformation (in: hProcess=0x3dc, hModule=0x10000, lpmodinfo=0x2623540, cb=0xc | out: lpmodinfo=0x2623540*(lpBaseOfDll=0x10000, SizeOfImage=0x74000, EntryPoint=0x0)) returned 1 [0195.183] CoTaskMemAlloc (cb=0x804) returned 0x803e28 [0195.183] GetModuleBaseNameW (in: hProcess=0x3dc, hModule=0x10000, lpBaseName=0x803e28, nSize=0x800 | out: lpBaseName="Installer.exe") returned 0xd [0195.186] CoTaskMemFree (pv=0x803e28) [0195.186] CoTaskMemAlloc (cb=0x804) returned 0x803e28 [0195.186] GetModuleFileNameExW (in: hProcess=0x3dc, hModule=0x10000, lpFilename=0x803e28, nSize=0x800 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe")) returned 0x28 [0195.187] CoTaskMemFree (pv=0x803e28) [0195.187] CloseHandle (hObject=0x3dc) returned 1 [0195.188] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0195.188] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x29, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", lpFilePart=0x0) returned 0x28 [0195.188] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x0) returned 0x2 [0195.189] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x3dc) returned 0x0 [0195.189] RegQueryValueExW (in: hKey=0x3dc, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x4fe114, lpData=0x0, lpcbData=0x4fe110*=0x0 | out: lpType=0x4fe114*=0x0, lpData=0x0, lpcbData=0x4fe110*=0x0) returned 0x2 [0195.189] RegCloseKey (hKey=0x3dc) returned 0x0 [0195.190] GetCurrentProcessId () returned 0x75c [0195.190] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x75c) returned 0x3dc [0195.190] EnumProcessModules (in: hProcess=0x3dc, lphModule=0x2625e2c, cb=0x100, lpcbNeeded=0x4fe100 | out: lphModule=0x2625e2c, lpcbNeeded=0x4fe100) returned 1 [0195.191] GetModuleInformation (in: hProcess=0x3dc, hModule=0x10000, lpmodinfo=0x2625f6c, cb=0xc | out: lpmodinfo=0x2625f6c*(lpBaseOfDll=0x10000, SizeOfImage=0x74000, EntryPoint=0x0)) returned 1 [0195.192] CoTaskMemAlloc (cb=0x804) returned 0x803e28 [0195.192] GetModuleBaseNameW (in: hProcess=0x3dc, hModule=0x10000, lpBaseName=0x803e28, nSize=0x800 | out: lpBaseName="Installer.exe") returned 0xd [0195.192] CoTaskMemFree (pv=0x803e28) [0195.192] CoTaskMemAlloc (cb=0x804) returned 0x803e28 [0195.192] GetModuleFileNameExW (in: hProcess=0x3dc, hModule=0x10000, lpFilename=0x803e28, nSize=0x800 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe")) returned 0x28 [0195.193] CoTaskMemFree (pv=0x803e28) [0195.193] CloseHandle (hObject=0x3dc) returned 1 [0195.193] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0195.193] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x29, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", lpFilePart=0x0) returned 0x28 [0195.193] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x0) returned 0x2 [0195.194] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x3dc) returned 0x0 [0195.194] RegQueryValueExW (in: hKey=0x3dc, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x4fe114, lpData=0x0, lpcbData=0x4fe110*=0x0 | out: lpType=0x4fe114*=0x0, lpData=0x0, lpcbData=0x4fe110*=0x0) returned 0x2 [0195.194] RegCloseKey (hKey=0x3dc) returned 0x0 [0195.195] GetCurrentProcessId () returned 0x75c [0195.195] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x75c) returned 0x3dc [0195.195] EnumProcessModules (in: hProcess=0x3dc, lphModule=0x2628868, cb=0x100, lpcbNeeded=0x4fe100 | out: lphModule=0x2628868, lpcbNeeded=0x4fe100) returned 1 [0195.196] GetModuleInformation (in: hProcess=0x3dc, hModule=0x10000, lpmodinfo=0x26289a8, cb=0xc | out: lpmodinfo=0x26289a8*(lpBaseOfDll=0x10000, SizeOfImage=0x74000, EntryPoint=0x0)) returned 1 [0195.196] CoTaskMemAlloc (cb=0x804) returned 0x803e28 [0195.196] GetModuleBaseNameW (in: hProcess=0x3dc, hModule=0x10000, lpBaseName=0x803e28, nSize=0x800 | out: lpBaseName="Installer.exe") returned 0xd [0195.196] CoTaskMemFree (pv=0x803e28) [0195.197] CoTaskMemAlloc (cb=0x804) returned 0x803e28 [0195.197] GetModuleFileNameExW (in: hProcess=0x3dc, hModule=0x10000, lpFilename=0x803e28, nSize=0x800 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe")) returned 0x28 [0195.197] CoTaskMemFree (pv=0x803e28) [0195.197] CloseHandle (hObject=0x3dc) returned 1 [0195.197] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0195.197] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x29, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", lpFilePart=0x0) returned 0x28 [0195.198] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x0) returned 0x2 [0195.198] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x3dc) returned 0x0 [0195.198] RegQueryValueExW (in: hKey=0x3dc, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x4fe114, lpData=0x0, lpcbData=0x4fe110*=0x0 | out: lpType=0x4fe114*=0x0, lpData=0x0, lpcbData=0x4fe110*=0x0) returned 0x2 [0195.198] RegCloseKey (hKey=0x3dc) returned 0x0 [0195.199] GetCurrentProcessId () returned 0x75c [0195.199] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x75c) returned 0x3dc [0195.199] EnumProcessModules (in: hProcess=0x3dc, lphModule=0x262b278, cb=0x100, lpcbNeeded=0x4fe100 | out: lphModule=0x262b278, lpcbNeeded=0x4fe100) returned 1 [0195.204] GetModuleInformation (in: hProcess=0x3dc, hModule=0x10000, lpmodinfo=0x262b3b8, cb=0xc | out: lpmodinfo=0x262b3b8*(lpBaseOfDll=0x10000, SizeOfImage=0x74000, EntryPoint=0x0)) returned 1 [0195.204] CoTaskMemAlloc (cb=0x804) returned 0x803e28 [0195.204] GetModuleBaseNameW (in: hProcess=0x3dc, hModule=0x10000, lpBaseName=0x803e28, nSize=0x800 | out: lpBaseName="Installer.exe") returned 0xd [0195.205] CoTaskMemFree (pv=0x803e28) [0195.205] CoTaskMemAlloc (cb=0x804) returned 0x803e28 [0195.205] GetModuleFileNameExW (in: hProcess=0x3dc, hModule=0x10000, lpFilename=0x803e28, nSize=0x800 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe")) returned 0x28 [0195.205] CoTaskMemFree (pv=0x803e28) [0195.205] CloseHandle (hObject=0x3dc) returned 1 [0195.205] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0195.205] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x29, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", lpFilePart=0x0) returned 0x28 [0195.206] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x0) returned 0x2 [0195.206] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x3dc) returned 0x0 [0195.207] RegQueryValueExW (in: hKey=0x3dc, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x4fe114, lpData=0x0, lpcbData=0x4fe110*=0x0 | out: lpType=0x4fe114*=0x0, lpData=0x0, lpcbData=0x4fe110*=0x0) returned 0x2 [0195.207] RegCloseKey (hKey=0x3dc) returned 0x0 [0195.207] GetCurrentProcessId () returned 0x75c [0195.207] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x75c) returned 0x3dc [0195.207] EnumProcessModules (in: hProcess=0x3dc, lphModule=0x262dc08, cb=0x100, lpcbNeeded=0x4fe100 | out: lphModule=0x262dc08, lpcbNeeded=0x4fe100) returned 1 [0195.209] GetModuleInformation (in: hProcess=0x3dc, hModule=0x10000, lpmodinfo=0x262dd48, cb=0xc | out: lpmodinfo=0x262dd48*(lpBaseOfDll=0x10000, SizeOfImage=0x74000, EntryPoint=0x0)) returned 1 [0195.209] CoTaskMemAlloc (cb=0x804) returned 0x803e28 [0195.209] GetModuleBaseNameW (in: hProcess=0x3dc, hModule=0x10000, lpBaseName=0x803e28, nSize=0x800 | out: lpBaseName="Installer.exe") returned 0xd [0195.209] CoTaskMemFree (pv=0x803e28) [0195.209] CoTaskMemAlloc (cb=0x804) returned 0x803e28 [0195.209] GetModuleFileNameExW (in: hProcess=0x3dc, hModule=0x10000, lpFilename=0x803e28, nSize=0x800 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe")) returned 0x28 [0195.210] CoTaskMemFree (pv=0x803e28) [0195.210] CloseHandle (hObject=0x3dc) returned 1 [0195.210] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0195.210] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x29, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", lpFilePart=0x0) returned 0x28 [0195.211] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x0) returned 0x2 [0195.211] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x3dc) returned 0x0 [0195.211] RegQueryValueExW (in: hKey=0x3dc, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x4fe114, lpData=0x0, lpcbData=0x4fe110*=0x0 | out: lpType=0x4fe114*=0x0, lpData=0x0, lpcbData=0x4fe110*=0x0) returned 0x2 [0195.211] RegCloseKey (hKey=0x3dc) returned 0x0 [0195.212] GetCurrentProcessId () returned 0x75c [0195.212] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x75c) returned 0x3dc [0195.212] EnumProcessModules (in: hProcess=0x3dc, lphModule=0x2630588, cb=0x100, lpcbNeeded=0x4fe100 | out: lphModule=0x2630588, lpcbNeeded=0x4fe100) returned 1 [0195.213] GetModuleInformation (in: hProcess=0x3dc, hModule=0x10000, lpmodinfo=0x26306c8, cb=0xc | out: lpmodinfo=0x26306c8*(lpBaseOfDll=0x10000, SizeOfImage=0x74000, EntryPoint=0x0)) returned 1 [0195.213] CoTaskMemAlloc (cb=0x804) returned 0x807090 [0195.213] GetModuleBaseNameW (in: hProcess=0x3dc, hModule=0x10000, lpBaseName=0x807090, nSize=0x800 | out: lpBaseName="Installer.exe") returned 0xd [0195.214] CoTaskMemFree (pv=0x807090) [0195.214] CoTaskMemAlloc (cb=0x804) returned 0x807090 [0195.214] GetModuleFileNameExW (in: hProcess=0x3dc, hModule=0x10000, lpFilename=0x807090, nSize=0x800 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe")) returned 0x28 [0195.215] CoTaskMemFree (pv=0x807090) [0195.215] CloseHandle (hObject=0x3dc) returned 1 [0195.215] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0195.215] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x29, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", lpFilePart=0x0) returned 0x28 [0195.215] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x0) returned 0x2 [0195.224] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x3dc) returned 0x0 [0195.224] RegQueryValueExW (in: hKey=0x3dc, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x4fe114, lpData=0x0, lpcbData=0x4fe110*=0x0 | out: lpType=0x4fe114*=0x0, lpData=0x0, lpcbData=0x4fe110*=0x0) returned 0x2 [0195.224] RegCloseKey (hKey=0x3dc) returned 0x0 [0195.225] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x3dc) returned 0x0 [0195.225] RegQueryValueExW (in: hKey=0x3dc, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x4fe114, lpData=0x0, lpcbData=0x4fe110*=0x0 | out: lpType=0x4fe114*=0x4, lpData=0x0, lpcbData=0x4fe110*=0x4) returned 0x0 [0195.225] RegQueryValueExW (in: hKey=0x3dc, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x4fe114, lpData=0x4fe100, lpcbData=0x4fe110*=0x4 | out: lpType=0x4fe114*=0x4, lpData=0x4fe100*=0x1, lpcbData=0x4fe110*=0x4) returned 0x0 [0195.227] RegQueryValueExW (in: hKey=0x3dc, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x4fe14c, lpData=0x0, lpcbData=0x4fe148*=0x0 | out: lpType=0x4fe14c*=0x4, lpData=0x0, lpcbData=0x4fe148*=0x4) returned 0x0 [0195.229] RegCloseKey (hKey=0x3dc) returned 0x0 [0195.231] GetCurrentProcessId () returned 0x75c [0195.231] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x75c) returned 0x3dc [0195.231] EnumProcessModules (in: hProcess=0x3dc, lphModule=0x26332fc, cb=0x100, lpcbNeeded=0x4fe0fc | out: lphModule=0x26332fc, lpcbNeeded=0x4fe0fc) returned 1 [0195.233] GetModuleInformation (in: hProcess=0x3dc, hModule=0x10000, lpmodinfo=0x263343c, cb=0xc | out: lpmodinfo=0x263343c*(lpBaseOfDll=0x10000, SizeOfImage=0x74000, EntryPoint=0x0)) returned 1 [0195.233] CoTaskMemAlloc (cb=0x804) returned 0x807090 [0195.233] GetModuleBaseNameW (in: hProcess=0x3dc, hModule=0x10000, lpBaseName=0x807090, nSize=0x800 | out: lpBaseName="Installer.exe") returned 0xd [0195.233] CoTaskMemFree (pv=0x807090) [0195.233] CoTaskMemAlloc (cb=0x804) returned 0x807090 [0195.234] GetModuleFileNameExW (in: hProcess=0x3dc, hModule=0x10000, lpFilename=0x807090, nSize=0x800 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe")) returned 0x28 [0195.234] CoTaskMemFree (pv=0x807090) [0195.234] CloseHandle (hObject=0x3dc) returned 1 [0195.234] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0195.234] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x29, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", lpFilePart=0x0) returned 0x28 [0195.234] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f4 | out: phkResult=0x4fe0f4*=0x0) returned 0x2 [0195.235] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f4 | out: phkResult=0x4fe0f4*=0x3dc) returned 0x0 [0195.235] RegQueryValueExW (in: hKey=0x3dc, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x4fe110, lpData=0x0, lpcbData=0x4fe10c*=0x0 | out: lpType=0x4fe110*=0x0, lpData=0x0, lpcbData=0x4fe10c*=0x0) returned 0x2 [0195.235] RegCloseKey (hKey=0x3dc) returned 0x0 [0195.236] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x3dc) returned 0x0 [0195.236] RegQueryValueExW (in: hKey=0x3dc, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x4fe114, lpData=0x0, lpcbData=0x4fe110*=0x0 | out: lpType=0x4fe114*=0x4, lpData=0x0, lpcbData=0x4fe110*=0x4) returned 0x0 [0195.236] RegQueryValueExW (in: hKey=0x3dc, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x4fe114, lpData=0x4fe100, lpcbData=0x4fe110*=0x4 | out: lpType=0x4fe114*=0x4, lpData=0x4fe100*=0x1, lpcbData=0x4fe110*=0x4) returned 0x0 [0195.236] RegQueryValueExW (in: hKey=0x3dc, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x4fe14c, lpData=0x0, lpcbData=0x4fe148*=0x0 | out: lpType=0x4fe14c*=0x4, lpData=0x0, lpcbData=0x4fe148*=0x4) returned 0x0 [0195.236] RegCloseKey (hKey=0x3dc) returned 0x0 [0195.237] GetCurrentProcessId () returned 0x75c [0195.237] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x75c) returned 0x3dc [0195.237] EnumProcessModules (in: hProcess=0x3dc, lphModule=0x2636240, cb=0x100, lpcbNeeded=0x4fe100 | out: lphModule=0x2636240, lpcbNeeded=0x4fe100) returned 1 [0195.238] GetModuleInformation (in: hProcess=0x3dc, hModule=0x10000, lpmodinfo=0x2636380, cb=0xc | out: lpmodinfo=0x2636380*(lpBaseOfDll=0x10000, SizeOfImage=0x74000, EntryPoint=0x0)) returned 1 [0195.239] CoTaskMemAlloc (cb=0x804) returned 0x807090 [0195.239] GetModuleBaseNameW (in: hProcess=0x3dc, hModule=0x10000, lpBaseName=0x807090, nSize=0x800 | out: lpBaseName="Installer.exe") returned 0xd [0195.239] CoTaskMemFree (pv=0x807090) [0195.239] CoTaskMemAlloc (cb=0x804) returned 0x807090 [0195.239] GetModuleFileNameExW (in: hProcess=0x3dc, hModule=0x10000, lpFilename=0x807090, nSize=0x800 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe")) returned 0x28 [0195.239] CoTaskMemFree (pv=0x807090) [0195.239] CloseHandle (hObject=0x3dc) returned 1 [0195.240] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0195.240] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x29, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", lpFilePart=0x0) returned 0x28 [0195.240] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SystemDefaultTlsVersions", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f8 | out: phkResult=0x4fe0f8*=0x0) returned 0x2 [0195.241] GetCurrentProcessId () returned 0x75c [0195.241] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x75c) returned 0x3dc [0195.241] EnumProcessModules (in: hProcess=0x3dc, lphModule=0x2638a34, cb=0x100, lpcbNeeded=0x4fe0fc | out: lphModule=0x2638a34, lpcbNeeded=0x4fe0fc) returned 1 [0195.243] GetModuleInformation (in: hProcess=0x3dc, hModule=0x10000, lpmodinfo=0x2638b74, cb=0xc | out: lpmodinfo=0x2638b74*(lpBaseOfDll=0x10000, SizeOfImage=0x74000, EntryPoint=0x0)) returned 1 [0195.243] CoTaskMemAlloc (cb=0x804) returned 0x807090 [0195.243] GetModuleBaseNameW (in: hProcess=0x3dc, hModule=0x10000, lpBaseName=0x807090, nSize=0x800 | out: lpBaseName="Installer.exe") returned 0xd [0195.243] CoTaskMemFree (pv=0x807090) [0195.243] CoTaskMemAlloc (cb=0x804) returned 0x807090 [0195.243] GetModuleFileNameExW (in: hProcess=0x3dc, hModule=0x10000, lpFilename=0x807090, nSize=0x800 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe")) returned 0x28 [0195.244] CoTaskMemFree (pv=0x807090) [0195.244] CloseHandle (hObject=0x3dc) returned 1 [0195.244] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0195.244] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x29, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", lpFilePart=0x0) returned 0x28 [0195.244] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f4 | out: phkResult=0x4fe0f4*=0x0) returned 0x2 [0195.245] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f4 | out: phkResult=0x4fe0f4*=0x3dc) returned 0x0 [0195.245] RegQueryValueExW (in: hKey=0x3dc, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x4fe110, lpData=0x0, lpcbData=0x4fe10c*=0x0 | out: lpType=0x4fe110*=0x0, lpData=0x0, lpcbData=0x4fe10c*=0x0) returned 0x2 [0195.245] RegCloseKey (hKey=0x3dc) returned 0x0 [0195.247] GetCurrentProcessId () returned 0x75c [0195.247] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x75c) returned 0x3dc [0195.247] EnumProcessModules (in: hProcess=0x3dc, lphModule=0x263b3bc, cb=0x100, lpcbNeeded=0x4fe0fc | out: lphModule=0x263b3bc, lpcbNeeded=0x4fe0fc) returned 1 [0195.249] GetModuleInformation (in: hProcess=0x3dc, hModule=0x10000, lpmodinfo=0x263b4fc, cb=0xc | out: lpmodinfo=0x263b4fc*(lpBaseOfDll=0x10000, SizeOfImage=0x74000, EntryPoint=0x0)) returned 1 [0195.249] CoTaskMemAlloc (cb=0x804) returned 0x807090 [0195.249] GetModuleBaseNameW (in: hProcess=0x3dc, hModule=0x10000, lpBaseName=0x807090, nSize=0x800 | out: lpBaseName="Installer.exe") returned 0xd [0195.250] CoTaskMemFree (pv=0x807090) [0195.250] CoTaskMemAlloc (cb=0x804) returned 0x807090 [0195.250] GetModuleFileNameExW (in: hProcess=0x3dc, hModule=0x10000, lpFilename=0x807090, nSize=0x800 | out: lpFilename="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe" (normalized: "c:\\users\\oqxzraykm\\desktop\\installer.exe")) returned 0x28 [0195.250] CoTaskMemFree (pv=0x807090) [0195.250] CloseHandle (hObject=0x3dc) returned 1 [0195.250] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x29 [0195.250] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", nBufferLength=0x29, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop\\Installer.exe", lpFilePart=0x0) returned 0x28 [0195.251] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SecurityProtocol", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0f4 | out: phkResult=0x4fe0f4*=0x0) returned 0x2 [0195.296] FindMimeFromData (in: pBC=0x0, pwzUrl="айко codex.png", pBuffer=0x0, cbSize=0x0, pwzMimeProposed=0x0, dwMimeFlags=0x0, ppwzMimeOut=0x4fe2dc, dwReserved=0x0 | out: ppwzMimeOut=0x4fe2dc*="image/png") returned 0x0 [0195.315] CoTaskMemFree (pv=0x7e5268) [0195.373] WICCreateImagingFactory_Proxy () returned 0x0 [0195.375] IWICImagingFactory_CreateStream_Proxy () returned 0x0 [0195.375] IWICStream_InitializeFromMemory_Proxy () returned 0x0 [0195.379] WICCreateImagingFactory_Proxy () returned 0x0 [0195.380] IWICImagingFactory_CreateDecoderFromStream_Proxy () returned 0x0 [0195.493] IWICBitmapDecoder_GetDecoderInfo_Proxy () returned 0x0 [0195.494] IWICBitmapCodecInfo_GetContainerFormat_Proxy () returned 0x0 [0195.494] IWICBitmapCodecInfo_GetMimeTypes_Proxy () returned 0x0 [0195.494] IWICBitmapCodecInfo_GetMimeTypes_Proxy () returned 0x0 [0195.500] IWICBitmapDecoder_GetFrameCount_Proxy () returned 0x0 [0195.505] IWICBitmapDecoder_GetFrame_Proxy () returned 0x0 [0195.506] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0195.506] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0195.584] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0195.584] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0195.584] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0195.584] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0195.584] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0195.584] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0195.584] WICCreateImagingFactory_Proxy () returned 0x0 [0195.584] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0195.588] IWICBitmapFrameDecode_GetColorContexts_Proxy () returned 0x0 [0195.597] WICCreateColorContext_Proxy () returned 0x0 [0195.597] IWICBitmapFrameDecode_GetColorContexts_Proxy () returned 0x0 [0195.772] OpenColorProfileA () returned 0x493d9828 [0195.772] GetColorProfileHeader () returned 0x1 [0195.774] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0195.774] CoTaskMemAlloc (cb=0x20c) returned 0x8020a0 [0195.774] GetStandardColorSpaceProfileW () returned 0x1 [0195.777] CoTaskMemFree (pv=0x8020a0) [0195.786] GetCurrentProcess () returned 0xffffffff [0195.786] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fdec0 | out: TokenHandle=0x4fdec0*=0x434) returned 1 [0195.790] CloseHandle (hObject=0x434) returned 1 [0195.790] GetCurrentProcess () returned 0xffffffff [0195.790] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fded8 | out: TokenHandle=0x4fded8*=0x434) returned 1 [0195.791] CloseHandle (hObject=0x434) returned 1 [0195.843] GetFileSize (in: hFile=0x458, lpFileSizeHigh=0x4fe2c8 | out: lpFileSizeHigh=0x4fe2c8*=0x0) returned 0xc48 [0195.843] ReadFile (in: hFile=0x458, lpBuffer=0x25c6940, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x4fe248, lpOverlapped=0x0 | out: lpBuffer=0x25c6940*, lpNumberOfBytesRead=0x4fe248*=0xc48, lpOverlapped=0x0) returned 1 [0195.845] OpenColorProfileA () returned 0x493d5588 [0195.845] GetColorProfileHeader () returned 0x1 [0195.846] WICCreateColorContext_Proxy () returned 0x0 [0195.846] IWICColorContext_InitializeFromMemory_Proxy () returned 0x0 [0195.871] WICCreateColorTransform_Proxy () returned 0x0 [0195.873] IWICColorTransform_Initialize_Proxy () returned 0x0 [0195.910] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0195.910] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0195.910] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0195.910] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0195.910] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0195.910] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0195.911] IWICImagingFactory_CreateBitmapFromSource_Proxy () returned 0x0 [0195.911] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0195.911] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0195.911] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0195.911] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0195.911] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0195.911] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0195.911] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0195.911] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0195.912] IWICBitmapFrameDecode_GetThumbnail_Proxy () returned 0x88982f44 [0195.934] RegisterClipboardFormatW (lpszFormat="UpdateWindowSettings") returned 0xc1e9 [0195.935] RegisterClipboardFormatW (lpszFormat="NeedsRePresentOnWake") returned 0xc1ea [0195.935] RegisterClipboardFormatW (lpszFormat="DisplayDevicesAvailabilityChanged") returned 0xc1eb [0195.936] GetCurrentProcessId () returned 0x75c [0195.937] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x75c) returned 0x464 [0195.943] GetProcessDpiAwareness () returned 0x0 [0195.945] CloseHandle (hObject=0x464) returned 1 [0195.947] AreDpiAwarenessContextsEqual () returned 0x0 [0195.947] AreDpiAwarenessContextsEqual () returned 0x0 [0195.947] AreDpiAwarenessContextsEqual () returned 0x1 [0195.951] SetThreadDpiAwarenessContext () returned 0x80006011 [0195.952] GetStockObject (i=5) returned 0x900015 [0195.952] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0195.952] CoCreateGuid (in: pguid=0x4fe340 | out: pguid=0x4fe340*(Data1=0x908c891b, Data2=0x9f2, Data3=0x4f42, Data4=([0]=0x88, [1]=0xd6, [2]=0x4b, [3]=0x5d, [4]=0x37, [5]=0x97, [6]=0x2e, [7]=0xe7))) returned 0x0 [0195.953] CoTaskMemAlloc (cb=0x2) returned 0x7f1f98 [0195.953] CoTaskMemAlloc (cb=0x82) returned 0x7de6b0 [0195.953] RegisterClassExW (param_1=0x4fe2b8) returned 0xc1ec [0195.953] CoTaskMemFree (pv=0x7f1f98) [0195.954] CoTaskMemFree (pv=0x7de6b0) [0195.954] CreateWindowExW (dwExStyle=0x0, lpClassName="HwndWrapper[Installer.exe;;908c891b-09f2-4f42-88d6-4b5d37972ee7]", lpWindowName="SystemResourceNotifyWindow", dwStyle=0x88000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x8006c [0195.957] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x8006c, Msg=0x81, wParam=0x0, lParam=0x4fddd0) returned 0x1 [0195.957] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x8006c, Msg=0x81, wParam=0x0, lParam=0x4fddd0) returned 0x1 [0195.959] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x8006c, Msg=0x83, wParam=0x0, lParam=0x4fddbc) returned 0x0 [0195.959] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x8006c, Msg=0x83, wParam=0x0, lParam=0x4fddbc) returned 0x0 [0195.960] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x8006c, Msg=0x1, wParam=0x0, lParam=0x4fddd0) returned 0x0 [0195.960] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x8006c, Msg=0x1, wParam=0x0, lParam=0x4fddd0) returned 0x0 [0195.960] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x8006c, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0195.960] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x8006c, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0195.960] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x8006c, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0195.961] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x8006c, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0195.968] GetEnvironmentVariableW (in: lpName="COMPLUS_Version", lpBuffer=0x4fd470, nSize=0x80 | out: lpBuffer="") returned 0x0 [0195.969] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Net Framework Setup\\NDP\\v4\\Client", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fd550 | out: phkResult=0x4fd550*=0x464) returned 0x0 [0195.969] RegQueryValueExW (in: hKey=0x464, lpValueName="InstallPath", lpReserved=0x0, lpType=0x4fd56c, lpData=0x0, lpcbData=0x4fd568*=0x0 | out: lpType=0x4fd56c*=0x1, lpData=0x0, lpcbData=0x4fd568*=0x5e) returned 0x0 [0195.969] RegQueryValueExW (in: hKey=0x464, lpValueName="InstallPath", lpReserved=0x0, lpType=0x4fd56c, lpData=0x25ca754, lpcbData=0x4fd568*=0x5e | out: lpType=0x4fd56c*=0x1, lpData="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpcbData=0x4fd568*=0x5e) returned 0x0 [0195.969] RegCloseKey (hKey=0x464) returned 0x0 [0195.970] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll") returned 0x6aa90000 [0195.989] GetCurrentProcessId () returned 0x75c [0195.989] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x75c) returned 0x464 [0195.989] GetProcessDpiAwareness () returned 0x0 [0195.989] CloseHandle (hObject=0x464) returned 1 [0195.991] AreDpiAwarenessContextsEqual () returned 0x0 [0195.991] AreDpiAwarenessContextsEqual () returned 0x0 [0195.991] AreDpiAwarenessContextsEqual () returned 0x1 [0195.991] GetCurrentProcessId () returned 0x75c [0195.991] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x75c) returned 0x464 [0195.991] GetProcessDpiAwareness () returned 0x0 [0195.991] CloseHandle (hObject=0x464) returned 1 [0195.993] AreDpiAwarenessContextsEqual () returned 0x0 [0195.993] AreDpiAwarenessContextsEqual () returned 0x0 [0195.993] AreDpiAwarenessContextsEqual () returned 0x1 [0195.994] GetDpiForSystem () returned 0x60 [0195.994] MonitorFromWindow (hwnd=0x0, dwFlags=0x2) returned 0x10001 [0195.995] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x4fe324 | out: lpmi=0x4fe324) returned 1 [0196.001] SetThreadDpiAwarenessContext () returned 0x6011 [0196.005] SystemParametersInfoW (in: uiAction=0x42, uiParam=0xc, pvParam=0x4fdca4, fWinIni=0x0 | out: pvParam=0x4fdca4) returned 1 [0196.011] IsThemeActive () returned 0x1 [0196.013] CoTaskMemAlloc (cb=0x20c) returned 0x809350 [0196.013] CoTaskMemAlloc (cb=0x20c) returned 0x810280 [0196.013] GetCurrentThemeName () returned 0x0 [0196.014] CoTaskMemFree (pv=0x809350) [0196.014] CoTaskMemFree (pv=0x810280) [0196.835] GetCurrentProcessId () returned 0x75c [0196.836] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x75c) returned 0x464 [0196.836] GetProcessDpiAwareness () returned 0x0 [0196.836] CloseHandle (hObject=0x464) returned 1 [0196.838] AreDpiAwarenessContextsEqual () returned 0x0 [0196.838] AreDpiAwarenessContextsEqual () returned 0x0 [0196.838] AreDpiAwarenessContextsEqual () returned 0x1 [0196.839] GetCurrentProcessId () returned 0x75c [0196.839] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x75c) returned 0x464 [0196.839] GetProcessDpiAwareness () returned 0x0 [0196.839] CloseHandle (hObject=0x464) returned 1 [0196.841] AreDpiAwarenessContextsEqual () returned 0x0 [0196.841] AreDpiAwarenessContextsEqual () returned 0x0 [0196.842] AreDpiAwarenessContextsEqual () returned 0x1 [0196.842] GetCurrentProcessId () returned 0x75c [0196.842] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x75c) returned 0x464 [0196.842] GetProcessDpiAwareness () returned 0x0 [0196.842] CloseHandle (hObject=0x464) returned 1 [0196.844] AreDpiAwarenessContextsEqual () returned 0x0 [0196.844] AreDpiAwarenessContextsEqual () returned 0x0 [0196.844] AreDpiAwarenessContextsEqual () returned 0x1 [0196.844] GetCurrentProcessId () returned 0x75c [0196.845] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x75c) returned 0x464 [0196.845] GetProcessDpiAwareness () returned 0x0 [0196.845] CloseHandle (hObject=0x464) returned 1 [0196.846] AreDpiAwarenessContextsEqual () returned 0x0 [0196.847] AreDpiAwarenessContextsEqual () returned 0x0 [0196.847] AreDpiAwarenessContextsEqual () returned 0x1 [0196.847] GetCurrentProcessId () returned 0x75c [0196.847] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x75c) returned 0x464 [0196.847] GetProcessDpiAwareness () returned 0x0 [0196.847] CloseHandle (hObject=0x464) returned 1 [0196.849] AreDpiAwarenessContextsEqual () returned 0x0 [0196.849] AreDpiAwarenessContextsEqual () returned 0x0 [0196.849] AreDpiAwarenessContextsEqual () returned 0x1 [0196.997] GetCurrentProcessId () returned 0x75c [0196.998] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x75c) returned 0x464 [0196.998] GetProcessDpiAwareness () returned 0x0 [0196.998] CloseHandle (hObject=0x464) returned 1 [0197.000] AreDpiAwarenessContextsEqual () returned 0x0 [0197.000] AreDpiAwarenessContextsEqual () returned 0x0 [0197.001] AreDpiAwarenessContextsEqual () returned 0x1 [0197.003] GetCurrentProcessId () returned 0x75c [0197.004] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x75c) returned 0x464 [0197.004] GetProcessDpiAwareness () returned 0x0 [0197.004] CloseHandle (hObject=0x464) returned 1 [0197.005] AreDpiAwarenessContextsEqual () returned 0x0 [0197.006] AreDpiAwarenessContextsEqual () returned 0x0 [0197.006] AreDpiAwarenessContextsEqual () returned 0x1 [0197.006] GetSysColor (nIndex=13) returned 0xd77800 [0197.283] GetCurrentProcessId () returned 0x75c [0197.283] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x75c) returned 0x464 [0197.283] GetProcessDpiAwareness () returned 0x0 [0197.283] CloseHandle (hObject=0x464) returned 1 [0197.283] AreDpiAwarenessContextsEqual () returned 0x0 [0197.283] AreDpiAwarenessContextsEqual () returned 0x0 [0197.283] AreDpiAwarenessContextsEqual () returned 0x1 [0197.283] GetSysColor (nIndex=8) returned 0x0 [0197.284] GetCurrentProcessId () returned 0x75c [0197.284] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x75c) returned 0x464 [0197.284] GetProcessDpiAwareness () returned 0x0 [0197.284] CloseHandle (hObject=0x464) returned 1 [0197.285] AreDpiAwarenessContextsEqual () returned 0x0 [0197.286] AreDpiAwarenessContextsEqual () returned 0x0 [0197.286] AreDpiAwarenessContextsEqual () returned 0x1 [0197.286] GetSysColor (nIndex=5) returned 0xffffff [0197.331] GetACP () returned 0x4e4 [0197.355] GetCurrentProcess () returned 0xffffffff [0197.356] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe2a8 | out: TokenHandle=0x4fe2a8*=0x468) returned 1 [0197.369] CloseHandle (hObject=0x468) returned 1 [0197.369] GetCurrentProcess () returned 0xffffffff [0197.369] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe2c0 | out: TokenHandle=0x4fe2c0*=0x468) returned 1 [0197.370] CloseHandle (hObject=0x468) returned 1 [0197.383] QueryPerformanceFrequency (in: lpFrequency=0x625bf8 | out: lpFrequency=0x625bf8*=100000000) returned 1 [0197.384] QueryPerformanceCounter (in: lpPerformanceCount=0x4fe668 | out: lpPerformanceCount=0x4fe668*=2716513670881) returned 1 [0197.389] GetCurrentProcess () returned 0xffffffff [0197.389] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe27c | out: TokenHandle=0x4fe27c*=0x468) returned 1 [0197.394] CloseHandle (hObject=0x468) returned 1 [0197.394] GetCurrentProcess () returned 0xffffffff [0197.394] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe294 | out: TokenHandle=0x4fe294*=0x468) returned 1 [0197.394] CloseHandle (hObject=0x468) returned 1 [0197.399] GetCurrentProcess () returned 0xffffffff [0197.400] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe54c | out: TokenHandle=0x4fe54c*=0x468) returned 1 [0197.484] CoTaskMemAlloc (cb=0xcc0) returned 0x80e070 [0197.486] RasEnumConnectionsW (in: param_1=0x80e070, param_2=0x4fe55c, param_3=0x4fe560 | out: param_1=0x80e070, param_2=0x4fe55c, param_3=0x4fe560) returned 0x0 [0197.519] CoTaskMemFree (pv=0x80e070) [0197.543] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x4fe344 | out: lpWSAData=0x4fe344) returned 0 [0197.569] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x4cc [0197.732] setsockopt (s=0x4cc, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0197.738] closesocket (s=0x4cc) returned 0 [0197.739] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x4cc [0197.741] setsockopt (s=0x4cc, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0197.741] closesocket (s=0x4cc) returned 0 [0197.742] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4cc [0197.743] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d0 [0197.744] ioctlsocket (in: s=0x4cc, cmd=-2147195266, argp=0x4fe564 | out: argp=0x4fe564) returned 0 [0197.745] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d4 [0197.745] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d8 [0197.745] ioctlsocket (in: s=0x4d4, cmd=-2147195266, argp=0x4fe564 | out: argp=0x4fe564) returned 0 [0197.746] WSAIoctl (in: s=0x4cc, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x4fe54c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x4fe54c, lpOverlapped=0x0) returned -1 [0197.748] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x4fe27c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0197.763] WSAEventSelect (s=0x4cc, hEventObject=0x4d0, lNetworkEvents=512) returned 0 [0197.763] WSAIoctl (in: s=0x4d4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x4fe54c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x4fe54c, lpOverlapped=0x0) returned -1 [0197.763] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x4fe27c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0197.763] WSAEventSelect (s=0x4d4, hEventObject=0x4d8, lNetworkEvents=512) returned 0 [0197.861] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4e0 [0197.862] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x4e0, param_3=0x3) returned 0x0 [0197.877] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x4fe578 | out: phkResult=0x4fe578*=0x4f8) returned 0x0 [0197.878] RegOpenKeyExW (in: hKey=0x4f8, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe52c | out: phkResult=0x4fe52c*=0x4fc) returned 0x0 [0197.878] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x500 [0197.878] RegNotifyChangeKeyValue (hKey=0x4fc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x500, fAsynchronous=1) returned 0x0 [0197.880] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe530 | out: phkResult=0x4fe530*=0x504) returned 0x0 [0197.881] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x508 [0197.881] RegNotifyChangeKeyValue (hKey=0x504, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x508, fAsynchronous=1) returned 0x0 [0197.881] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe530 | out: phkResult=0x4fe530*=0x50c) returned 0x0 [0197.881] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x510 [0197.881] RegNotifyChangeKeyValue (hKey=0x50c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x510, fAsynchronous=1) returned 0x0 [0197.882] GetCurrentProcess () returned 0xffffffff [0197.882] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe520 | out: TokenHandle=0x4fe520*=0x514) returned 1 [0197.886] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fde28 | out: phkResult=0x4fde28*=0x518) returned 0x0 [0197.886] RegQueryValueExW (in: hKey=0x518, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x4fde44, lpData=0x0, lpcbData=0x4fde40*=0x0 | out: lpType=0x4fde44*=0x0, lpData=0x0, lpcbData=0x4fde40*=0x0) returned 0x2 [0197.886] RegCloseKey (hKey=0x518) returned 0x0 [0197.965] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x81e7e8 [0198.045] WinHttpSetTimeouts (hInternet=0x81e7e8, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0198.051] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x4fe52c | out: pProxyConfig=0x4fe52c) returned 1 [0198.469] CloseHandle (hObject=0x468) returned 1 [0198.477] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x4fdda0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0198.477] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x4fdda0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0198.486] EtwEventRegister (in: ProviderId=0x262473c, EnableCallback=0x22e066e, CallbackContext=0x0, RegHandle=0x2624718 | out: RegHandle=0x2624718) returned 0x0 [0198.486] EtwEventSetInformation (RegHandle=0x806260, InformationClass=0x84, EventInformation=0x2, InformationLength=0x26246d8) returned 0x0 [0198.492] GetCurrentProcess () returned 0xffffffff [0198.492] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe244 | out: TokenHandle=0x4fe244*=0x568) returned 1 [0198.496] CloseHandle (hObject=0x568) returned 1 [0198.496] GetCurrentProcess () returned 0xffffffff [0198.496] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe25c | out: TokenHandle=0x4fe25c*=0x568) returned 1 [0198.497] CloseHandle (hObject=0x568) returned 1 [0198.591] SetEvent (hEvent=0x3cc) returned 1 [0198.836] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdea4*=0x4e0, lpdwindex=0x4fdce8 | out: lpdwindex=0x4fdce8) returned 0x80010115 [0199.509] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fde84*=0x4d0, lpdwindex=0x4fdcc8 | out: lpdwindex=0x4fdcc8) returned 0x80010115 [0199.509] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fde84*=0x4d8, lpdwindex=0x4fdcc8 | out: lpdwindex=0x4fdcc8) returned 0x80010115 [0199.509] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fded4*=0x500, lpdwindex=0x4fdd18 | out: lpdwindex=0x4fdd18) returned 0x80010115 [0199.510] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fded4*=0x508, lpdwindex=0x4fdd18 | out: lpdwindex=0x4fdd18) returned 0x80010115 [0199.510] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fded4*=0x510, lpdwindex=0x4fdd18 | out: lpdwindex=0x4fdd18) returned 0x80010115 [0199.515] GetCurrentProcess () returned 0xffffffff [0199.515] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe1a0 | out: TokenHandle=0x4fe1a0*=0x5a4) returned 1 [0199.516] CloseHandle (hObject=0x5a4) returned 1 [0199.517] GetCurrentProcess () returned 0xffffffff [0199.517] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe1b8 | out: TokenHandle=0x4fe1b8*=0x5a4) returned 1 [0199.517] CloseHandle (hObject=0x5a4) returned 1 [0199.520] GetTimeZoneInformation (in: lpTimeZoneInformation=0x4fe368 | out: lpTimeZoneInformation=0x4fe368) returned 0x2 [0199.533] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x4fe1c4 | out: pTimeZoneInformation=0x4fe1c4) returned 0x2 [0199.534] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Central European Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe2a8 | out: phkResult=0x4fe2a8*=0x5a4) returned 0x0 [0199.535] RegQueryValueExW (in: hKey=0x5a4, lpValueName="TZI", lpReserved=0x0, lpType=0x4fe2c4, lpData=0x0, lpcbData=0x4fe2c0*=0x0 | out: lpType=0x4fe2c4*=0x3, lpData=0x0, lpcbData=0x4fe2c0*=0x2c) returned 0x0 [0199.535] RegQueryValueExW (in: hKey=0x5a4, lpValueName="TZI", lpReserved=0x0, lpType=0x4fe2c4, lpData=0x26275a4, lpcbData=0x4fe2c0*=0x2c | out: lpType=0x4fe2c4*=0x3, lpData=0x26275a4*, lpcbData=0x4fe2c0*=0x2c) returned 0x0 [0199.536] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Central European Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0fc | out: phkResult=0x4fe0fc*=0x0) returned 0x2 [0199.537] RegQueryValueExW (in: hKey=0x5a4, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x4fe29c, lpData=0x0, lpcbData=0x4fe298*=0x0 | out: lpType=0x4fe29c*=0x1, lpData=0x0, lpcbData=0x4fe298*=0x20) returned 0x0 [0199.537] RegQueryValueExW (in: hKey=0x5a4, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x4fe29c, lpData=0x26279f4, lpcbData=0x4fe298*=0x20 | out: lpType=0x4fe29c*=0x1, lpData="@tzres.dll,-290", lpcbData=0x4fe298*=0x20) returned 0x0 [0199.537] RegQueryValueExW (in: hKey=0x5a4, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x4fe29c, lpData=0x0, lpcbData=0x4fe298*=0x0 | out: lpType=0x4fe29c*=0x1, lpData=0x0, lpcbData=0x4fe298*=0x20) returned 0x0 [0199.537] RegQueryValueExW (in: hKey=0x5a4, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x4fe29c, lpData=0x2627a4c, lpcbData=0x4fe298*=0x20 | out: lpType=0x4fe29c*=0x1, lpData="@tzres.dll,-292", lpcbData=0x4fe298*=0x20) returned 0x0 [0199.537] RegQueryValueExW (in: hKey=0x5a4, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x4fe29c, lpData=0x0, lpcbData=0x4fe298*=0x0 | out: lpType=0x4fe29c*=0x1, lpData=0x0, lpcbData=0x4fe298*=0x20) returned 0x0 [0199.537] RegQueryValueExW (in: hKey=0x5a4, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x4fe29c, lpData=0x2627aa4, lpcbData=0x4fe298*=0x20 | out: lpType=0x4fe29c*=0x1, lpData="@tzres.dll,-291", lpcbData=0x4fe298*=0x20) returned 0x0 [0199.545] CoTaskMemAlloc (cb=0x20c) returned 0x828600 [0199.545] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x828600 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0199.632] CoTaskMemFree (pv=0x828600) [0199.633] CoTaskMemAlloc (cb=0x20c) returned 0x828600 [0199.633] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x4fe2b8, pwszFileMUIPath=0x828600, pcchFileMUIPath=0x4fe2bc, pululEnumerator=0x4fe2b0 | out: pwszLanguage=0x0, pcchLanguage=0x4fe2b8, pwszFileMUIPath="", pcchFileMUIPath=0x4fe2bc, pululEnumerator=0x4fe2b0) returned 0 [0199.636] CoTaskMemFree (pv=0x0) [0199.636] CoTaskMemFree (pv=0x828600) [0199.636] CoTaskMemAlloc (cb=0x20c) returned 0x828600 [0199.636] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x828600 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0199.636] CoTaskMemFree (pv=0x828600) [0199.636] CoTaskMemAlloc (cb=0x20c) returned 0x828600 [0199.636] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x4fe2b8, pwszFileMUIPath=0x828600, pcchFileMUIPath=0x4fe2bc, pululEnumerator=0x4fe2b0 | out: pwszLanguage=0x0, pcchLanguage=0x4fe2b8, pwszFileMUIPath="", pcchFileMUIPath=0x4fe2bc, pululEnumerator=0x4fe2b0) returned 0 [0199.638] CoTaskMemFree (pv=0x0) [0199.638] CoTaskMemFree (pv=0x828600) [0199.638] CoTaskMemAlloc (cb=0x20c) returned 0x828600 [0199.638] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x828600 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0199.638] CoTaskMemFree (pv=0x828600) [0199.638] CoTaskMemAlloc (cb=0x20c) returned 0x828600 [0199.638] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x4fe2b8, pwszFileMUIPath=0x828600, pcchFileMUIPath=0x4fe2bc, pululEnumerator=0x4fe2b0 | out: pwszLanguage=0x0, pcchLanguage=0x4fe2b8, pwszFileMUIPath="", pcchFileMUIPath=0x4fe2bc, pululEnumerator=0x4fe2b0) returned 0 [0199.640] CoTaskMemFree (pv=0x0) [0199.640] CoTaskMemFree (pv=0x828600) [0199.640] RegQueryValueExW (in: hKey=0x5a4, lpValueName="Display", lpReserved=0x0, lpType=0x4fe29c, lpData=0x0, lpcbData=0x4fe298*=0x0 | out: lpType=0x4fe29c*=0x1, lpData=0x0, lpcbData=0x4fe298*=0x5a) returned 0x0 [0199.640] RegQueryValueExW (in: hKey=0x5a4, lpValueName="Display", lpReserved=0x0, lpType=0x4fe29c, lpData=0x262943c, lpcbData=0x4fe298*=0x5a | out: lpType=0x4fe29c*=0x1, lpData="(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb", lpcbData=0x4fe298*=0x5a) returned 0x0 [0199.640] RegQueryValueExW (in: hKey=0x5a4, lpValueName="Std", lpReserved=0x0, lpType=0x4fe29c, lpData=0x0, lpcbData=0x4fe298*=0x0 | out: lpType=0x4fe29c*=0x1, lpData=0x0, lpcbData=0x4fe298*=0x3e) returned 0x0 [0199.640] RegQueryValueExW (in: hKey=0x5a4, lpValueName="Std", lpReserved=0x0, lpType=0x4fe29c, lpData=0x262950c, lpcbData=0x4fe298*=0x3e | out: lpType=0x4fe29c*=0x1, lpData="Central European Standard Time", lpcbData=0x4fe298*=0x3e) returned 0x0 [0199.640] RegQueryValueExW (in: hKey=0x5a4, lpValueName="Dlt", lpReserved=0x0, lpType=0x4fe29c, lpData=0x0, lpcbData=0x4fe298*=0x0 | out: lpType=0x4fe29c*=0x1, lpData=0x0, lpcbData=0x4fe298*=0x3e) returned 0x0 [0199.640] RegQueryValueExW (in: hKey=0x5a4, lpValueName="Dlt", lpReserved=0x0, lpType=0x4fe29c, lpData=0x26295a4, lpcbData=0x4fe298*=0x3e | out: lpType=0x4fe29c*=0x1, lpData="Central European Daylight Time", lpcbData=0x4fe298*=0x3e) returned 0x0 [0199.641] RegCloseKey (hKey=0x5a4) returned 0x0 [0199.641] SetEvent (hEvent=0x3cc) returned 1 [0199.654] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x4fe4c4 | out: pFixedInfo=0x0, pOutBufLen=0x4fe4c4) returned 0x6f [0200.005] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x828600 [0200.005] GetNetworkParams (in: pFixedInfo=0x828600, pOutBufLen=0x4fe4c4 | out: pFixedInfo=0x828600, pOutBufLen=0x4fe4c4) returned 0x0 [0200.087] LocalFree (hMem=0x828600) returned 0x0 [0200.091] CoTaskMemAlloc (cb=0x20c) returned 0x835790 [0200.091] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x835790, nSize=0x104 | out: lpBuffer="") returned 0x0 [0200.091] CoTaskMemFree (pv=0x835790) [0200.091] CoTaskMemAlloc (cb=0x20c) returned 0x835790 [0200.091] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x835790, nSize=0x104 | out: lpBuffer="") returned 0x0 [0200.091] CoTaskMemFree (pv=0x835790) [0200.133] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x600 [0200.137] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5c8 [0200.140] GetAddrInfoW (in: pNodeName="github.com", pServiceName=0x0, pHints=0x4fe3a0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x4fe348 | out: ppResult=0x4fe348*=0x810df8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="github.com", ai_addr=0x833120*(sa_family=2, sin_port=0x0, sin_addr="140.82.121.3"), ai_next=0x0)) returned 0 [0200.276] FreeAddrInfoW (pAddrInfo=0x810df8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="github.com", ai_addr=0x833120*(sa_family=2, sin_port=0x0, sin_addr="140.82.121.3"), ai_next=0x0)) [0200.277] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x57c [0200.278] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x61c [0200.278] ioctlsocket (in: s=0x57c, cmd=-2147195266, argp=0x4fe378 | out: argp=0x4fe378) returned 0 [0200.278] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x620 [0200.279] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x624 [0200.279] ioctlsocket (in: s=0x620, cmd=-2147195266, argp=0x4fe378 | out: argp=0x4fe378) returned 0 [0200.279] WSAIoctl (in: s=0x57c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x4fe360, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x4fe360, lpOverlapped=0x0) returned -1 [0200.279] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x4fe090, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0200.279] WSAEventSelect (s=0x57c, hEventObject=0x61c, lNetworkEvents=512) returned 0 [0200.322] WSAIoctl (in: s=0x620, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x4fe360, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x4fe360, lpOverlapped=0x0) returned -1 [0200.322] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x4fe090, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0200.322] WSAEventSelect (s=0x620, hEventObject=0x624, lNetworkEvents=512) returned 0 [0200.323] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x4fe35c*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x4fe35c*=0x3fff) returned 0x6f [0200.330] LocalAlloc (uFlags=0x0, uBytes=0x3fff) returned 0x83a9d0 [0200.330] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x83a9d0, SizePointer=0x4fe35c*=0x3fff | out: AdapterAddresses=0x83a9d0*(Alignment=0x500000178, Length=0x178, IfIndex=0x5, Next=0x83ac78, AdapterName="{4CF1065B-D84E-418E-BA85-C567B0CB4A2F}", FirstUnicastAddress=0x83abec, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection", FriendlyName="Ethernet", PhysicalAddress=([0]=0x0, [1]=0x30, [2]=0x24, [3]=0x44, [4]=0x85, [5]=0x2e, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x5, ZoneIndices=([0]=0x5, [1]=0x5, [2]=0x5, [3]=0x5, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0x19, Ipv6Metric=0x19, Luid.Value=0x6008001000000, Luid.Info.Reserved=0x6008001000000, Luid.Info.NetLuidIndex=0x6008001000000, Luid.Info.IfType=0x6008001000000, Dhcpv4Server.lpSockaddr=0x83ab48*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11edae4e88edbb0c, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x2b, [5]=0x80, [6]=0x6f, [7]=0x77, [8]=0x0, [9]=0x19, [10]=0x8b, [11]=0x9e, [12]=0xe5, [13]=0x6c, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x600198b, FirstDnsSuffix=0x0), SizePointer=0x4fe35c*=0x3fff) returned 0x0 [0200.351] LocalFree (hMem=0x83a9d0) returned 0x0 [0200.353] WSAConnect (in: s=0x600, name=0x26317cc*(sa_family=2, sin_port=0x1bb, sin_addr="140.82.121.3"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0200.365] closesocket (s=0x5c8) returned 0 [0200.414] EnumerateSecurityPackagesW (in: pcPackages=0x4fe2cc, ppPackageInfo=0x4fe260 | out: pcPackages=0x4fe2cc, ppPackageInfo=0x4fe260) returned 0x0 [0200.458] FreeContextBuffer (in: pvContextBuffer=0x83f9e0 | out: pvContextBuffer=0x83f9e0) returned 0x0 [0200.469] GetCurrentProcess () returned 0xffffffff [0200.469] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x4fe088 | out: TokenHandle=0x4fe088*=0x638) returned 1 [0200.471] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x263290c, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x4fe0dc, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x263403c, ptsExpiry=0x4fe060 | out: phCredential=0x263403c, ptsExpiry=0x4fe060) returned 0x0 [0200.491] CloseHandle (hObject=0x638) returned 1 [0200.495] InitializeSecurityContextW (in: phCredential=0x4fe0ac, phContext=0x0, pTargetName=0x26318b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x2634240, pOutput=0x26341d8, pfContextAttr=0x26328d0, ptsExpiry=0x4fe0a4 | out: phNewContext=0x2634240, pOutput=0x26341d8, pfContextAttr=0x26328d0, ptsExpiry=0x4fe0a4) returned 0x90312 [0200.496] FreeContextBuffer (in: pvContextBuffer=0x843450 | out: pvContextBuffer=0x843450) returned 0x0 [0200.502] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0200.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="AppPolicyGetClrCompat", cchWideChar=21, lpMultiByteStr=0x4fe0ec, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppPolicyGetClrCompat\x8bãmiû¹}\x84þ´o4éO", lpUsedDefaultChar=0x0) returned 21 [0200.502] GetProcAddress (hModule=0x75ce0000, lpProcName="AppPolicyGetClrCompat") returned 0x7767ba00 [0200.726] AppPolicyGetClrCompat () returned 0x0 [0200.729] send (s=0x600, buf=0x2634254*, len=172, flags=0) returned 172 [0200.732] recv (in: s=0x600, buf=0x2634254, len=5, flags=0 | out: buf=0x2634254*) returned 5 [0200.740] recv (in: s=0x600, buf=0x2634259, len=65, flags=0 | out: buf=0x2634259*) returned 65 [0200.741] InitializeSecurityContextW (in: phCredential=0x4fe008, phContext=0x4fdff8, pTargetName=0x26318b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x26345f0, Reserved2=0x0, phNewContext=0x2634240, pOutput=0x2634604, pfContextAttr=0x26328d0, ptsExpiry=0x4fe000 | out: phNewContext=0x2634240, pOutput=0x2634604, pfContextAttr=0x26328d0, ptsExpiry=0x4fe000) returned 0x90312 [0200.743] recv (in: s=0x600, buf=0x2634694, len=5, flags=0 | out: buf=0x2634694*) returned 5 [0200.744] recv (in: s=0x600, buf=0x26346b9, len=3130, flags=0 | out: buf=0x26346b9*) returned 3130 [0200.744] InitializeSecurityContextW (in: phCredential=0x4fdf68, phContext=0x4fdf58, pTargetName=0x26318b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2635364, Reserved2=0x0, phNewContext=0x2634240, pOutput=0x2635378, pfContextAttr=0x26328d0, ptsExpiry=0x4fdf60 | out: phNewContext=0x2634240, pOutput=0x2635378, pfContextAttr=0x26328d0, ptsExpiry=0x4fdf60) returned 0x90312 [0200.746] recv (in: s=0x600, buf=0x2635408, len=5, flags=0 | out: buf=0x2635408*) returned 5 [0200.746] recv (in: s=0x600, buf=0x2635421, len=115, flags=0 | out: buf=0x2635421*) returned 115 [0200.746] InitializeSecurityContextW (in: phCredential=0x4fdec8, phContext=0x4fdeb8, pTargetName=0x26318b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2635504, Reserved2=0x0, phNewContext=0x2634240, pOutput=0x2635518, pfContextAttr=0x26328d0, ptsExpiry=0x4fdec0 | out: phNewContext=0x2634240, pOutput=0x2635518, pfContextAttr=0x26328d0, ptsExpiry=0x4fdec0) returned 0x90312 [0200.747] recv (in: s=0x600, buf=0x26355a8, len=5, flags=0 | out: buf=0x26355a8*) returned 5 [0200.747] recv (in: s=0x600, buf=0x26355c1, len=4, flags=0 | out: buf=0x26355c1*) returned 4 [0200.747] InitializeSecurityContextW (in: phCredential=0x4fde28, phContext=0x4fde18, pTargetName=0x26318b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2635638, Reserved2=0x0, phNewContext=0x2634240, pOutput=0x263564c, pfContextAttr=0x26328d0, ptsExpiry=0x4fde20 | out: phNewContext=0x2634240, pOutput=0x263564c, pfContextAttr=0x26328d0, ptsExpiry=0x4fde20) returned 0x90312 [0200.939] FreeContextBuffer (in: pvContextBuffer=0x824170 | out: pvContextBuffer=0x824170) returned 0x0 [0200.939] send (s=0x600, buf=0x26356c8*, len=93, flags=0) returned 93 [0200.940] recv (in: s=0x600, buf=0x26356c8, len=5, flags=0 | out: buf=0x26356c8*) returned 5 [0200.948] recv (in: s=0x600, buf=0x26356cd, len=1, flags=0 | out: buf=0x26356cd*) returned 1 [0200.949] InitializeSecurityContextW (in: phCredential=0x4fdd88, phContext=0x4fdd78, pTargetName=0x26318b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x26357ac, Reserved2=0x0, phNewContext=0x2634240, pOutput=0x26357c0, pfContextAttr=0x26328d0, ptsExpiry=0x4fdd80 | out: phNewContext=0x2634240, pOutput=0x26357c0, pfContextAttr=0x26328d0, ptsExpiry=0x4fdd80) returned 0x90312 [0200.949] recv (in: s=0x600, buf=0x2635850, len=5, flags=0 | out: buf=0x2635850*) returned 5 [0200.949] recv (in: s=0x600, buf=0x2635869, len=40, flags=0 | out: buf=0x2635869*) returned 40 [0200.949] InitializeSecurityContextW (in: phCredential=0x4fdce8, phContext=0x4fdcd8, pTargetName=0x26318b8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2635904, Reserved2=0x0, phNewContext=0x2634240, pOutput=0x2635918, pfContextAttr=0x26328d0, ptsExpiry=0x4fdce0 | out: phNewContext=0x2634240, pOutput=0x2635918, pfContextAttr=0x26328d0, ptsExpiry=0x4fdce0) returned 0x0 [0201.080] QueryContextAttributesW (in: phContext=0x2634240, ulAttribute=0x4, pBuffer=0x26359c4 | out: pBuffer=0x26359c4) returned 0x0 [0201.080] QueryContextAttributesW (in: phContext=0x2634240, ulAttribute=0x5a, pBuffer=0x2635a1c | out: pBuffer=0x2635a1c) returned 0x0 [0201.105] QueryContextAttributesW (in: phContext=0x2634240, ulAttribute=0x53, pBuffer=0x2635ac8 | out: pBuffer=0x2635ac8) returned 0x0 [0201.141] CertDuplicateCertificateContext (pCertContext=0x841888) returned 0x841888 [0201.143] CertDuplicateStore (hCertStore=0x823f90) returned 0x823f90 [0201.143] CertEnumCertificatesInStore (hCertStore=0x823f90, pPrevCertContext=0x0) returned 0x841b58 [0201.144] CertDuplicateCertificateContext (pCertContext=0x841b58) returned 0x841b58 [0201.144] CertEnumCertificatesInStore (hCertStore=0x823f90, pPrevCertContext=0x841b58) returned 0x841748 [0201.145] CertDuplicateCertificateContext (pCertContext=0x841748) returned 0x841748 [0201.145] CertEnumCertificatesInStore (hCertStore=0x823f90, pPrevCertContext=0x841748) returned 0x841888 [0201.145] CertDuplicateCertificateContext (pCertContext=0x841888) returned 0x841888 [0201.145] CertEnumCertificatesInStore (hCertStore=0x823f90, pPrevCertContext=0x841888) returned 0x0 [0201.145] CertCloseStore (hCertStore=0x823f90, dwFlags=0x0) returned 1 [0201.145] CertFreeCRLContext (pCrlContext=0x841888) returned 1 [0201.150] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x824260 [0201.155] CertAddCRLLinkToStore (in: hCertStore=0x824260, pCrlContext=0x841b58, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0201.157] CertAddCRLLinkToStore (in: hCertStore=0x824260, pCrlContext=0x841748, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0201.157] CertAddCRLLinkToStore (in: hCertStore=0x824260, pCrlContext=0x841888, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0201.159] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x82eeb0 [0201.165] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x841888, pTime=0x4fdcf4, hAdditionalStore=0x824260, pChainPara=0x4fdc34, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x4fdc28 | out: ppChainContext=0x4fdc28) returned 1 [0201.185] LocalFree (hMem=0x82eeb0) returned 0x0 [0201.186] CertDuplicateCertificateChain (pChainContext=0x82e8d8) returned 0x82e8d8 [0201.188] CertDuplicateCertificateContext (pCertContext=0x841888) returned 0x841888 [0201.188] CertDuplicateCertificateContext (pCertContext=0x841478) returned 0x841478 [0201.189] CertDuplicateCertificateContext (pCertContext=0x841518) returned 0x841518 [0201.189] CertDuplicateCertificateContext (pCertContext=0x841658) returned 0x841658 [0201.189] CertFreeCertificateChain (pChainContext=0x82e8d8) [0201.190] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x82e8d8, pPolicyPara=0x4fddd4, pPolicyStatus=0x4fddc0 | out: pPolicyStatus=0x4fddc0) returned 1 [0201.191] SetLastError (dwErrCode=0x0) [0201.194] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x82e8d8, pPolicyPara=0x4fde34, pPolicyStatus=0x4fdde8 | out: pPolicyStatus=0x4fdde8) returned 1 [0201.209] CertFreeCertificateChain (pChainContext=0x82e8d8) [0201.209] CertFreeCRLContext (pCrlContext=0x841888) returned 1 [0201.213] CoTaskMemAlloc (cb=0x20c) returned 0x82e8d8 [0201.213] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x82e8d8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0201.213] CoTaskMemFree (pv=0x82e8d8) [0201.213] CoTaskMemAlloc (cb=0x20c) returned 0x82e8d8 [0201.213] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x82e8d8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0201.213] CoTaskMemFree (pv=0x82e8d8) [0201.213] CoTaskMemAlloc (cb=0x20c) returned 0x82e8d8 [0201.213] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x82e8d8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0201.213] CoTaskMemFree (pv=0x82e8d8) [0201.213] CoTaskMemAlloc (cb=0x20c) returned 0x82e8d8 [0201.213] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x82e8d8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0201.213] CoTaskMemFree (pv=0x82e8d8) [0201.215] EncryptMessage (in: phContext=0x2634240, fQOP=0x0, pMessage=0x263db94, MessageSeqNo=0x0 | out: pMessage=0x263db94) returned 0x0 [0201.215] send (s=0x600, buf=0x263c66c*, len=139, flags=0) returned 139 [0201.220] setsockopt (s=0x600, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0201.223] recv (in: s=0x600, buf=0x2649ed4, len=5, flags=0 | out: buf=0x2649ed4*) returned 5 [0201.224] recv (in: s=0x600, buf=0x2649ed9, len=1394, flags=0 | out: buf=0x2649ed9*) returned 1394 [0201.225] DecryptMessage (in: phContext=0x2634240, pMessage=0x264df94, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x264df94, pfQOP=0x0) returned 0x0 [0201.231] recv (in: s=0x600, buf=0x2649ed4, len=5, flags=0 | out: buf=0x2649ed4*) returned 5 [0201.231] recv (in: s=0x600, buf=0x2649ed9, len=1394, flags=0 | out: buf=0x2649ed9*) returned 1394 [0201.231] DecryptMessage (in: phContext=0x2634240, pMessage=0x264ffd4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x264ffd4, pfQOP=0x0) returned 0x0 [0201.232] recv (in: s=0x600, buf=0x2649ed4, len=5, flags=0 | out: buf=0x2649ed4*) returned 5 [0201.232] recv (in: s=0x600, buf=0x2649ed9, len=773, flags=0 | out: buf=0x2649ed9*) returned 773 [0201.232] DecryptMessage (in: phContext=0x2634240, pMessage=0x26500e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26500e8, pfQOP=0x0) returned 0x0 [0201.236] SetEvent (hEvent=0x3cc) returned 1 [0201.240] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdc24*=0x4e0, lpdwindex=0x4fda68 | out: lpdwindex=0x4fda68) returned 0x80010115 [0201.251] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdc04*=0x4d0, lpdwindex=0x4fda48 | out: lpdwindex=0x4fda48) returned 0x80010115 [0201.251] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdc04*=0x4d8, lpdwindex=0x4fda48 | out: lpdwindex=0x4fda48) returned 0x80010115 [0201.252] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdc54*=0x500, lpdwindex=0x4fda98 | out: lpdwindex=0x4fda98) returned 0x80010115 [0201.252] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdc54*=0x508, lpdwindex=0x4fda98 | out: lpdwindex=0x4fda98) returned 0x80010115 [0201.252] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdc54*=0x510, lpdwindex=0x4fda98 | out: lpdwindex=0x4fda98) returned 0x80010115 [0201.256] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x4fe208 | out: UnbiasedTime=0x4fe208) returned 1 [0201.265] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x4fe1f8 | out: UnbiasedTime=0x4fe1f8) returned 1 [0201.270] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x714 [0201.271] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x734 [0201.272] GetAddrInfoW (in: pNodeName="raw.githubusercontent.com", pServiceName=0x0, pHints=0x4fe3a0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x4fe348 | out: ppResult=0x4fe348*=0x83af58*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="raw.githubusercontent.com", ai_addr=0x8339a8*(sa_family=2, sin_port=0x0, sin_addr="185.199.110.133"), ai_next=0x83b098*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x833a20*(sa_family=2, sin_port=0x0, sin_addr="185.199.111.133"), ai_next=0x83b890*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x833a38*(sa_family=2, sin_port=0x0, sin_addr="185.199.108.133"), ai_next=0x83b598*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x833ae0*(sa_family=2, sin_port=0x0, sin_addr="185.199.109.133"), ai_next=0x0))))) returned 0 [0201.281] FreeAddrInfoW (pAddrInfo=0x83af58*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="raw.githubusercontent.com", ai_addr=0x8339a8*(sa_family=2, sin_port=0x0, sin_addr="185.199.110.133"), ai_next=0x83b098*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x833a20*(sa_family=2, sin_port=0x0, sin_addr="185.199.111.133"), ai_next=0x83b890*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x833a38*(sa_family=2, sin_port=0x0, sin_addr="185.199.108.133"), ai_next=0x83b598*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x833ae0*(sa_family=2, sin_port=0x0, sin_addr="185.199.109.133"), ai_next=0x0))))) [0201.281] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdd24*=0x61c, lpdwindex=0x4fdb68 | out: lpdwindex=0x4fdb68) returned 0x80010115 [0201.282] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdd24*=0x624, lpdwindex=0x4fdb68 | out: lpdwindex=0x4fdb68) returned 0x80010115 [0201.282] WSAConnect (in: s=0x714, name=0x2663d78*(sa_family=2, sin_port=0x1bb, sin_addr="185.199.110.133"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0201.292] closesocket (s=0x734) returned 0 [0201.293] InitializeSecurityContextW (in: phCredential=0x4fe0ac, phContext=0x0, pTargetName=0x2663ddc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x26643e4, pOutput=0x266437c, pfContextAttr=0x2664280, ptsExpiry=0x4fe0a4 | out: phNewContext=0x26643e4, pOutput=0x266437c, pfContextAttr=0x2664280, ptsExpiry=0x4fe0a4) returned 0x90312 [0201.294] FreeContextBuffer (in: pvContextBuffer=0x83a0c0 | out: pvContextBuffer=0x83a0c0) returned 0x0 [0201.294] send (s=0x714, buf=0x26643f8*, len=187, flags=0) returned 187 [0201.295] recv (in: s=0x714, buf=0x26643f8, len=5, flags=0 | out: buf=0x26643f8*) returned 5 [0201.304] recv (in: s=0x714, buf=0x26643fd, len=67, flags=0 | out: buf=0x26643fd*) returned 67 [0201.305] InitializeSecurityContextW (in: phCredential=0x4fe008, phContext=0x4fdff8, pTargetName=0x2663ddc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2664538, Reserved2=0x0, phNewContext=0x26643e4, pOutput=0x266454c, pfContextAttr=0x2664280, ptsExpiry=0x4fe000 | out: phNewContext=0x26643e4, pOutput=0x266454c, pfContextAttr=0x2664280, ptsExpiry=0x4fe000) returned 0x90312 [0201.305] recv (in: s=0x714, buf=0x26645dc, len=5, flags=0 | out: buf=0x26645dc*) returned 5 [0201.305] recv (in: s=0x714, buf=0x26645f5, len=3094, flags=0 | out: buf=0x26645f5*) returned 3094 [0201.306] InitializeSecurityContextW (in: phCredential=0x4fdf68, phContext=0x4fdf58, pTargetName=0x2663ddc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x266527c, Reserved2=0x0, phNewContext=0x26643e4, pOutput=0x2665290, pfContextAttr=0x2664280, ptsExpiry=0x4fdf60 | out: phNewContext=0x26643e4, pOutput=0x2665290, pfContextAttr=0x2664280, ptsExpiry=0x4fdf60) returned 0x90312 [0201.306] recv (in: s=0x714, buf=0x2665320, len=5, flags=0 | out: buf=0x2665320*) returned 5 [0201.307] recv (in: s=0x714, buf=0x2665339, len=300, flags=0 | out: buf=0x2665339*) returned 300 [0201.307] InitializeSecurityContextW (in: phCredential=0x4fdec8, phContext=0x4fdeb8, pTargetName=0x2663ddc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x26654d8, Reserved2=0x0, phNewContext=0x26643e4, pOutput=0x26654ec, pfContextAttr=0x2664280, ptsExpiry=0x4fdec0 | out: phNewContext=0x26643e4, pOutput=0x26654ec, pfContextAttr=0x2664280, ptsExpiry=0x4fdec0) returned 0x90312 [0201.307] recv (in: s=0x714, buf=0x266557c, len=5, flags=0 | out: buf=0x266557c*) returned 5 [0201.307] recv (in: s=0x714, buf=0x2665595, len=4, flags=0 | out: buf=0x2665595*) returned 4 [0201.308] InitializeSecurityContextW (in: phCredential=0x4fde28, phContext=0x4fde18, pTargetName=0x2663ddc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x266560c, Reserved2=0x0, phNewContext=0x26643e4, pOutput=0x2665620, pfContextAttr=0x2664280, ptsExpiry=0x4fde20 | out: phNewContext=0x26643e4, pOutput=0x2665620, pfContextAttr=0x2664280, ptsExpiry=0x4fde20) returned 0x90312 [0201.360] FreeContextBuffer (in: pvContextBuffer=0x84c940 | out: pvContextBuffer=0x84c940) returned 0x0 [0201.360] send (s=0x714, buf=0x266569c*, len=93, flags=0) returned 93 [0201.361] recv (in: s=0x714, buf=0x266569c, len=5, flags=0 | out: buf=0x266569c*) returned 5 [0201.370] recv (in: s=0x714, buf=0x2665721, len=202, flags=0 | out: buf=0x2665721*) returned 202 [0201.370] InitializeSecurityContextW (in: phCredential=0x4fdd88, phContext=0x4fdd78, pTargetName=0x2663ddc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x266585c, Reserved2=0x0, phNewContext=0x26643e4, pOutput=0x2665870, pfContextAttr=0x2664280, ptsExpiry=0x4fdd80 | out: phNewContext=0x26643e4, pOutput=0x2665870, pfContextAttr=0x2664280, ptsExpiry=0x4fdd80) returned 0x90312 [0201.371] recv (in: s=0x714, buf=0x2665900, len=5, flags=0 | out: buf=0x2665900*) returned 5 [0201.371] recv (in: s=0x714, buf=0x2665919, len=1, flags=0 | out: buf=0x2665919*) returned 1 [0201.371] InitializeSecurityContextW (in: phCredential=0x4fdce8, phContext=0x4fdcd8, pTargetName=0x2663ddc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x266598c, Reserved2=0x0, phNewContext=0x26643e4, pOutput=0x26659a0, pfContextAttr=0x2664280, ptsExpiry=0x4fdce0 | out: phNewContext=0x26643e4, pOutput=0x26659a0, pfContextAttr=0x2664280, ptsExpiry=0x4fdce0) returned 0x90312 [0201.371] recv (in: s=0x714, buf=0x2665a30, len=5, flags=0 | out: buf=0x2665a30*) returned 5 [0201.371] recv (in: s=0x714, buf=0x2665a49, len=40, flags=0 | out: buf=0x2665a49*) returned 40 [0201.372] InitializeSecurityContextW (in: phCredential=0x4fdc48, phContext=0x4fdc38, pTargetName=0x2663ddc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2665ae4, Reserved2=0x0, phNewContext=0x26643e4, pOutput=0x2665af8, pfContextAttr=0x2664280, ptsExpiry=0x4fdc40 | out: phNewContext=0x26643e4, pOutput=0x2665af8, pfContextAttr=0x2664280, ptsExpiry=0x4fdc40) returned 0x0 [0201.375] QueryContextAttributesW (in: phContext=0x26643e4, ulAttribute=0x4, pBuffer=0x2665b88 | out: pBuffer=0x2665b88) returned 0x0 [0201.375] QueryContextAttributesW (in: phContext=0x26643e4, ulAttribute=0x5a, pBuffer=0x2665bc4 | out: pBuffer=0x2665bc4) returned 0x0 [0201.375] QueryContextAttributesW (in: phContext=0x26643e4, ulAttribute=0x53, pBuffer=0x2665c10 | out: pBuffer=0x2665c10) returned 0x0 [0201.375] CertDuplicateCertificateContext (pCertContext=0x841d38) returned 0x841d38 [0201.376] CertDuplicateStore (hCertStore=0x84d138) returned 0x84d138 [0201.376] CertEnumCertificatesInStore (hCertStore=0x84d138, pPrevCertContext=0x0) returned 0x841798 [0201.377] CertDuplicateCertificateContext (pCertContext=0x841798) returned 0x841798 [0201.377] CertEnumCertificatesInStore (hCertStore=0x84d138, pPrevCertContext=0x841798) returned 0x841d38 [0201.377] CertDuplicateCertificateContext (pCertContext=0x841d38) returned 0x841d38 [0201.377] CertEnumCertificatesInStore (hCertStore=0x84d138, pPrevCertContext=0x841d38) returned 0x0 [0201.377] CertCloseStore (hCertStore=0x84d138, dwFlags=0x0) returned 1 [0201.377] CertFreeCRLContext (pCrlContext=0x841d38) returned 1 [0201.379] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x84d1b0 [0201.379] CertAddCRLLinkToStore (in: hCertStore=0x84d1b0, pCrlContext=0x841798, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0201.379] CertAddCRLLinkToStore (in: hCertStore=0x84d1b0, pCrlContext=0x841d38, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0201.380] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x83d490 [0201.380] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x841d38, pTime=0x4fdc54, hAdditionalStore=0x84d1b0, pChainPara=0x4fdb94, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x4fdb88 | out: ppChainContext=0x4fdb88) returned 1 [0201.384] LocalFree (hMem=0x83d490) returned 0x0 [0201.384] CertDuplicateCertificateChain (pChainContext=0x85a4e0) returned 0x85a4e0 [0201.385] CertDuplicateCertificateContext (pCertContext=0x841d38) returned 0x841d38 [0201.385] CertDuplicateCertificateContext (pCertContext=0x8414c8) returned 0x8414c8 [0201.386] CertDuplicateCertificateContext (pCertContext=0x8417e8) returned 0x8417e8 [0201.386] CertFreeCertificateChain (pChainContext=0x85a4e0) [0201.386] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x85a4e0, pPolicyPara=0x4fdd34, pPolicyStatus=0x4fdd20 | out: pPolicyStatus=0x4fdd20) returned 1 [0201.386] SetLastError (dwErrCode=0x0) [0201.386] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x85a4e0, pPolicyPara=0x4fdd94, pPolicyStatus=0x4fdd48 | out: pPolicyStatus=0x4fdd48) returned 1 [0201.386] CertFreeCertificateChain (pChainContext=0x85a4e0) [0201.387] CertFreeCRLContext (pCrlContext=0x841d38) returned 1 [0201.391] EncryptMessage (in: phContext=0x26643e4, fQOP=0x0, pMessage=0x267b934, MessageSeqNo=0x0 | out: pMessage=0x267b934) returned 0x0 [0201.391] send (s=0x714, buf=0x263b248*, len=150, flags=0) returned 150 [0201.393] setsockopt (s=0x714, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0201.403] recv (in: s=0x714, buf=0x2645e90, len=5, flags=0 | out: buf=0x2645e90*) returned 5 [0201.524] recv (in: s=0x714, buf=0x2645e95, len=928, flags=0 | out: buf=0x2645e95*) returned 928 [0201.524] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26bbf14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26bbf14, pfQOP=0x0) returned 0x0 [0201.529] setsockopt (s=0x714, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0201.529] recv (in: s=0x714, buf=0x2645e90, len=5, flags=0 | out: buf=0x2645e90*) returned 5 [0201.529] recv (in: s=0x714, buf=0x2645e95, len=29, flags=0 | out: buf=0x2645e95*) returned 29 [0201.529] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26bd558, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26bd558, pfQOP=0x0) returned 0x0 [0201.535] QueryPerformanceCounter (in: lpPerformanceCount=0x4fe668 | out: lpPerformanceCount=0x4fe668*=2733928816787) returned 1 [0201.535] SetEvent (hEvent=0x3cc) returned 1 [0201.535] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdea4*=0x4e0, lpdwindex=0x4fdce8 | out: lpdwindex=0x4fdce8) returned 0x80010115 [0201.536] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fde84*=0x4d0, lpdwindex=0x4fdcc8 | out: lpdwindex=0x4fdcc8) returned 0x80010115 [0201.536] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fde84*=0x4d8, lpdwindex=0x4fdcc8 | out: lpdwindex=0x4fdcc8) returned 0x80010115 [0201.537] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fded4*=0x500, lpdwindex=0x4fdd18 | out: lpdwindex=0x4fdd18) returned 0x80010115 [0201.537] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fded4*=0x508, lpdwindex=0x4fdd18 | out: lpdwindex=0x4fdd18) returned 0x80010115 [0201.537] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fded4*=0x510, lpdwindex=0x4fdd18 | out: lpdwindex=0x4fdd18) returned 0x80010115 [0201.540] select (in: nfds=0, readfds=0x26be164, writefds=0x0, exceptfds=0x0, timeout=0x4fe51c*(tv_sec=0, tv_usec=0) | out: readfds=0x26be164, writefds=0x0, exceptfds=0x0) returned 0 [0201.541] EncryptMessage (in: phContext=0x2634240, fQOP=0x0, pMessage=0x26be3fc, MessageSeqNo=0x0 | out: pMessage=0x26be3fc) returned 0x0 [0201.541] send (s=0x600, buf=0x263c66c*, len=117, flags=0) returned 117 [0201.541] recv (in: s=0x600, buf=0x2649ed4, len=5, flags=0 | out: buf=0x2649ed4*) returned 5 [0201.552] recv (in: s=0x600, buf=0x2649ed9, len=1394, flags=0 | out: buf=0x2649ed9*) returned 1394 [0201.552] DecryptMessage (in: phContext=0x2634240, pMessage=0x26be510, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26be510, pfQOP=0x0) returned 0x0 [0201.552] recv (in: s=0x600, buf=0x2649ed4, len=5, flags=0 | out: buf=0x2649ed4*) returned 5 [0201.552] recv (in: s=0x600, buf=0x2649ed9, len=1394, flags=0 | out: buf=0x2649ed9*) returned 1394 [0201.552] DecryptMessage (in: phContext=0x2634240, pMessage=0x26bef80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26bef80, pfQOP=0x0) returned 0x0 [0201.552] recv (in: s=0x600, buf=0x2649ed4, len=5, flags=0 | out: buf=0x2649ed4*) returned 5 [0201.552] recv (in: s=0x600, buf=0x2649ed9, len=775, flags=0 | out: buf=0x2649ed9*) returned 775 [0201.552] DecryptMessage (in: phContext=0x2634240, pMessage=0x26bf094, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26bf094, pfQOP=0x0) returned 0x0 [0201.553] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdcb4*=0x4e0, lpdwindex=0x4fdaf8 | out: lpdwindex=0x4fdaf8) returned 0x80010115 [0201.554] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdc94*=0x4d0, lpdwindex=0x4fdad8 | out: lpdwindex=0x4fdad8) returned 0x80010115 [0201.554] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdc94*=0x4d8, lpdwindex=0x4fdad8 | out: lpdwindex=0x4fdad8) returned 0x80010115 [0201.555] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdce4*=0x500, lpdwindex=0x4fdb28 | out: lpdwindex=0x4fdb28) returned 0x80010115 [0201.555] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdce4*=0x508, lpdwindex=0x4fdb28 | out: lpdwindex=0x4fdb28) returned 0x80010115 [0201.555] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdce4*=0x510, lpdwindex=0x4fdb28 | out: lpdwindex=0x4fdb28) returned 0x80010115 [0201.556] select (in: nfds=0, readfds=0x26c1238, writefds=0x0, exceptfds=0x0, timeout=0x4fe51c*(tv_sec=0, tv_usec=0) | out: readfds=0x26c1238, writefds=0x0, exceptfds=0x0) returned 0 [0201.556] EncryptMessage (in: phContext=0x26643e4, fQOP=0x0, pMessage=0x26c153c, MessageSeqNo=0x0 | out: pMessage=0x26c153c) returned 0x0 [0201.556] send (s=0x714, buf=0x263b248*, len=128, flags=0) returned 128 [0201.556] setsockopt (s=0x714, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0201.556] recv (in: s=0x714, buf=0x2645e90, len=5, flags=0 | out: buf=0x2645e90*) returned 5 [0201.566] recv (in: s=0x714, buf=0x2645e95, len=928, flags=0 | out: buf=0x2645e95*) returned 928 [0201.566] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26c1664, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26c1664, pfQOP=0x0) returned 0x0 [0201.567] setsockopt (s=0x714, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0201.567] recv (in: s=0x714, buf=0x2645e90, len=5, flags=0 | out: buf=0x2645e90*) returned 5 [0201.567] recv (in: s=0x714, buf=0x2645e95, len=29, flags=0 | out: buf=0x2645e95*) returned 29 [0201.568] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26c2c1c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26c2c1c, pfQOP=0x0) returned 0x0 [0201.568] QueryPerformanceCounter (in: lpPerformanceCount=0x4fe668 | out: lpPerformanceCount=0x4fe668*=2733932100896) returned 1 [0201.568] SetEvent (hEvent=0x3cc) returned 1 [0201.568] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdea4*=0x4e0, lpdwindex=0x4fdce8 | out: lpdwindex=0x4fdce8) returned 0x80010115 [0201.569] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fde84*=0x4d0, lpdwindex=0x4fdcc8 | out: lpdwindex=0x4fdcc8) returned 0x80010115 [0201.569] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fde84*=0x4d8, lpdwindex=0x4fdcc8 | out: lpdwindex=0x4fdcc8) returned 0x80010115 [0201.569] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fded4*=0x500, lpdwindex=0x4fdd18 | out: lpdwindex=0x4fdd18) returned 0x80010115 [0201.570] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fded4*=0x508, lpdwindex=0x4fdd18 | out: lpdwindex=0x4fdd18) returned 0x80010115 [0201.570] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fded4*=0x510, lpdwindex=0x4fdd18 | out: lpdwindex=0x4fdd18) returned 0x80010115 [0201.570] select (in: nfds=0, readfds=0x26c3750, writefds=0x0, exceptfds=0x0, timeout=0x4fe51c*(tv_sec=0, tv_usec=0) | out: readfds=0x26c3750, writefds=0x0, exceptfds=0x0) returned 0 [0201.571] EncryptMessage (in: phContext=0x2634240, fQOP=0x0, pMessage=0x26c39c4, MessageSeqNo=0x0 | out: pMessage=0x26c39c4) returned 0x0 [0201.571] send (s=0x600, buf=0x263c66c*, len=105, flags=0) returned 105 [0201.571] recv (in: s=0x600, buf=0x2649ed4, len=5, flags=0 | out: buf=0x2649ed4*) returned 5 [0201.579] recv (in: s=0x600, buf=0x2649ed9, len=1394, flags=0 | out: buf=0x2649ed9*) returned 1394 [0201.580] DecryptMessage (in: phContext=0x2634240, pMessage=0x26c3aec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26c3aec, pfQOP=0x0) returned 0x0 [0201.580] recv (in: s=0x600, buf=0x2649ed4, len=5, flags=0 | out: buf=0x2649ed4*) returned 5 [0201.580] recv (in: s=0x600, buf=0x2649ed9, len=1394, flags=0 | out: buf=0x2649ed9*) returned 1394 [0201.580] DecryptMessage (in: phContext=0x2634240, pMessage=0x26c4550, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26c4550, pfQOP=0x0) returned 0x0 [0201.581] recv (in: s=0x600, buf=0x2649ed4, len=5, flags=0 | out: buf=0x2649ed4*) returned 5 [0201.581] recv (in: s=0x600, buf=0x2649ed9, len=763, flags=0 | out: buf=0x2649ed9*) returned 763 [0201.581] DecryptMessage (in: phContext=0x2634240, pMessage=0x26c4664, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26c4664, pfQOP=0x0) returned 0x0 [0201.582] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdcb4*=0x4e0, lpdwindex=0x4fdaf8 | out: lpdwindex=0x4fdaf8) returned 0x80010115 [0201.582] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdc94*=0x4d0, lpdwindex=0x4fdad8 | out: lpdwindex=0x4fdad8) returned 0x80010115 [0201.582] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdc94*=0x4d8, lpdwindex=0x4fdad8 | out: lpdwindex=0x4fdad8) returned 0x80010115 [0201.583] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdce4*=0x500, lpdwindex=0x4fdb28 | out: lpdwindex=0x4fdb28) returned 0x80010115 [0201.583] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdce4*=0x508, lpdwindex=0x4fdb28 | out: lpdwindex=0x4fdb28) returned 0x80010115 [0201.584] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdce4*=0x510, lpdwindex=0x4fdb28 | out: lpdwindex=0x4fdb28) returned 0x80010115 [0201.584] select (in: nfds=0, readfds=0x26c67c0, writefds=0x0, exceptfds=0x0, timeout=0x4fe51c*(tv_sec=0, tv_usec=0) | out: readfds=0x26c67c0, writefds=0x0, exceptfds=0x0) returned 0 [0201.584] EncryptMessage (in: phContext=0x26643e4, fQOP=0x0, pMessage=0x26c6aac, MessageSeqNo=0x0 | out: pMessage=0x26c6aac) returned 0x0 [0201.584] send (s=0x714, buf=0x263b248*, len=116, flags=0) returned 116 [0201.585] setsockopt (s=0x714, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0201.585] recv (in: s=0x714, buf=0x2645e90, len=5, flags=0 | out: buf=0x2645e90*) returned 5 [0201.710] recv (in: s=0x714, buf=0x2645e95, len=929, flags=0 | out: buf=0x2645e95*) returned 929 [0201.710] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26c6bc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26c6bc0, pfQOP=0x0) returned 0x0 [0201.710] setsockopt (s=0x714, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0201.710] recv (in: s=0x714, buf=0x2645e90, len=5, flags=0 | out: buf=0x2645e90*) returned 5 [0201.711] recv (in: s=0x714, buf=0x2645e95, len=90, flags=0 | out: buf=0x2645e95*) returned 90 [0201.711] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26c81b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26c81b8, pfQOP=0x0) returned 0x0 [0201.712] GetUserNameW (in: lpBuffer=0x4fe4b8, pcbBuffer=0x4fe730 | out: lpBuffer="OqXZRaykm", pcbBuffer=0x4fe730) returned 1 [0201.715] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2e [0201.715] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe", nBufferLength=0x2e, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe", lpFilePart=0x0) returned 0x2d [0201.716] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4fe608) returned 1 [0201.716] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\cfg.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x734 [0201.717] GetFileType (hFile=0x734) returned 0x1 [0201.717] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4fe604) returned 1 [0201.717] GetFileType (hFile=0x734) returned 0x1 [0201.722] QueryPerformanceCounter (in: lpPerformanceCount=0x4fe688 | out: lpPerformanceCount=0x4fe688*=2733947496032) returned 1 [0201.724] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdec4*=0x4e0, lpdwindex=0x4fdd08 | out: lpdwindex=0x4fdd08) returned 0x80010115 [0201.724] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdea4*=0x4d0, lpdwindex=0x4fdce8 | out: lpdwindex=0x4fdce8) returned 0x80010115 [0201.725] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdea4*=0x4d8, lpdwindex=0x4fdce8 | out: lpdwindex=0x4fdce8) returned 0x80010115 [0201.725] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdef4*=0x500, lpdwindex=0x4fdd38 | out: lpdwindex=0x4fdd38) returned 0x80010115 [0201.725] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdef4*=0x508, lpdwindex=0x4fdd38 | out: lpdwindex=0x4fdd38) returned 0x80010115 [0201.726] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x4fdef4*=0x510, lpdwindex=0x4fdd38 | out: lpdwindex=0x4fdd38) returned 0x80010115 [0201.726] select (in: nfds=0, readfds=0x26c95e4, writefds=0x0, exceptfds=0x0, timeout=0x4fe53c*(tv_sec=0, tv_usec=0) | out: readfds=0x26c95e4, writefds=0x0, exceptfds=0x0) returned 0 [0201.728] EncryptMessage (in: phContext=0x2634240, fQOP=0x0, pMessage=0x26ca908, MessageSeqNo=0x0 | out: pMessage=0x26ca908) returned 0x0 [0201.736] CoTaskMemAlloc (cb=0x20c) returned 0x85edb0 [0201.736] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Threading.OverlappedData_Disabled", lpBuffer=0x85edb0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0201.736] CoTaskMemFree (pv=0x85edb0) [0201.736] CoTaskMemAlloc (cb=0x20c) returned 0x85edb0 [0201.736] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Threading.OverlappedData_MinCount", lpBuffer=0x85edb0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0201.736] CoTaskMemFree (pv=0x85edb0) [0201.739] EtwEventRegister (in: ProviderId=0x26cbaf0, EnableCallback=0x22e0696, CallbackContext=0x0, RegHandle=0x26cbacc | out: RegHandle=0x26cbacc) returned 0x0 [0201.739] EtwEventSetInformation (RegHandle=0x838ba8, InformationClass=0x98, EventInformation=0x2, InformationLength=0x26cba94) returned 0x0 [0201.742] WSASend (in: s=0x600, lpBuffers=0x26caa04*=((len=0x6f, buf=0x263c66c*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x4fe338, dwFlags=0x0, lpOverlapped=0x26cbd04, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x4fe338*=0x6f, lpOverlapped=0x26cbd04) returned 0 [0202.002] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0202.003] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0202.003] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0202.003] GetMessageW (in: lpMsg=0x4ff464, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x4ff464) returned 1 [0202.004] TranslateMessage (lpMsg=0x4ff464) returned 0 [0202.004] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0202.004] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0202.026] GetStockObject (i=5) returned 0x900015 [0202.026] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0202.026] CoCreateGuid (in: pguid=0x4fec24 | out: pguid=0x4fec24*(Data1=0x1ac06064, Data2=0xff2e, Data3=0x4fe8, Data4=([0]=0x8a, [1]=0x4f, [2]=0x75, [3]=0xef, [4]=0x2c, [5]=0xbd, [6]=0x99, [7]=0xd1))) returned 0x0 [0202.027] CoTaskMemAlloc (cb=0x2) returned 0x820b80 [0202.027] CoTaskMemAlloc (cb=0x82) returned 0x81e040 [0202.027] RegisterClassExW (param_1=0x4feb9c) returned 0xc1ed [0202.028] CoTaskMemFree (pv=0x820b80) [0202.028] CoTaskMemFree (pv=0x81e040) [0202.028] CreateWindowExW (dwExStyle=0xc0008, lpClassName="HwndWrapper[Installer.exe;;1ac06064-ff2e-4fe8-8a4f-75ef2cbd99d1]", lpWindowName="MainWindow", dwStyle=0x2080000, X=-2147483648, Y=-2147483648, nWidth=-2147483648, nHeight=-2147483648, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x90064 [0202.041] GetMessageTime () returned 27016875 [0202.056] GetMessageTime () returned 27016875 [0202.056] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x81, wParam=0x0, lParam=0x4fe6b8) returned 0x1 [0202.056] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x81, wParam=0x0, lParam=0x4fe6b8) returned 0x1 [0202.060] GetMessageTime () returned 27016875 [0202.060] GetMessageTime () returned 27016875 [0202.063] GetMessageTime () returned 27016875 [0202.063] GetMessageTime () returned 27016875 [0202.063] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x1, wParam=0x0, lParam=0x4fe6b8) returned 0x0 [0202.063] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x1, wParam=0x0, lParam=0x4fe6b8) returned 0x0 [0202.070] GetProcessWindowStation () returned 0x130 [0202.071] GetUserObjectInformationA (in: hObj=0x130, nIndex=1, pvInfo=0x26d15f0, nLength=0xc, lpnLengthNeeded=0x4fe4cc | out: pvInfo=0x26d15f0, lpnLengthNeeded=0x4fe4cc) returned 1 [0202.072] QueryPerformanceFrequency (in: lpFrequency=0x627aa8 | out: lpFrequency=0x627aa8*=100000000) returned 1 [0202.072] QueryPerformanceCounter (in: lpPerformanceCount=0x4fe4e4 | out: lpPerformanceCount=0x4fe4e4*=2733982514150) returned 1 [0202.073] GetCurrentProcessId () returned 0x75c [0202.073] ProcessIdToSessionId (in: dwProcessId=0x75c, pSessionId=0x4febcc | out: pSessionId=0x4febcc) returned 1 [0202.458] WTSQuerySessionInformationW (in: hServer=0x0, SessionId=0x1, WTSInfoClass=0x8, ppBuffer=0x4febb0, pBytesReturned=0x4febac | out: ppBuffer=0x4febb0*="", pBytesReturned=0x4febac) returned 1 [0202.552] WTSFreeMemory (pMemory=0x820b80) [0202.552] GetWindowThreadProcessId (in: hWnd=0x90064, lpdwProcessId=0x4febc8 | out: lpdwProcessId=0x4febc8) returned 0x29c [0202.553] IsWindow (hWnd=0x90064) returned 1 [0202.553] GetCurrentProcessId () returned 0x75c [0202.553] GetCurrentThreadId () returned 0x29c [0202.555] GetStockObject (i=5) returned 0x900015 [0202.555] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0202.555] CoCreateGuid (in: pguid=0x4fea98 | out: pguid=0x4fea98*(Data1=0xe22e3de9, Data2=0xa3d3, Data3=0x4f9a, Data4=([0]=0xa7, [1]=0x3b, [2]=0x84, [3]=0xb6, [4]=0xe4, [5]=0x29, [6]=0xd4, [7]=0x2a))) returned 0x0 [0202.556] CoTaskMemAlloc (cb=0x2) returned 0x820cb0 [0202.556] CoTaskMemAlloc (cb=0x82) returned 0x81dc50 [0202.556] RegisterClassExW (param_1=0x4fea10) returned 0xc1ee [0202.557] CoTaskMemFree (pv=0x820cb0) [0202.557] CoTaskMemFree (pv=0x81dc50) [0202.557] CreateWindowExW (dwExStyle=0x0, lpClassName="HwndWrapper[Installer.exe;;e22e3de9-a3d3-4f9a-a73b-84b6e429d42a]", lpWindowName="", dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x90052 [0202.559] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90052, Msg=0x24, wParam=0x0, lParam=0x4fe534) returned 0x0 [0202.559] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90052, Msg=0x24, wParam=0x0, lParam=0x4fe534) returned 0x0 [0202.560] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90052, Msg=0x81, wParam=0x0, lParam=0x4fe528) returned 0x1 [0202.560] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90052, Msg=0x81, wParam=0x0, lParam=0x4fe528) returned 0x1 [0202.567] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90052, Msg=0x83, wParam=0x0, lParam=0x4fe514) returned 0x0 [0202.567] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90052, Msg=0x83, wParam=0x0, lParam=0x4fe514) returned 0x0 [0202.568] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90052, Msg=0x1, wParam=0x0, lParam=0x4fe528) returned 0x0 [0202.568] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90052, Msg=0x1, wParam=0x0, lParam=0x4fe528) returned 0x0 [0202.572] RegisterPowerSettingNotification (hRecipient=0x90052, PowerSettingGuid=0x4feb88, Flags=0x0) returned 0x841e98 [0202.693] WTSRegisterSessionNotification (hWnd=0x90064, dwFlags=0x0) returned 1 [0202.702] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0202.703] GetClientRect (in: hWnd=0x90064, lpRect=0x4febc0 | out: lpRect=0x4febc0) returned 1 [0202.703] ClientToScreen (in: hWnd=0x90064, lpPoint=0x26f1a8c | out: lpPoint=0x26f1a8c) returned 1 [0202.703] ClientToScreen (in: hWnd=0x90064, lpPoint=0x26f1a9c | out: lpPoint=0x26f1a9c) returned 1 [0202.704] GetWindowThreadProcessId (in: hWnd=0x90064, lpdwProcessId=0x4feb38 | out: lpdwProcessId=0x4feb38) returned 0x29c [0202.704] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x75c) returned 0x780 [0202.704] GetProcessDpiAwareness () returned 0x0 [0202.704] CloseHandle (hObject=0x780) returned 1 [0202.705] GetDpiForSystem () returned 0x60 [0202.706] GetWindowDpiAwarenessContext () returned 0x6011 [0202.708] AreDpiAwarenessContextsEqual () returned 0x0 [0202.708] AreDpiAwarenessContextsEqual () returned 0x0 [0202.708] AreDpiAwarenessContextsEqual () returned 0x1 [0202.712] GetDpiForWindow () returned 0x60 [0202.715] QueryPerformanceCounter (in: lpPerformanceCount=0x26f1ca0 | out: lpPerformanceCount=0x26f1ca0*=2734046836944) returned 1 [0202.716] CoCreateGuid (in: pguid=0x4feba0 | out: pguid=0x4feba0*(Data1=0xf00d0afe, Data2=0xbe95, Data3=0x4d65, Data4=([0]=0x98, [1]=0xb6, [2]=0x5d, [3]=0xe9, [4]=0x3, [5]=0x53, [6]=0x35, [7]=0x8d))) returned 0x0 [0202.717] RegisterClipboardFormatW (lpszFormat="MilChannelNotify") returned 0xc1ef [0202.717] RegisterClipboardFormatW (lpszFormat="DwmRedirectionEnvironmentChangedHint") returned 0xc1f0 [0202.719] GetStockObject (i=5) returned 0x900015 [0202.719] GetModuleHandleW (lpModuleName=0x0) returned 0x10000 [0202.720] CoCreateGuid (in: pguid=0x4feadc | out: pguid=0x4feadc*(Data1=0x859245cc, Data2=0x2d47, Data3=0x4105, Data4=([0]=0xac, [1]=0xa8, [2]=0x3f, [3]=0x69, [4]=0xce, [5]=0x33, [6]=0x55, [7]=0xe2))) returned 0x0 [0202.720] CoTaskMemAlloc (cb=0x2) returned 0x820c60 [0202.720] CoTaskMemAlloc (cb=0x82) returned 0x81dc50 [0202.720] RegisterClassExW (param_1=0x4fea54) returned 0xc1f1 [0202.720] CoTaskMemFree (pv=0x820c60) [0202.720] CoTaskMemFree (pv=0x81dc50) [0202.721] CreateWindowExW (dwExStyle=0x0, lpClassName="HwndWrapper[Installer.exe;;859245cc-2d47-4105-aca8-3f69ce3355e2]", lpWindowName="MediaContextNotificationWindow", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x0, lpParam=0x0) returned 0x601fe [0202.724] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601fe, Msg=0x81, wParam=0x0, lParam=0x4fe570) returned 0x1 [0202.724] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601fe, Msg=0x81, wParam=0x0, lParam=0x4fe570) returned 0x1 [0202.726] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601fe, Msg=0x83, wParam=0x0, lParam=0x4fe55c) returned 0x0 [0202.726] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601fe, Msg=0x83, wParam=0x0, lParam=0x4fe55c) returned 0x0 [0202.726] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601fe, Msg=0x1, wParam=0x0, lParam=0x4fe570) returned 0x0 [0202.726] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601fe, Msg=0x1, wParam=0x0, lParam=0x4fe570) returned 0x0 [0202.727] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601fe, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0202.727] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601fe, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0 [0202.728] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601fe, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0202.728] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601fe, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0 [0202.731] GetModuleHandleW (lpModuleName="user32.dll") returned 0x769d0000 [0202.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="ChangeWindowMessageFilter", cchWideChar=25, lpMultiByteStr=0x4feae8, cbMultiByte=27, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ChangeWindowMessageFilter{\x0bmiû¹}\x84þ´o(ôO", lpUsedDefaultChar=0x0) returned 25 [0202.732] GetProcAddress (hModule=0x769d0000, lpProcName="ChangeWindowMessageFilter") returned 0x76a0d220 [0202.736] ChangeWindowMessageFilter (message=0xc1f0, dwFlag=0x1) returned 1 [0203.497] QueryPerformanceCounter (in: lpPerformanceCount=0x4feb6c | out: lpPerformanceCount=0x4feb6c*=2734125060794) returned 1 [0203.509] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0203.510] GetClientRect (in: hWnd=0x90064, lpRect=0x4fe980 | out: lpRect=0x4fe980) returned 1 [0203.510] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2705328 | out: lpPoint=0x2705328) returned 1 [0203.510] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2705338 | out: lpPoint=0x2705338) returned 1 [0203.511] GetMessageTime () returned 27016875 [0203.512] GetMessageTime () returned 27016875 [0203.512] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7c, wParam=0xffffffec, lParam=0x4fe8f4) returned 0x0 [0203.512] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7c, wParam=0xffffffec, lParam=0x4fe8f4) returned 0x0 [0203.514] GetMessageTime () returned 27016875 [0203.514] GetMessageTime () returned 27016875 [0203.514] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7d, wParam=0xffffffec, lParam=0x4fe8f4) returned 0x0 [0203.514] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7d, wParam=0xffffffec, lParam=0x4fe8f4) returned 0x0 [0203.515] GetMessageTime () returned 27016875 [0203.515] GetMessageTime () returned 27016875 [0203.515] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0203.515] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7f, wParam=0x2, lParam=0x0) returned 0x0 [0203.516] GetMessageTime () returned 27016875 [0203.516] GetMessageTime () returned 27016875 [0203.516] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0203.516] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7f, wParam=0x0, lParam=0x0) returned 0x0 [0203.516] GetMessageTime () returned 27016875 [0203.516] GetMessageTime () returned 27016875 [0203.516] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0203.516] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7f, wParam=0x1, lParam=0x0) returned 0x0 [0203.518] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0203.519] GetClientRect (in: hWnd=0x90064, lpRect=0x4feb28 | out: lpRect=0x4feb28) returned 1 [0203.519] ClientToScreen (in: hWnd=0x90064, lpPoint=0x27055ec | out: lpPoint=0x27055ec) returned 1 [0203.519] ClientToScreen (in: hWnd=0x90064, lpPoint=0x27055fc | out: lpPoint=0x27055fc) returned 1 [0203.519] GetMessageTime () returned 27016875 [0203.519] GetMessageTime () returned 27016875 [0203.519] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7c, wParam=0xffffffec, lParam=0x4fea9c) returned 0x0 [0203.519] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7c, wParam=0xffffffec, lParam=0x4fea9c) returned 0x0 [0203.521] GetMessageTime () returned 27016875 [0203.521] GetMessageTime () returned 27016875 [0203.521] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7d, wParam=0xffffffec, lParam=0x4fea9c) returned 0x0 [0203.521] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7d, wParam=0xffffffec, lParam=0x4fea9c) returned 0x0 [0203.720] SetWindowTheme () returned 0x0 [0203.721] GetMessageTime () returned 27016875 [0203.721] GetMessageTime () returned 27016875 [0203.722] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x31a, wParam=0xffffffff, lParam=0x80000001) returned 0x0 [0203.722] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x31a, wParam=0xffffffff, lParam=0x80000001) returned 0x0 [0203.728] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Avalon.Touch", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fec30 | out: phkResult=0x4fec30*=0x0) returned 0x2 [0203.755] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Wisp\\Software\\Microsoft\\Wisp\\Pen\\SysEventParameters", ulOptions=0x0, samDesired=0x20019, phkResult=0x4febcc | out: phkResult=0x4febcc*=0x0) returned 0x2 [0203.755] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Wisp\\Software\\Microsoft\\Wisp\\Touch", ulOptions=0x0, samDesired=0x20019, phkResult=0x4febcc | out: phkResult=0x4febcc*=0x0) returned 0x2 [0203.757] RegOpenKeyExW (in: hKey=0x80000000, lpSubKey="Interface\\{C247F616-BBEB-406A-AED3-F75E656599AE}", ulOptions=0x0, samDesired=0x20019, phkResult=0x4feb88 | out: phkResult=0x4feb88*=0x7e2) returned 0x0 [0203.908] RegQueryValueExW (in: hKey=0x7e2, lpValueName="", lpReserved=0x0, lpType=0x4feba8, lpData=0x0, lpcbData=0x4feba4*=0x0 | out: lpType=0x4feba8*=0x1, lpData=0x0, lpcbData=0x4feba4*=0x12) returned 0x0 [0203.908] RegQueryValueExW (in: hKey=0x7e2, lpValueName="", lpReserved=0x0, lpType=0x4feba8, lpData=0x2706df8, lpcbData=0x4feba4*=0x12 | out: lpType=0x4feba8*=0x1, lpData="ITablet2", lpcbData=0x4feba4*=0x12) returned 0x0 [0203.909] RegCloseKey (hKey=0x7e2) returned 0x0 [0203.910] GetRawInputDeviceList (in: pRawInputDeviceList=0x0, puiNumDevices=0x4febf4, cbSize=0x8 | out: pRawInputDeviceList=0x0, puiNumDevices=0x4febf4) returned 0x0 [0203.911] CoTaskMemAlloc (cb=0x20) returned 0x83b408 [0203.911] GetRawInputDeviceList (in: pRawInputDeviceList=0x83b408, puiNumDevices=0x4febf4, cbSize=0x8 | out: pRawInputDeviceList=0x83b408, puiNumDevices=0x4febf4) returned 0x4 [0203.911] CoTaskMemFree (pv=0x83b408) [0203.913] SetPropW (hWnd=0x90064, lpString="MicrosoftTabletPenServiceProperty", hData=0x1000000) returned 1 [0203.915] OleInitialize (pvReserved=0x0) returned 0x0 [0203.931] RegisterDragDrop (hwnd=0x90064, pDropTarget=0x7230030) returned 0x0 [0204.533] GetMessageTime () returned 27016875 [0204.533] GetMessageTime () returned 27016875 [0204.533] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7c, wParam=0xfffffff0, lParam=0x4fecbc) returned 0x0 [0204.533] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7c, wParam=0xfffffff0, lParam=0x4fecbc) returned 0x0 [0204.534] GetMessageTime () returned 27016875 [0204.534] GetMessageTime () returned 27016875 [0204.534] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7d, wParam=0xfffffff0, lParam=0x4fecbc) returned 0x0 [0204.534] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7d, wParam=0xfffffff0, lParam=0x4fecbc) returned 0x0 [0204.535] GetMessageTime () returned 27016875 [0204.535] GetMessageTime () returned 27016875 [0204.535] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7c, wParam=0xffffffec, lParam=0x4fecbc) returned 0x0 [0204.535] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7c, wParam=0xffffffec, lParam=0x4fecbc) returned 0x0 [0204.535] GetMessageTime () returned 27016875 [0204.536] GetMessageTime () returned 27016875 [0204.536] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7d, wParam=0xffffffec, lParam=0x4fecbc) returned 0x0 [0204.536] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7d, wParam=0xffffffec, lParam=0x4fecbc) returned 0x0 [0204.536] SetWindowPos (hWnd=0x90064, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0204.536] GetMessageTime () returned 27016875 [0204.536] GetMessageTime () returned 27016875 [0204.537] IsWindowVisible (hWnd=0x90064) returned 0 [0204.537] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0204.538] GetClientRect (in: hWnd=0x90064, lpRect=0x4fe680 | out: lpRect=0x4fe680) returned 1 [0204.538] ClientToScreen (in: hWnd=0x90064, lpPoint=0x27072f4 | out: lpPoint=0x27072f4) returned 1 [0204.538] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2707304 | out: lpPoint=0x2707304) returned 1 [0204.543] PostMessageW (hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 1 [0204.543] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x46, wParam=0x0, lParam=0x4fecd4) returned 0x0 [0204.543] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x46, wParam=0x0, lParam=0x4fecd4) returned 0x0 [0204.543] GetMessageTime () returned 27016875 [0204.543] GetMessageTime () returned 27016875 [0204.544] GetMessageTime () returned 27016875 [0204.544] GetMessageTime () returned 27016875 [0204.545] IsWindowVisible (hWnd=0x90064) returned 0 [0204.545] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x47, wParam=0x0, lParam=0x4fecd4) returned 0x0 [0204.545] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x47, wParam=0x0, lParam=0x4fecd4) returned 0x0 [0204.546] ChangeWindowMessageFilterEx (in: hwnd=0x90064, message=0xc0a7, action=0x1, pChangeFilterStruct=0x4fed70 | out: pChangeFilterStruct=0x4fed70) returned 1 [0204.551] ChangeWindowMessageFilterEx (in: hwnd=0x90064, message=0x111, action=0x1, pChangeFilterStruct=0x4fed70 | out: pChangeFilterStruct=0x4fed70) returned 1 [0204.669] GetDC (hWnd=0x0) returned 0x120108c2 [0204.670] GetDeviceCaps (hdc=0x120108c2, index=12) returned 32 [0204.670] GetDeviceCaps (hdc=0x120108c2, index=14) returned 1 [0204.670] GetSystemMetrics (nIndex=49) returned 16 [0204.670] GetSystemMetrics (nIndex=50) returned 16 [0204.670] GetSystemMetrics (nIndex=11) returned 32 [0204.670] GetSystemMetrics (nIndex=12) returned 32 [0204.670] ReleaseDC (hWnd=0x0, hDC=0x120108c2) returned 1 [0204.695] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0204.695] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0204.695] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0204.695] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0204.696] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0204.696] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0204.696] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0204.696] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0204.780] IWICBitmapSource_CopyPixels_Proxy () returned 0x0 [0205.628] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0205.628] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0205.628] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0205.629] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0205.629] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0205.630] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0205.632] IWICBitmapSource_CopyPixels_Proxy () returned 0x0 [0205.638] CreateDIBSection (in: hdc=0x0, lpbmi=0x4fe970, usage=0x0, ppvBits=0x4fe96c, hSection=0x0, offset=0x0 | out: ppvBits=0x4fe96c) returned 0x5d050660 [0205.642] CreateBitmap (nWidth=32, nHeight=32, nPlanes=0x1, nBitCount=0x1, lpBits=0x2708c78) returned 0x330505a0 [0205.643] CreateIconIndirect (piconinfo=0x4fe8b8) returned 0x13028f [0205.650] DeleteObject (ho=0x5d050660) returned 1 [0205.650] DeleteObject (ho=0x330505a0) returned 1 [0205.653] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0205.653] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0205.653] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0205.653] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0205.653] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0205.654] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0205.654] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0205.654] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0205.662] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0205.663] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0205.663] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0205.663] IWICBitmapLock_GetStride_Proxy () returned 0x0 [0205.663] IWICBitmapSource_GetSize_Proxy () returned 0x0 [0205.663] IWICBitmapLock_GetDataPointer_STA_Proxy () returned 0x0 [0205.663] IWICBitmapSource_CopyPixels_Proxy () returned 0x0 [0205.664] CreateDIBSection (in: hdc=0x0, lpbmi=0x4fe970, usage=0x0, ppvBits=0x4fe96c, hSection=0x0, offset=0x0 | out: ppvBits=0x4fe96c) returned 0x180505c4 [0205.665] CreateBitmap (nWidth=16, nHeight=16, nPlanes=0x1, nBitCount=0x1, lpBits=0x2709674) returned 0x120505b1 [0205.665] CreateIconIndirect (piconinfo=0x4fe8b8) returned 0x14036f [0205.666] DeleteObject (ho=0x180505c4) returned 1 [0205.666] DeleteObject (ho=0x120505b1) returned 1 [0205.670] SendMessageW (hWnd=0x90064, Msg=0x80, wParam=0x1, lParam=0x13028f) returned 0x0 [0205.670] GetMessageTime () returned 27016875 [0205.670] GetMessageTime () returned 27016875 [0205.670] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x80, wParam=0x1, lParam=0x13028f) returned 0x0 [0205.670] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x80, wParam=0x1, lParam=0x13028f) returned 0x0 [0205.676] SendMessageW (hWnd=0x90064, Msg=0x80, wParam=0x0, lParam=0x14036f) returned 0x0 [0205.676] GetMessageTime () returned 27016875 [0205.676] GetMessageTime () returned 27016875 [0205.676] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x80, wParam=0x0, lParam=0x14036f) returned 0x0 [0205.676] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x80, wParam=0x0, lParam=0x14036f) returned 0x0 [0205.678] GetWindowRect (in: hWnd=0x90064, lpRect=0x4fec30 | out: lpRect=0x4fec30) returned 1 [0205.690] GetCursorPos (in: lpPoint=0x2709990 | out: lpPoint=0x2709990*(x=1217, y=28)) returned 1 [0205.694] MonitorFromPoint (pt=0x4c1, dwFlags=0x1c) returned 0x10001 [0205.694] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x4fe9d8 | out: lpmi=0x4fe9d8) returned 1 [0205.696] SetWindowPos (hWnd=0x90064, hWndInsertAfter=0x0, X=585, Y=380, cx=270, cy=100, uFlags=0x14) returned 1 [0205.696] GetMessageTime () returned 27016875 [0205.696] GetMessageTime () returned 27016875 [0205.698] IsWindowVisible (hWnd=0x90064) returned 0 [0205.698] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0205.698] GetClientRect (in: hWnd=0x90064, lpRect=0x4fe560 | out: lpRect=0x4fe560) returned 1 [0205.698] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2709ab4 | out: lpPoint=0x2709ab4) returned 1 [0205.698] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2709ac4 | out: lpPoint=0x2709ac4) returned 1 [0205.699] PostMessageW (hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 1 [0205.699] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x46, wParam=0x0, lParam=0x4febb4) returned 0x0 [0205.699] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x46, wParam=0x0, lParam=0x4febb4) returned 0x0 [0205.701] GetMessageTime () returned 27016875 [0205.701] GetMessageTime () returned 27016875 [0205.701] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x24, wParam=0x0, lParam=0x4fe4bc) returned 0x0 [0205.701] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x24, wParam=0x0, lParam=0x4fe4bc) returned 0x0 [0205.702] GetMessageTime () returned 27016875 [0205.702] GetMessageTime () returned 27016875 [0205.704] GetMessageTime () returned 27016875 [0205.705] GetMessageTime () returned 27016875 [0205.705] IsWindowVisible (hWnd=0x90064) returned 0 [0205.705] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0205.705] GetClientRect (in: hWnd=0x90064, lpRect=0x4fe55c | out: lpRect=0x4fe55c) returned 1 [0205.705] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2709c20 | out: lpPoint=0x2709c20) returned 1 [0205.705] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2709c30 | out: lpPoint=0x2709c30) returned 1 [0205.706] PostMessageW (hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 1 [0205.706] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x47, wParam=0x0, lParam=0x4febb4) returned 0x0 [0205.706] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x47, wParam=0x0, lParam=0x4febb4) returned 0x0 [0205.706] GetWindowRect (in: hWnd=0x90064, lpRect=0x4fe0d0 | out: lpRect=0x4fe0d0) returned 1 [0205.707] GetMessageTime () returned 27016875 [0205.707] GetMessageTime () returned 27016875 [0205.707] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x3, wParam=0x0, lParam=0x17c0249) returned 0x0 [0205.707] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x3, wParam=0x0, lParam=0x17c0249) returned 0x0 [0205.708] GetWindowRect (in: hWnd=0x90064, lpRect=0x4fe09c | out: lpRect=0x4fe09c) returned 1 [0205.708] GetMessageTime () returned 27016875 [0205.708] GetMessageTime () returned 27016875 [0205.709] BeginPaint (in: hWnd=0x90064, lpPaint=0x4fdf3c | out: lpPaint=0x4fdf3c) returned 0x20105b0 [0205.710] GetLayeredWindowAttributes (in: hwnd=0x90064, pcrKey=0x0, pbAlpha=0x0, pdwFlags=0x0 | out: pcrKey=0x0, pbAlpha=0x0, pdwFlags=0x0) returned 0 [0205.711] EndPaint (hWnd=0x90064, lpPaint=0x4fdf3c) returned 1 [0205.711] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0205.711] GetClientRect (in: hWnd=0x90064, lpRect=0x4fde6c | out: lpRect=0x4fde6c) returned 1 [0205.711] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2709cf0 | out: lpPoint=0x2709cf0) returned 1 [0205.711] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2709d00 | out: lpPoint=0x2709d00) returned 1 [0205.712] PostMessageW (hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 1 [0205.772] WindowsCreateStringReference () returned 0x0 [0205.772] RoGetActivationFactory () returned 0x0 [0205.778] QueryInterface () returned 0x0 [0205.779] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0205.779] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0205.779] QueryInterface () returned 0x0 [0205.779] ActivationContextFactory::GetRuntimeClassName () returned 0x8000000e [0205.779] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x3 [0205.779] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::AddRef () returned 0x4 [0205.779] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0205.780] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0205.780] Release () returned 0x4 [0205.780] CoGetContextToken (in: pToken=0x4fcc28 | out: pToken=0x4fcc28) returned 0x0 [0205.780] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x80004002 [0205.782] CoGetContextToken (in: pToken=0x4fcf54 | out: pToken=0x4fcf54) returned 0x0 [0205.782] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0205.782] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x4 [0205.782] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x3 [0205.782] WindowsDeleteString () returned 0x0 [0205.782] Release () returned 0x2 [0205.782] CoGetContextToken (in: pToken=0x4fd6b4 | out: pToken=0x4fd6b4) returned 0x0 [0205.784] CoGetContextToken (in: pToken=0x4fd614 | out: pToken=0x4fd614) returned 0x0 [0205.784] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::QueryInterface () returned 0x0 [0205.784] AddRef () returned 0x4 [0205.784] Release () returned 0x3 [0205.843] IIDFromString (in: lpsz="{410B7711-FF3B-477F-9C9A-D2EFDA302DC3}", lpiid=0x4fcd54 | out: lpiid=0x4fcd54) returned 0x0 [0205.844] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::add_TracingStatusChanged () returned 0x0 [0205.911] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x0 [0205.912] ActivationContext::AddRef () returned 0x3 [0205.912] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x80004002 [0205.912] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x0 [0205.912] Release () returned 0x3 [0205.912] CoGetContextToken (in: pToken=0x4fcb08 | out: pToken=0x4fcb08) returned 0x0 [0205.912] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::QueryInterface () returned 0x80004002 [0205.915] WindowsCreateString () returned 0x0 [0205.915] ActivationContext::AddRef () returned 0x4 [0205.915] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::Release () returned 0x3 [0205.917] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::get_Enabled () returned 0x0 [0205.917] QueryPerformanceCounter (in: lpPerformanceCount=0x4fdef4 | out: lpPerformanceCount=0x4fdef4*=2734367041857) returned 1 [0205.919] SetTimer (hWnd=0x401ee, nIDEvent=0x2, uElapse=0x7d, lpTimerFunc=0x0) returned 0x2 [0206.766] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x5, wParam=0x0, lParam=0x64010e) returned 0x0 [0206.766] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x5, wParam=0x0, lParam=0x64010e) returned 0x0 [0206.768] NotifyWinEvent (event=0x6fffffff, hwnd=0x90064, idObject=0, idChild=0) [0206.772] KillTimer (hWnd=0x401ee, uIDEvent=0x2) returned 1 [0206.773] GetWindowRect (in: hWnd=0x90064, lpRect=0x4fea68 | out: lpRect=0x4fea68) returned 1 [0207.064] IsDebuggerPresent () returned 0 [0207.081] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Avalon.Xaml", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe6f8 | out: phkResult=0x4fe6f8*=0x0) returned 0x2 [0207.082] ShowWindow (hWnd=0x90064, nCmdShow=5) returned 0 [0207.082] GetMessageTime () returned 27016875 [0207.082] GetMessageTime () returned 27016875 [0207.082] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0207.082] GetClientRect (in: hWnd=0x90064, lpRect=0x4fe85c | out: lpRect=0x4fe85c) returned 1 [0207.082] ClientToScreen (in: hWnd=0x90064, lpPoint=0x27108f8 | out: lpPoint=0x27108f8) returned 1 [0207.082] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2710908 | out: lpPoint=0x2710908) returned 1 [0207.106] BeginPaint (in: hWnd=0x90064, lpPaint=0x4fe8d8 | out: lpPaint=0x4fe8d8) returned 0x20105b0 [0207.106] GetLayeredWindowAttributes (in: hwnd=0x90064, pcrKey=0x0, pbAlpha=0x0, pdwFlags=0x0 | out: pcrKey=0x0, pbAlpha=0x0, pdwFlags=0x0) returned 0 [0207.109] EndPaint (hWnd=0x90064, lpPaint=0x4fe8d8) returned 1 [0207.109] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0207.109] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x18, wParam=0x1, lParam=0x0) returned 0x0 [0207.109] GetMessageTime () returned 27016875 [0207.109] GetMessageTime () returned 27016875 [0207.110] IsWindowVisible (hWnd=0x90064) returned 0 [0207.110] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0207.110] GetClientRect (in: hWnd=0x90064, lpRect=0x4fe7f0 | out: lpRect=0x4fe7f0) returned 1 [0207.110] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2710960 | out: lpPoint=0x2710960) returned 1 [0207.110] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2710970 | out: lpPoint=0x2710970) returned 1 [0207.113] PostMessageW (hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 1 [0207.113] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x46, wParam=0x0, lParam=0x4fee44) returned 0x0 [0207.113] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x46, wParam=0x0, lParam=0x4fee44) returned 0x0 [0207.134] GetMessageTime () returned 27016875 [0207.134] GetMessageTime () returned 27016875 [0207.134] IsWindowVisible (hWnd=0x90064) returned 1 [0207.134] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0207.134] GetClientRect (in: hWnd=0x90064, lpRect=0x4fe7f0 | out: lpRect=0x4fe7f0) returned 1 [0207.134] ClientToScreen (in: hWnd=0x90064, lpPoint=0x27109c8 | out: lpPoint=0x27109c8) returned 1 [0207.134] ClientToScreen (in: hWnd=0x90064, lpPoint=0x27109d8 | out: lpPoint=0x27109d8) returned 1 [0207.156] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x46, wParam=0x0, lParam=0x4fee44) returned 0x0 [0207.156] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x46, wParam=0x0, lParam=0x4fee44) returned 0x0 [0207.157] GetMessageTime () returned 27016875 [0207.157] GetMessageTime () returned 27016875 [0207.157] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0207.157] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0207.157] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601fe, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0207.157] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601fe, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0207.157] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90052, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0207.157] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90052, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0207.158] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x8006c, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0207.158] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x8006c, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0207.159] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601f4, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0207.159] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601f4, Msg=0x1c, wParam=0x1, lParam=0x0) returned 0x0 [0207.159] GetMessageTime () returned 27016875 [0207.159] GetMessageTime () returned 27016875 [0207.159] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0207.159] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x86, wParam=0x0, lParam=0x0) returned 0x1 [0207.160] GetMessageTime () returned 27016875 [0207.160] GetMessageTime () returned 27016875 [0207.161] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x6, wParam=0x1, lParam=0x0) returned 0x0 [0207.161] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x6, wParam=0x1, lParam=0x0) returned 0x0 [0207.497] GetMessageTime () returned 27016875 [0207.497] GetMessageTime () returned 27016875 [0207.497] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0207.497] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x281, wParam=0x1, lParam=0xc000000f) returned 0x0 [0207.508] GetMessageTime () returned 27016875 [0207.508] GetMessageTime () returned 27016875 [0207.508] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0207.508] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x282, wParam=0x2, lParam=0x0) returned 0x0 [0207.508] GetMessageTime () returned 27016875 [0207.509] GetMessageTime () returned 27016875 [0207.512] GetMessageExtraInfo () returned 0x0 [0207.518] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\CTF", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe168 | out: phkResult=0x4fe168*=0x91c) returned 0x0 [0207.518] RegQueryValueExW (in: hKey=0x91c, lpValueName="Disable Thread Input Manager", lpReserved=0x0, lpType=0x4fe184, lpData=0x0, lpcbData=0x4fe180*=0x0 | out: lpType=0x4fe184*=0x0, lpData=0x0, lpcbData=0x4fe180*=0x0) returned 0x2 [0207.519] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\CTF\\TIP", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe148 | out: phkResult=0x4fe148*=0x920) returned 0x0 [0207.520] RegQueryInfoKeyW (in: hKey=0x920, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x4fe16c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x4fe168, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x4fe16c*=0x14, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x4fe168*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.520] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x0, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{0000897b-83df-4b96-be07-0fb58b01c4a4}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.520] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x1, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{03b5835f-f03c-411b-9ce2-aa23e1171e36}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.520] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x2, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{07EB03D6-B001-41DF-9192-BF9B841EE71F}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.520] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x3, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{531fdebf-9b4c-4a43-a2aa-960e8fcdc732}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.521] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x4, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{6a498709-e00b-4c45-a018-8f9e4081ae40}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.521] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x5, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.521] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x6, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{7C472071-36A7-4709-88CC-859513E583A9}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.521] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x7, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{81d4e9c9-1d3b-41bc-9e6c-4b40bf79e35e}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.521] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x8, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{81EA0A17-AA39-455B-BA20-EA79A8F98966}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.521] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x9, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{8613E14C-D0C0-4161-AC0F-1DD2563286BC}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.521] RegEnumKeyExW (in: hKey=0x920, dwIndex=0xa, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{a028ae76-01b1-46c2-99c4-acd9858ae02f}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.522] RegEnumKeyExW (in: hKey=0x920, dwIndex=0xb, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{a1e2b86b-924a-4d43-80f6-8a820df7190f}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.523] RegEnumKeyExW (in: hKey=0x920, dwIndex=0xc, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{AE6BE008-07FB-400D-8BEB-337A64F7051F}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.523] RegEnumKeyExW (in: hKey=0x920, dwIndex=0xd, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{B115690A-EA02-48D5-A231-E3578D2FDF80}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.523] RegEnumKeyExW (in: hKey=0x920, dwIndex=0xe, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.523] RegEnumKeyExW (in: hKey=0x920, dwIndex=0xf, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{C2CB2CF0-AF47-413E-9780-8BC3A3C16068}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.523] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x10, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.523] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x11, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.523] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x12, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.523] RegEnumKeyExW (in: hKey=0x920, dwIndex=0x13, lpName=0x2711a34, lpcchName=0x4fe188, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}", lpcchName=0x4fe188, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.524] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe108 | out: phkResult=0x4fe108*=0x0) returned 0x2 [0207.525] RegOpenKeyExW (in: hKey=0x920, lpSubKey="{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe108 | out: phkResult=0x4fe108*=0x924) returned 0x0 [0207.525] RegQueryInfoKeyW (in: hKey=0x924, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x4fe12c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x4fe128, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x4fe12c*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x4fe128*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.525] RegEnumKeyExW (in: hKey=0x924, dwIndex=0x0, lpName=0x271291c, lpcchName=0x4fe148, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="0x00000000", lpcchName=0x4fe148, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.525] CoTaskMemFree (pv=0x0) [0207.525] RegOpenKeyExW (in: hKey=0x924, lpSubKey="0x00000000", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0d8 | out: phkResult=0x4fe0d8*=0x928) returned 0x0 [0207.527] RegQueryInfoKeyW (in: hKey=0x928, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x4fe0fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x4fe0f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x4fe0fc*=0x1, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x4fe0f8*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.527] RegEnumKeyExW (in: hKey=0x928, dwIndex=0x0, lpName=0x2712ca0, lpcchName=0x4fe118, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{0001bea3-ed56-483d-a2e2-aeae25577436}", lpcchName=0x4fe118, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0207.527] CoTaskMemFree (pv=0x0) [0207.527] RegOpenKeyExW (in: hKey=0x928, lpSubKey="{0001bea3-ed56-483d-a2e2-aeae25577436}", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fe0c4 | out: phkResult=0x4fe0c4*=0x92c) returned 0x0 [0207.527] RegQueryValueExW (in: hKey=0x92c, lpValueName="Enable", lpReserved=0x0, lpType=0x4fe0e4, lpData=0x0, lpcbData=0x4fe0e0*=0x0 | out: lpType=0x4fe0e4*=0x4, lpData=0x0, lpcbData=0x4fe0e0*=0x4) returned 0x0 [0207.528] RegQueryValueExW (in: hKey=0x92c, lpValueName="Enable", lpReserved=0x0, lpType=0x4fe0e4, lpData=0x4fe0d0, lpcbData=0x4fe0e0*=0x4 | out: lpType=0x4fe0e4*=0x4, lpData=0x4fe0d0*=0x1, lpcbData=0x4fe0e0*=0x4) returned 0x0 [0207.624] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0207.625] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0207.629] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0207.630] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0207.630] GetFocus () returned 0x90064 [0207.631] GetFocus () returned 0x90064 [0207.631] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0207.641] TF_CreateThreadMgr () returned 0x0 [0207.641] CoGetContextToken (in: pToken=0x4fd55c | out: pToken=0x4fd55c) returned 0x0 [0207.642] CObjectContext::QueryInterface () returned 0x0 [0207.642] CObjectContext::GetCurrentApartmentType () returned 0x0 [0207.642] Release () returned 0x0 [0207.643] CoGetObjectContext (in: riid=0x6fb62b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x9d20a4c | out: ppv=0x9d20a4c*=0x7c4378) returned 0x0 [0207.645] CoGetContextToken (in: pToken=0x4fd96c | out: pToken=0x4fd96c) returned 0x0 [0207.646] CoGetContextToken (in: pToken=0x4fdf3c | out: pToken=0x4fdf3c) returned 0x0 [0207.646] CoGetContextToken (in: pToken=0x4fde9c | out: pToken=0x4fde9c) returned 0x0 [0207.650] CoGetContextToken (in: pToken=0x4fd56c | out: pToken=0x4fd56c) returned 0x0 [0207.650] CoGetContextToken (in: pToken=0x4fd97c | out: pToken=0x4fd97c) returned 0x0 [0207.651] CoGetContextToken (in: pToken=0x4fdf4c | out: pToken=0x4fdf4c) returned 0x0 [0207.651] CoGetContextToken (in: pToken=0x4fdeac | out: pToken=0x4fdeac) returned 0x0 [0207.794] CoGetContextToken (in: pToken=0x4fd558 | out: pToken=0x4fd558) returned 0x0 [0207.794] CoGetContextToken (in: pToken=0x4fd96c | out: pToken=0x4fd96c) returned 0x0 [0207.794] CoGetContextToken (in: pToken=0x4fdf3c | out: pToken=0x4fdf3c) returned 0x0 [0207.794] CoGetContextToken (in: pToken=0x4fde9c | out: pToken=0x4fde9c) returned 0x0 [0207.794] CoGetContextToken (in: pToken=0x4fdfe4 | out: pToken=0x4fdfe4) returned 0x0 [0207.797] CoGetContextToken (in: pToken=0x4fe04c | out: pToken=0x4fe04c) returned 0x0 [0207.797] CoGetContextToken (in: pToken=0x4fdfac | out: pToken=0x4fdfac) returned 0x0 [0207.797] CoGetContextToken (in: pToken=0x4fdf0c | out: pToken=0x4fdf0c) returned 0x0 [0207.804] CoGetContextToken (in: pToken=0x4fd530 | out: pToken=0x4fd530) returned 0x0 [0207.804] CoGetContextToken (in: pToken=0x4fd944 | out: pToken=0x4fd944) returned 0x0 [0207.804] CoGetContextToken (in: pToken=0x4fdf14 | out: pToken=0x4fdf14) returned 0x0 [0207.804] CoGetContextToken (in: pToken=0x4fde74 | out: pToken=0x4fde74) returned 0x0 [0207.887] CoGetContextToken (in: pToken=0x4fdfac | out: pToken=0x4fdfac) returned 0x0 [0207.887] CoGetContextToken (in: pToken=0x4fdf0c | out: pToken=0x4fdf0c) returned 0x0 [0207.898] CoGetContextToken (in: pToken=0x4fe014 | out: pToken=0x4fe014) returned 0x0 [0207.899] CoGetContextToken (in: pToken=0x4fe014 | out: pToken=0x4fe014) returned 0x0 [0207.916] ImmGetDefaultIMEWnd () returned 0x60048 [0207.916] ImmGetContext () returned 0x150249 [0207.917] ImmReleaseContext () returned 0x1 [0207.917] ImmAssociateContext () returned 0x150249 [0207.917] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0207.918] GetCurrentThreadId () returned 0x29c [0207.925] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0208.642] CoTaskMemAlloc (cb=0x20c) returned 0x86cba0 [0208.642] GetEnvironmentVariableW (in: lpName="COMPLUS_Version", lpBuffer=0x86cba0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0208.642] CoTaskMemFree (pv=0x86cba0) [0208.649] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Net Framework Setup\\NDP\\v4\\Client", ulOptions=0x0, samDesired=0x20019, phkResult=0x4fbb38 | out: phkResult=0x4fbb38*=0x940) returned 0x0 [0208.649] RegQueryValueExW (in: hKey=0x940, lpValueName="InstallPath", lpReserved=0x0, lpType=0x4fbb54, lpData=0x0, lpcbData=0x4fbb50*=0x0 | out: lpType=0x4fbb54*=0x1, lpData=0x0, lpcbData=0x4fbb50*=0x5e) returned 0x0 [0208.649] RegQueryValueExW (in: hKey=0x940, lpValueName="InstallPath", lpReserved=0x0, lpType=0x4fbb54, lpData=0x2715030, lpcbData=0x4fbb50*=0x5e | out: lpType=0x4fbb54*=0x1, lpData="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpcbData=0x4fbb50*=0x5e) returned 0x0 [0208.650] RegCloseKey (hKey=0x940) returned 0x0 [0208.740] LoadLibraryW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WPF\\PresentationNative_v0400.dll") returned 0x6aa90000 [0209.006] UiaGetReservedMixedAttributeValue () returned 0x0 [0209.012] CoGetContextToken (in: pToken=0x4fc4d0 | out: pToken=0x4fc4d0) returned 0x0 [0209.044] UiaGetReservedNotSupportedValue () returned 0x0 [0209.044] CoGetContextToken (in: pToken=0x4fc4d0 | out: pToken=0x4fc4d0) returned 0x0 [0209.045] GetFocus () returned 0x90064 [0209.049] GetMessageTime () returned 27016875 [0209.049] GetMessageTime () returned 27016875 [0209.049] IsWindowVisible (hWnd=0x90064) returned 1 [0209.049] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x47, wParam=0x0, lParam=0x4fee44) returned 0x0 [0209.049] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x47, wParam=0x0, lParam=0x4fee44) returned 0x0 [0209.050] GetWindowRect (in: hWnd=0x90064, lpRect=0x4fea38 | out: lpRect=0x4fea38) returned 1 [0209.050] GetMessageTime () returned 27016875 [0209.050] GetMessageTime () returned 27016875 [0209.050] GetWindowRect (in: hWnd=0x90064, lpRect=0x4fea50 | out: lpRect=0x4fea50) returned 1 [0209.050] BeginPaint (in: hWnd=0x90064, lpPaint=0x4fe8d8 | out: lpPaint=0x4fe8d8) returned 0x120108c2 [0209.051] GetLayeredWindowAttributes (in: hwnd=0x90064, pcrKey=0x0, pbAlpha=0x0, pdwFlags=0x0 | out: pcrKey=0x0, pbAlpha=0x0, pdwFlags=0x0) returned 0 [0209.052] EndPaint (hWnd=0x90064, lpPaint=0x4fe8d8) returned 1 [0209.052] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0209.052] GetClientRect (in: hWnd=0x90064, lpRect=0x4fe808 | out: lpRect=0x4fe808) returned 1 [0209.052] ClientToScreen (in: hWnd=0x90064, lpPoint=0x271e7a0 | out: lpPoint=0x271e7a0) returned 1 [0209.052] ClientToScreen (in: hWnd=0x90064, lpPoint=0x271e7b0 | out: lpPoint=0x271e7b0) returned 1 [0209.052] QueryPerformanceCounter (in: lpPerformanceCount=0x4fe890 | out: lpPerformanceCount=0x4fe890*=2734680557730) returned 1 [0209.090] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x5, wParam=0x0, lParam=0x64010e) returned 0x0 [0209.090] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x5, wParam=0x0, lParam=0x64010e) returned 0x0 [0209.090] GetWindowRect (in: hWnd=0x90064, lpRect=0x4fea6c | out: lpRect=0x4fea6c) returned 1 [0209.090] GetMessageTime () returned 27016875 [0209.090] GetMessageTime () returned 27016875 [0209.090] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x3, wParam=0x0, lParam=0x17c0249) returned 0x0 [0209.090] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x3, wParam=0x0, lParam=0x17c0249) returned 0x0 [0209.091] GetMessageTime () returned 27016875 [0209.091] GetMessageTime () returned 27016875 [0209.091] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7c, wParam=0xfffffff0, lParam=0x4fedb4) returned 0x0 [0209.091] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7c, wParam=0xfffffff0, lParam=0x4fedb4) returned 0x0 [0209.092] GetMessageTime () returned 27016875 [0209.092] GetMessageTime () returned 27016875 [0209.092] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7d, wParam=0xfffffff0, lParam=0x4fedb4) returned 0x0 [0209.092] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7d, wParam=0xfffffff0, lParam=0x4fedb4) returned 0x0 [0209.092] GetMessageTime () returned 27016875 [0209.092] GetMessageTime () returned 27016875 [0209.093] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7c, wParam=0xffffffec, lParam=0x4fedb4) returned 0x0 [0209.093] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7c, wParam=0xffffffec, lParam=0x4fedb4) returned 0x0 [0209.093] GetMessageTime () returned 27016875 [0209.094] GetMessageTime () returned 27016875 [0209.094] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7d, wParam=0xffffffec, lParam=0x4fedb4) returned 0x0 [0209.094] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7d, wParam=0xffffffec, lParam=0x4fedb4) returned 0x0 [0209.094] SetWindowPos (hWnd=0x90064, hWndInsertAfter=0x0, X=0, Y=0, cx=0, cy=0, uFlags=0x37) returned 1 [0209.094] GetMessageTime () returned 27016875 [0209.094] GetMessageTime () returned 27016875 [0209.094] IsWindowVisible (hWnd=0x90064) returned 1 [0209.094] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x46, wParam=0x0, lParam=0x4fedc4) returned 0x0 [0209.094] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x46, wParam=0x0, lParam=0x4fedc4) returned 0x0 [0209.095] GetMessageTime () returned 27016875 [0209.095] GetMessageTime () returned 27016875 [0209.095] GetMessageTime () returned 27016875 [0209.095] GetMessageTime () returned 27016875 [0209.096] IsWindowVisible (hWnd=0x90064) returned 1 [0209.096] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x47, wParam=0x0, lParam=0x4fedc4) returned 0x0 [0209.096] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x47, wParam=0x0, lParam=0x4fedc4) returned 0x0 [0209.096] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.096] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.096] TF_CreateThreadMgr () returned 0x0 [0209.097] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.097] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.097] CoGetContextToken (in: pToken=0x4ff19c | out: pToken=0x4ff19c) returned 0x0 [0209.098] BeginPaint (in: hWnd=0x90064, lpPaint=0x4fee1c | out: lpPaint=0x4fee1c) returned 0x120108c2 [0209.098] GetLayeredWindowAttributes (in: hwnd=0x90064, pcrKey=0x0, pbAlpha=0x0, pdwFlags=0x0 | out: pcrKey=0x0, pbAlpha=0x0, pdwFlags=0x0) returned 0 [0209.098] EndPaint (hWnd=0x90064, lpPaint=0x4fee1c) returned 1 [0209.099] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90052, Msg=0x218, wParam=0x8013, lParam=0x9d21a48) returned 0x1 [0209.099] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90052, Msg=0x218, wParam=0x8013, lParam=0x9d21a48) returned 0x1 [0209.099] GetMessageTime () returned 27016875 [0209.099] GetMessageTime () returned 27016875 [0209.099] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0x7f, wParam=0x1, lParam=0x60) returned 0x13028f [0209.099] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0x7f, wParam=0x1, lParam=0x60) returned 0x13028f [0209.108] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.108] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.115] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x0 [0209.115] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.116] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.116] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.116] TF_CreateThreadMgr () returned 0x0 [0209.116] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.116] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.116] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.116] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.116] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90052, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0209.116] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90052, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0209.116] TF_CreateThreadMgr () returned 0x0 [0209.117] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.117] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.117] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.117] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.117] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601fe, Msg=0xc1ef, wParam=0x0, lParam=0x0) returned 0x0 [0209.117] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601fe, Msg=0xc1ef, wParam=0x0, lParam=0x0) returned 0x0 [0209.117] TF_CreateThreadMgr () returned 0x0 [0209.117] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.117] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.118] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.118] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.118] GetMessageTime () returned 27019406 [0209.118] GetMessageTime () returned 27019406 [0209.118] IsWindowVisible (hWnd=0x90064) returned 1 [0209.118] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0209.118] GetClientRect (in: hWnd=0x90064, lpRect=0x4fee64 | out: lpRect=0x4fee64) returned 1 [0209.118] ClientToScreen (in: hWnd=0x90064, lpPoint=0x271fdd0 | out: lpPoint=0x271fdd0) returned 1 [0209.118] ClientToScreen (in: hWnd=0x90064, lpPoint=0x271fde0 | out: lpPoint=0x271fde0) returned 1 [0209.119] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 0x0 [0209.119] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 0x0 [0209.119] TF_CreateThreadMgr () returned 0x0 [0209.119] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.120] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.120] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.120] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.120] GetMessageTime () returned 27020578 [0209.120] GetMessageTime () returned 27020578 [0209.120] IsWindowVisible (hWnd=0x90064) returned 1 [0209.120] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0209.120] GetClientRect (in: hWnd=0x90064, lpRect=0x4fee64 | out: lpRect=0x4fee64) returned 1 [0209.120] ClientToScreen (in: hWnd=0x90064, lpPoint=0x271ff18 | out: lpPoint=0x271ff18) returned 1 [0209.120] ClientToScreen (in: hWnd=0x90064, lpPoint=0x271ff28 | out: lpPoint=0x271ff28) returned 1 [0209.121] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 0x0 [0209.121] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 0x0 [0209.121] TF_CreateThreadMgr () returned 0x0 [0209.121] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.121] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.121] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.121] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.121] GetMessageTime () returned 27020578 [0209.121] GetMessageTime () returned 27020578 [0209.121] IsWindowVisible (hWnd=0x90064) returned 1 [0209.121] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0209.121] GetClientRect (in: hWnd=0x90064, lpRect=0x4fee64 | out: lpRect=0x4fee64) returned 1 [0209.122] ClientToScreen (in: hWnd=0x90064, lpPoint=0x271ff5c | out: lpPoint=0x271ff5c) returned 1 [0209.122] ClientToScreen (in: hWnd=0x90064, lpPoint=0x271ff6c | out: lpPoint=0x271ff6c) returned 1 [0209.122] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 0x0 [0209.122] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 0x0 [0209.122] TF_CreateThreadMgr () returned 0x0 [0209.122] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.122] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.122] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.122] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.122] GetMessageTime () returned 27020578 [0209.123] GetMessageTime () returned 27020578 [0209.123] IsWindowVisible (hWnd=0x90064) returned 1 [0209.123] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0209.123] GetClientRect (in: hWnd=0x90064, lpRect=0x4fee64 | out: lpRect=0x4fee64) returned 1 [0209.123] ClientToScreen (in: hWnd=0x90064, lpPoint=0x271ffa0 | out: lpPoint=0x271ffa0) returned 1 [0209.123] ClientToScreen (in: hWnd=0x90064, lpPoint=0x271ffb0 | out: lpPoint=0x271ffb0) returned 1 [0209.123] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 0x0 [0209.123] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 0x0 [0209.123] TF_CreateThreadMgr () returned 0x0 [0209.123] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.123] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.124] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.124] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.124] GetMessageTime () returned 27020796 [0209.124] GetMessageTime () returned 27020796 [0209.124] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0xc1eb, wParam=0x1, lParam=0x0) returned 0x0 [0209.124] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0xc1eb, wParam=0x1, lParam=0x0) returned 0x0 [0209.129] TF_CreateThreadMgr () returned 0x0 [0209.129] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.129] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.129] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.129] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.130] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x601fe, Msg=0xc1ef, wParam=0x0, lParam=0x0) returned 0x0 [0209.130] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x601fe, Msg=0xc1ef, wParam=0x0, lParam=0x0) returned 0x0 [0209.130] TF_CreateThreadMgr () returned 0x0 [0209.130] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.130] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.130] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.130] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.131] GetMessageTime () returned 27021984 [0209.131] GetMessageTime () returned 27021984 [0209.131] IsWindowVisible (hWnd=0x90064) returned 1 [0209.131] GetWindowRect (in: hWnd=0x90064, lpRect=0x26d1458 | out: lpRect=0x26d1458) returned 1 [0209.131] GetClientRect (in: hWnd=0x90064, lpRect=0x4fee64 | out: lpRect=0x4fee64) returned 1 [0209.131] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2720028 | out: lpPoint=0x2720028) returned 1 [0209.131] ClientToScreen (in: hWnd=0x90064, lpPoint=0x2720038 | out: lpPoint=0x2720038) returned 1 [0209.131] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 0x0 [0209.131] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0xc1e9, wParam=0x0, lParam=0x0) returned 0x0 [0209.131] TF_CreateThreadMgr () returned 0x0 [0209.131] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.131] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.132] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.132] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.132] GetMessageTime () returned 27022109 [0209.132] GetMessageTime () returned 27022109 [0209.132] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x90064, Msg=0xc0a7, wParam=0x0, lParam=0x0) returned 0x0 [0209.132] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x90064, Msg=0xc0a7, wParam=0x0, lParam=0x0) returned 0x0 [0209.132] TF_CreateThreadMgr () returned 0x0 [0209.133] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.133] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.133] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.133] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.133] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.133] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.134] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.134] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.134] TF_CreateThreadMgr () returned 0x0 [0209.134] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.134] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.134] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.134] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.134] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.135] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.135] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.135] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.135] TF_CreateThreadMgr () returned 0x0 [0209.135] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.135] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.136] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.136] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.136] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.136] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.136] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.136] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.136] TF_CreateThreadMgr () returned 0x0 [0209.136] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.136] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.138] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.138] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.138] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.139] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.139] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.139] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.139] TF_CreateThreadMgr () returned 0x0 [0209.139] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.139] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.148] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.148] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.148] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.148] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.148] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.148] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.148] TF_CreateThreadMgr () returned 0x0 [0209.148] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.148] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.149] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.149] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.149] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.149] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.149] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.149] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.149] TF_CreateThreadMgr () returned 0x0 [0209.150] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.150] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.150] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.150] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.150] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.150] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.150] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.150] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.151] TF_CreateThreadMgr () returned 0x0 [0209.151] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.151] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.151] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.151] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.151] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.151] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.152] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.152] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.152] TF_CreateThreadMgr () returned 0x0 [0209.152] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.152] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.152] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.152] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.152] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.153] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.153] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.153] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.153] TF_CreateThreadMgr () returned 0x0 [0209.153] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.153] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.154] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.154] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.154] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.154] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.154] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.154] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.154] TF_CreateThreadMgr () returned 0x0 [0209.154] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.154] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.155] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.155] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.155] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.155] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.155] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.155] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.159] TF_CreateThreadMgr () returned 0x0 [0209.159] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.159] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.160] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.160] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.160] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.160] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.160] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.160] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.160] TF_CreateThreadMgr () returned 0x0 [0209.160] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.160] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.161] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.161] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.161] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.161] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.161] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.161] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.161] TF_CreateThreadMgr () returned 0x0 [0209.161] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.162] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.163] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.163] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.163] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.163] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.164] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.164] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.164] TF_CreateThreadMgr () returned 0x0 [0209.164] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.164] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.164] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.164] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.164] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.164] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.165] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.165] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.165] TF_CreateThreadMgr () returned 0x0 [0209.165] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.165] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.165] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.165] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.165] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.165] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.166] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.166] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.166] TF_CreateThreadMgr () returned 0x0 [0209.166] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.166] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.166] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.166] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.166] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.167] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.167] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.167] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.167] TF_CreateThreadMgr () returned 0x0 [0209.167] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.167] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.167] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.167] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.168] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.168] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.168] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.168] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.168] TF_CreateThreadMgr () returned 0x0 [0209.168] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.168] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.169] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.169] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.169] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.169] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.169] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.169] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.169] TF_CreateThreadMgr () returned 0x0 [0209.169] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.169] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.174] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.174] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.174] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.174] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.174] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.174] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.174] TF_CreateThreadMgr () returned 0x0 [0209.174] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.175] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.175] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.175] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.175] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.175] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.176] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.176] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.176] TF_CreateThreadMgr () returned 0x0 [0209.176] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.176] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.176] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.176] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.176] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.176] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.177] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.177] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.177] TF_CreateThreadMgr () returned 0x0 [0209.177] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.177] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.177] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.177] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.177] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.178] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.178] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.178] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.178] TF_CreateThreadMgr () returned 0x0 [0209.178] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.178] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.179] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.179] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.179] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.179] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.179] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.179] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.179] TF_CreateThreadMgr () returned 0x0 [0209.179] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.179] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.180] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.180] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.180] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.180] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.180] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.180] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.180] TF_CreateThreadMgr () returned 0x0 [0209.181] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.181] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.181] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.181] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.181] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.181] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.181] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.182] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.182] TF_CreateThreadMgr () returned 0x0 [0209.182] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.182] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.182] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.182] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.182] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.182] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.183] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.183] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.183] TF_CreateThreadMgr () returned 0x0 [0209.183] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.183] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.183] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.184] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.184] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.184] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.184] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.184] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.184] TF_CreateThreadMgr () returned 0x0 [0209.184] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.184] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.185] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.185] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.185] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.185] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.185] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.185] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.185] TF_CreateThreadMgr () returned 0x0 [0209.186] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.186] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.186] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.186] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.186] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.186] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.187] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.187] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.187] TF_CreateThreadMgr () returned 0x0 [0209.187] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.187] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.188] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.188] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.188] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.188] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.188] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.188] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.188] TF_CreateThreadMgr () returned 0x0 [0209.188] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.188] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.189] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.189] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.189] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.189] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.189] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.189] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.189] TF_CreateThreadMgr () returned 0x0 [0209.190] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.190] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.190] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.190] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.190] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.190] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.191] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.191] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.191] TF_CreateThreadMgr () returned 0x0 [0209.191] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.191] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.191] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.191] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.191] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.191] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.192] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.192] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.192] TF_CreateThreadMgr () returned 0x0 [0209.192] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.192] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.192] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.192] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.192] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.193] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.193] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.193] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.193] TF_CreateThreadMgr () returned 0x0 [0209.193] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.193] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.194] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.194] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.194] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.194] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.194] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.194] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.194] TF_CreateThreadMgr () returned 0x0 [0209.194] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.194] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.195] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.195] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.195] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.195] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.195] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.195] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.195] TF_CreateThreadMgr () returned 0x0 [0209.196] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.196] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.196] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.196] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.196] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.196] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.197] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.197] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.197] TF_CreateThreadMgr () returned 0x0 [0209.197] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.197] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.197] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.197] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.197] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.197] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.198] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.198] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.198] TF_CreateThreadMgr () returned 0x0 [0209.198] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.198] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.198] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.198] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.198] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.199] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.199] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.199] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.199] TF_CreateThreadMgr () returned 0x0 [0209.199] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.199] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.200] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.200] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.200] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.200] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.200] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.200] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.200] TF_CreateThreadMgr () returned 0x0 [0209.200] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.200] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.201] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.201] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.201] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.201] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.201] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.201] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.201] TF_CreateThreadMgr () returned 0x0 [0209.201] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.202] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.202] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.202] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.202] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.205] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.206] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.206] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.206] TF_CreateThreadMgr () returned 0x0 [0209.206] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.206] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.206] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.206] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.206] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.207] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.207] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.207] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.207] TF_CreateThreadMgr () returned 0x0 [0209.207] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.207] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.208] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.208] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.208] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.208] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.208] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.208] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.208] TF_CreateThreadMgr () returned 0x0 [0209.208] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.209] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.209] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.209] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.209] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.209] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.210] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.210] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.210] TF_CreateThreadMgr () returned 0x0 [0209.210] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.210] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.210] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.210] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.210] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.211] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.211] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.211] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.211] TF_CreateThreadMgr () returned 0x0 [0209.211] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.211] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.211] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.211] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.212] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.212] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.212] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.212] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.212] TF_CreateThreadMgr () returned 0x0 [0209.212] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.212] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.213] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.213] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.213] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.213] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.213] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.213] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.213] TF_CreateThreadMgr () returned 0x0 [0209.213] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.213] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.214] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.214] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.214] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.214] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.214] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.214] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.214] TF_CreateThreadMgr () returned 0x0 [0209.214] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.215] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.215] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.215] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.215] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.215] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.215] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.215] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.216] TF_CreateThreadMgr () returned 0x0 [0209.216] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.216] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.216] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.216] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.216] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.216] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.217] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.217] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.217] TF_CreateThreadMgr () returned 0x0 [0209.217] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.217] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.217] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.217] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.217] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.217] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.219] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.219] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.219] TF_CreateThreadMgr () returned 0x0 [0209.219] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.219] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.220] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.220] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.220] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.220] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.220] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.220] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.220] TF_CreateThreadMgr () returned 0x0 [0209.220] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.220] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.221] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.221] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.221] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.221] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.221] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.221] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.221] TF_CreateThreadMgr () returned 0x0 [0209.222] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.222] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.222] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.222] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.222] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.222] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.223] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.223] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.223] TF_CreateThreadMgr () returned 0x0 [0209.223] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.223] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.223] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.223] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.223] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.223] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.224] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.224] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.224] TF_CreateThreadMgr () returned 0x0 [0209.224] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.224] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.224] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.224] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.224] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.225] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.225] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.225] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.225] TF_CreateThreadMgr () returned 0x0 [0209.225] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.225] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.226] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.226] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.226] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.226] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.226] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.226] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.226] TF_CreateThreadMgr () returned 0x0 [0209.226] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.226] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.227] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.227] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.227] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.227] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.227] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.227] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.227] TF_CreateThreadMgr () returned 0x0 [0209.228] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.228] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.228] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.228] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.228] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.228] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.228] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.228] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.229] TF_CreateThreadMgr () returned 0x0 [0209.229] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.229] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.229] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.229] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.229] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.229] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.230] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.230] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.230] TF_CreateThreadMgr () returned 0x0 [0209.230] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.230] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.230] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.230] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.230] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.230] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.231] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.231] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.231] TF_CreateThreadMgr () returned 0x0 [0209.231] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.231] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.231] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.231] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.231] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.232] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.232] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.232] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.232] TF_CreateThreadMgr () returned 0x0 [0209.232] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.232] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.232] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.232] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.232] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.233] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.233] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.233] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.233] TF_CreateThreadMgr () returned 0x0 [0209.233] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.233] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.234] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.234] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.234] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.234] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.234] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.234] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.235] TF_CreateThreadMgr () returned 0x0 [0209.235] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.235] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.235] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.235] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.235] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.235] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.236] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.236] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.236] TF_CreateThreadMgr () returned 0x0 [0209.236] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.236] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.236] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.236] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.236] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.236] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.237] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.237] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.237] TF_CreateThreadMgr () returned 0x0 [0209.237] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.237] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.237] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.237] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.237] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.237] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.238] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.238] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.238] TF_CreateThreadMgr () returned 0x0 [0209.238] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.238] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.238] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.238] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.238] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.239] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.241] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.241] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.241] TF_CreateThreadMgr () returned 0x0 [0209.241] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.241] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.242] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.242] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.242] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.242] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.243] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.243] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.243] TF_CreateThreadMgr () returned 0x0 [0209.243] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.243] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.244] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.244] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.244] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.244] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.245] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.245] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.245] TF_CreateThreadMgr () returned 0x0 [0209.245] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.245] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.246] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.246] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.246] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.247] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.247] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.247] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.247] TF_CreateThreadMgr () returned 0x0 [0209.248] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.248] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.248] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.248] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.248] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.249] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.249] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.249] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.251] TF_CreateThreadMgr () returned 0x0 [0209.251] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.251] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.251] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.251] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.251] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.252] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.252] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.252] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.252] TF_CreateThreadMgr () returned 0x0 [0209.252] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.252] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.253] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.253] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.253] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.253] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.253] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.253] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.253] TF_CreateThreadMgr () returned 0x0 [0209.254] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.254] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.254] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.254] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.254] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.254] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.255] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.255] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.255] TF_CreateThreadMgr () returned 0x0 [0209.255] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.255] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.255] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.256] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.256] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.256] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.256] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.256] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.256] TF_CreateThreadMgr () returned 0x0 [0209.256] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.256] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.257] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.257] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.257] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.257] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.257] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.257] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.258] TF_CreateThreadMgr () returned 0x0 [0209.258] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.258] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.258] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.258] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.258] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.259] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.259] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.259] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.259] TF_CreateThreadMgr () returned 0x0 [0209.260] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.260] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.260] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.260] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.260] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.260] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.260] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.260] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.261] TF_CreateThreadMgr () returned 0x0 [0209.261] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.261] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.261] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.261] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.261] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.261] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.261] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.261] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.262] TF_CreateThreadMgr () returned 0x0 [0209.262] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.262] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.263] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.263] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.263] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.263] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.264] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.264] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.264] TF_CreateThreadMgr () returned 0x0 [0209.264] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.264] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.272] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.272] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.272] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.272] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.272] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.272] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.272] TF_CreateThreadMgr () returned 0x0 [0209.272] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.272] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.273] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.273] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.273] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.273] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.273] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.273] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.273] TF_CreateThreadMgr () returned 0x0 [0209.273] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.273] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.274] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.274] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.274] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.274] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.274] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.274] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.274] TF_CreateThreadMgr () returned 0x0 [0209.274] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.275] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.277] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.277] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.277] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.277] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.277] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.277] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.277] TF_CreateThreadMgr () returned 0x0 [0209.277] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.277] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.278] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.278] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.278] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.278] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.278] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.278] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.278] TF_CreateThreadMgr () returned 0x0 [0209.278] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.279] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.279] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.279] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.279] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.279] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.279] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.279] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.279] TF_CreateThreadMgr () returned 0x0 [0209.280] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.280] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.280] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.280] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.280] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.281] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.281] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.281] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.281] TF_CreateThreadMgr () returned 0x0 [0209.281] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.281] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.281] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.281] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.281] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.282] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.282] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.282] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.282] TF_CreateThreadMgr () returned 0x0 [0209.282] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.282] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.283] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.283] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.283] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.283] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.283] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.283] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.284] TF_CreateThreadMgr () returned 0x0 [0209.284] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.284] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.284] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.284] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.284] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.285] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.285] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.285] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.285] TF_CreateThreadMgr () returned 0x0 [0209.285] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.285] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.285] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.285] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.285] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.286] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.286] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.286] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.286] TF_CreateThreadMgr () returned 0x0 [0209.286] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.286] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.286] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.287] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.287] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.287] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.287] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.287] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.287] TF_CreateThreadMgr () returned 0x0 [0209.287] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.287] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.288] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.288] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.288] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.288] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.288] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.288] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.288] TF_CreateThreadMgr () returned 0x0 [0209.288] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.288] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.289] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.289] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.289] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.289] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.289] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.289] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.289] TF_CreateThreadMgr () returned 0x0 [0209.289] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.289] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.290] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.290] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.290] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.290] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.290] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.290] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.290] TF_CreateThreadMgr () returned 0x0 [0209.290] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.291] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.291] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.291] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.291] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.291] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.291] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.291] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.291] TF_CreateThreadMgr () returned 0x0 [0209.292] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.292] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.292] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.292] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.292] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.292] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.292] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.292] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.293] TF_CreateThreadMgr () returned 0x0 [0209.293] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.293] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.293] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.293] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.293] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.293] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.293] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.294] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.294] TF_CreateThreadMgr () returned 0x0 [0209.294] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.294] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.294] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.294] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.294] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.294] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.295] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.295] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.295] TF_CreateThreadMgr () returned 0x0 [0209.295] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.295] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.295] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.295] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.295] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.295] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.296] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.296] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.296] TF_CreateThreadMgr () returned 0x0 [0209.297] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.297] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.297] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.297] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.297] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.297] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.298] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.298] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.298] TF_CreateThreadMgr () returned 0x0 [0209.298] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.298] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.298] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.298] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.298] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.299] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.299] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.299] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.299] TF_CreateThreadMgr () returned 0x0 [0209.299] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.299] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.299] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.299] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.299] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.300] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.300] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.300] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.300] TF_CreateThreadMgr () returned 0x0 [0209.300] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.300] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.300] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.301] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.301] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.301] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.301] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.301] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.301] TF_CreateThreadMgr () returned 0x0 [0209.301] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.301] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.302] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.302] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.302] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.302] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.302] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.302] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.302] TF_CreateThreadMgr () returned 0x0 [0209.302] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.302] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.303] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.303] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.303] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.303] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.303] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.303] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.303] TF_CreateThreadMgr () returned 0x0 [0209.303] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.303] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.304] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.304] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.304] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.304] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.304] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.304] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.304] TF_CreateThreadMgr () returned 0x0 [0209.304] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.305] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.305] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.305] DispatchMessageW (lpMsg=0x4ff464) returned 0x0 [0209.305] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.305] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.305] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.305] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.305] TF_CreateThreadMgr () returned 0x0 [0209.305] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.306] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.306] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.306] DispatchMessageW (lpMsg=0x4ff464) [0209.306] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.306] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.306] CallWindowProcW (lpPrevWndFunc=0x22e061e, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.306] CallWindowProcW (lpPrevWndFunc=0x75bb4410, hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 0x0 [0209.306] TF_CreateThreadMgr () returned 0x0 [0209.306] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.307] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.307] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.307] DispatchMessageW (lpMsg=0x4ff464) [0209.307] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.307] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.307] TF_CreateThreadMgr () returned 0x0 [0209.307] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.308] CoGetContextToken (in: pToken=0x4ff23c | out: pToken=0x4ff23c) returned 0x0 [0209.308] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.308] DispatchMessageW (lpMsg=0x4ff464) [0209.308] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.308] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0209.308] TF_CreateThreadMgr () returned 0x0 [0209.308] CoGetContextToken (in: pToken=0x4ff1a4 | out: pToken=0x4ff1a4) returned 0x0 [0209.309] TranslateMessage (lpMsg=0x4ff464) returned 0 [0209.309] DispatchMessageW (lpMsg=0x4ff464) [0209.309] MsgWaitForMultipleObjectsEx (nCount=0x0, pHandles=0x0, dwMilliseconds=0x0, dwWakeMask=0x200f, dwFlags=0x4) returned 0x102 [0209.309] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0210.389] GetUserNameW (in: lpBuffer=0x4fec18, pcbBuffer=0x4fee90 | out: lpBuffer="OqXZRaykm", pcbBuffer=0x4fee90) returned 1 [0210.398] LocalAlloc (uFlags=0x0, uBytes=0x5c) returned 0x8587d8 [0210.399] ShellExecuteExW (in: pExecInfo=0x27223f0*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x27223f0*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0xaa8)) returned 1 [0215.998] LocalFree (hMem=0x8587d8) returned 0x0 [0216.008] CoGetContextToken (in: pToken=0x4fecf0 | out: pToken=0x4fecf0) returned 0x0 [0216.008] IUnknown:QueryInterface (in: This=0x7c4378, riid=0x6fbeb31c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4fed14 | out: ppvObject=0x4fed14*=0x7c4384) returned 0x0 [0216.008] IComThreadingInfo:GetCurrentThreadType (in: This=0x7c4384, pThreadType=0x4fed74 | out: pThreadType=0x4fed74*=1) returned 0x0 [0216.009] IUnknown:Release (This=0x7c4384) returned 0x1 [0216.010] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x791f60*=0x16c, lpdwindex=0x4feb9c | out: lpdwindex=0x4feb9c) returned 0x0 [0216.640] CoGetContextToken (in: pToken=0x4fdbec | out: pToken=0x4fdbec) returned 0x0 [0216.640] CoGetContextToken (in: pToken=0x4fdbcc | out: pToken=0x4fdbcc) returned 0x0 [0216.640] CoGetContextToken (in: pToken=0x4fdb50 | out: pToken=0x4fdb50) returned 0x0 [0216.641] CoGetContextToken (in: pToken=0x4fdb50 | out: pToken=0x4fdb50) returned 0x0 Thread: id = 2 os_tid = 0x84c Thread: id = 3 os_tid = 0x8ec Thread: id = 4 os_tid = 0x85c Thread: id = 5 os_tid = 0x840 [0174.722] CoGetContextToken (in: pToken=0x24ffc7c | out: pToken=0x24ffc7c) returned 0x800401f0 [0174.722] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0174.722] RoInitialize () returned 0x1 [0174.722] RoUninitialize () returned 0x0 [0195.592] RegCloseKey (hKey=0x324) returned 0x0 [0216.162] FreeLibrary (hLibModule=0x6abf0000) returned 1 [0216.162] FreeLibrary (hLibModule=0x6aa90000) returned 1 [0216.162] free (_Block=0x7e5c70) [0216.170] __std_type_info_destroy_list () returned 0x0 [0216.170] _free_base (_Block=0x7e5cf0) [0216.171] LocalFree (hMem=0x7e6dd0) returned 0x0 [0216.173] EtwEventUnregister (RegHandle=0x7df8d0) returned 0x0 [0216.173] EtwEventUnregister (RegHandle=0x7e0f98) returned 0x0 [0216.173] EtwEventUnregister (RegHandle=0x7e1148) returned 0x0 [0216.173] EtwEventUnregister (RegHandle=0x806260) returned 0x0 [0216.173] EtwEventUnregister (RegHandle=0x838ba8) returned 0x0 [0216.178] IsWindowUnicode (hWnd=0x601f4) returned 1 [0216.179] GetModuleHandleW (lpModuleName="user32.dll") returned 0x769d0000 [0216.179] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x24ff9bc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x0bmiû¹}\x84þ´o|üO\x02\x0fÕhw", lpUsedDefaultChar=0x0) returned 14 [0216.179] GetProcAddress (hModule=0x769d0000, lpProcName="DefWindowProcW") returned 0x75bb4410 [0216.180] PostMessageW (hWnd=0x601f4, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0216.180] IsWindowUnicode (hWnd=0x90064) returned 1 [0216.181] PostMessageW (hWnd=0x90064, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0216.181] IsWindowUnicode (hWnd=0x401ee) returned 1 [0216.181] PostMessageW (hWnd=0x401ee, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0216.181] IsWindowUnicode (hWnd=0x90052) returned 1 [0216.182] PostMessageW (hWnd=0x90052, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0216.182] IsWindowUnicode (hWnd=0x601fe) returned 1 [0216.182] PostMessageW (hWnd=0x601fe, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0216.182] IsWindowUnicode (hWnd=0x8006c) returned 1 [0216.183] PostMessageW (hWnd=0x8006c, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0216.258] CloseHandle (hObject=0x458) returned 1 [0216.274] EtwEventUnregister (RegHandle=0x7dff90) returned 0x0 [0216.278] DestroyCursor (hCursor=0x13028f) returned 1 [0216.282] CloseColorProfile () returned 0x1 [0216.283] CloseColorProfile () returned 0x1 [0216.466] CertFreeCRLContext (pCrlContext=0x8417e8) returned 1 [0216.467] CertFreeCRLContext (pCrlContext=0x8414c8) returned 1 [0216.467] CertFreeCRLContext (pCrlContext=0x841d38) returned 1 [0216.468] CertCloseStore (hCertStore=0x84d1b0, dwFlags=0x0) returned 1 [0216.468] CertFreeCRLContext (pCrlContext=0x841d38) returned 1 [0216.468] CertFreeCRLContext (pCrlContext=0x841798) returned 1 [0216.469] DeleteSecurityContext (phContext=0x26643e4) returned 0x0 [0216.472] RegCloseKey (hKey=0x92c) returned 0x0 [0216.472] RegCloseKey (hKey=0x928) returned 0x0 [0216.473] setsockopt (s=0x714, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0216.474] closesocket (s=0x714) returned 0 [0216.476] RegCloseKey (hKey=0x924) returned 0x0 [0216.478] CertFreeCRLContext (pCrlContext=0x841658) returned 1 [0216.478] CertFreeCRLContext (pCrlContext=0x841518) returned 1 [0216.479] CertFreeCRLContext (pCrlContext=0x841478) returned 1 [0216.479] CertFreeCRLContext (pCrlContext=0x841888) returned 1 [0216.480] CertCloseStore (hCertStore=0x824260, dwFlags=0x0) returned 1 [0216.480] CertFreeCRLContext (pCrlContext=0x841888) returned 1 [0216.480] CertFreeCRLContext (pCrlContext=0x841748) returned 1 [0216.481] CertFreeCRLContext (pCrlContext=0x841b58) returned 1 [0216.482] FreeCredentialsHandle (phCredential=0x263403c) returned 0x0 [0216.483] DeleteSecurityContext (phContext=0x2634240) returned 0x0 [0216.484] RegCloseKey (hKey=0x920) returned 0x0 [0216.484] setsockopt (s=0x620, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0216.484] closesocket (s=0x620) returned 0 [0216.485] CloseHandle (hObject=0x624) returned 1 [0216.486] setsockopt (s=0x57c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0216.486] closesocket (s=0x57c) returned 0 [0216.486] CloseHandle (hObject=0x61c) returned 1 [0216.487] RegCloseKey (hKey=0x91c) returned 0x0 [0216.487] setsockopt (s=0x600, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0216.487] closesocket (s=0x600) returned 0 [0216.488] CloseHandle (hObject=0xaa8) returned 1 [0216.489] DestroyCursor (hCursor=0x14036f) returned 1 [0216.490] WinHttpCloseHandle (hInternet=0x81e7e8) returned 1 [0216.492] CloseHandle (hObject=0x514) returned 1 [0216.492] CloseHandle (hObject=0x510) returned 1 [0216.492] RegCloseKey (hKey=0x50c) returned 0x0 [0216.492] CloseHandle (hObject=0x508) returned 1 [0216.493] RegCloseKey (hKey=0x504) returned 0x0 [0216.496] CloseHandle (hObject=0x500) returned 1 [0216.497] RegCloseKey (hKey=0x4fc) returned 0x0 [0216.497] RegCloseKey (hKey=0x4f8) returned 0x0 [0216.497] CloseHandle (hObject=0x4e0) returned 1 [0216.498] setsockopt (s=0x4d4, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0216.498] closesocket (s=0x4d4) returned 0 [0216.498] CloseHandle (hObject=0x4d8) returned 1 [0216.501] setsockopt (s=0x4cc, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0216.501] closesocket (s=0x4cc) returned 0 [0216.502] CloseHandle (hObject=0x4d0) returned 1 [0216.504] LocalFree (hMem=0x7f1768) returned 0x0 [0216.505] CloseHandle (hObject=0x464) returned 1 [0216.505] UnmapViewOfFile (lpBaseAddress=0x4990000) returned 1 [0216.507] RegCloseKey (hKey=0x80000004) returned 0x0 [0216.635] CoGetContextToken (in: pToken=0x24ff8a4 | out: pToken=0x24ff8a4) returned 0x0 [0216.635] CoGetContextToken (in: pToken=0x24ff828 | out: pToken=0x24ff828) returned 0x0 [0216.635] CoGetContextToken (in: pToken=0x24ff828 | out: pToken=0x24ff828) returned 0x0 [0216.635] CoGetContextToken (in: pToken=0x24ff828 | out: pToken=0x24ff828) returned 0x0 [0216.635] Windows::Foundation::Diagnostics::AsyncCausalityTracerFactory::Release () returned 0x2 [0216.635] Release () returned 0x1 [0216.635] CoGetContextToken (in: pToken=0x24ff828 | out: pToken=0x24ff828) returned 0x0 [0216.635] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::Release () returned 0x1 [0216.636] Windows::Foundation::Diagnostics::TracingStatusChangedEventArgs::Release () returned 0x0 [0216.636] CoGetContextToken (in: pToken=0x24ff8a4 | out: pToken=0x24ff8a4) returned 0x0 [0216.636] IUnknown:QueryInterface (in: This=0x7c4378, riid=0x6fd08bb0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x24ff844 | out: ppvObject=0x24ff844*=0x7c4388) returned 0x0 [0216.636] CObjectContext::ContextCallback () returned 0x0 [0216.641] IUnknown:Release (This=0x7c4388) returned 0x1 [0216.641] IUnknown:Release (This=0x7c4378) returned 0x0 Thread: id = 6 os_tid = 0xa94 [0195.829] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0195.830] CoGetContextToken (in: pToken=0x4bafd44 | out: pToken=0x4bafd44) returned 0x0 [0195.830] CObjectContext::QueryInterface () returned 0x0 [0195.830] CObjectContext::GetCurrentThreadType () returned 0x0 [0195.830] Release () returned 0x0 [0195.830] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0195.831] CoUninitialize () [0195.831] RoInitialize () returned 0x1 [0195.831] RoUninitialize () returned 0x0 [0195.835] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\spool\\drivers\\color\\sRGB Color Space Profile.icm", nBufferLength=0x104, lpBuffer=0x7f1768, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\spool\\drivers\\color\\sRGB Color Space Profile.icm", lpFilePart=0x0) returned 0x44 [0195.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x4baf818) returned 1 [0195.835] CreateFileW (lpFileName="C:\\Windows\\system32\\spool\\drivers\\color\\sRGB Color Space Profile.icm" (normalized: "c:\\windows\\system32\\spool\\drivers\\color\\srgb color space profile.icm"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x458 [0195.835] GetFileType (hFile=0x458) returned 0x1 [0195.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x4baf814) returned 1 [0195.835] GetFileType (hFile=0x458) returned 0x1 [0195.835] GetFileSize (in: hFile=0x458, lpFileSizeHigh=0x4baf938 | out: lpFileSizeHigh=0x4baf938*=0x0) returned 0xc48 Thread: id = 7 os_tid = 0x4dc Thread: id = 8 os_tid = 0x5e0 Thread: id = 9 os_tid = 0x34 Thread: id = 10 os_tid = 0x2f0 [0198.818] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0198.818] RoInitialize () returned 0x1 [0198.818] RoUninitialize () returned 0x0 [0198.826] ResetEvent (hEvent=0x3cc) returned 1 Thread: id = 11 os_tid = 0x8a4 Thread: id = 12 os_tid = 0x874 Thread: id = 13 os_tid = 0xa34 Thread: id = 14 os_tid = 0xe44 Thread: id = 15 os_tid = 0xa5c [0201.275] CoGetContextToken (in: pToken=0x56afeb4 | out: pToken=0x56afeb4) returned 0x0 [0201.275] CObjectContext::QueryInterface () returned 0x0 [0201.275] CObjectContext::GetCurrentThreadType () returned 0x0 [0201.275] Release () returned 0x0 [0201.275] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0201.275] RoInitialize () returned 0x1 [0201.276] RoUninitialize () returned 0x0 Thread: id = 16 os_tid = 0xcf8 [0201.959] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0201.959] CoGetContextToken (in: pToken=0x57efc2c | out: pToken=0x57efc2c) returned 0x0 [0201.959] CObjectContext::QueryInterface () returned 0x0 [0201.959] CObjectContext::GetCurrentThreadType () returned 0x0 [0201.959] Release () returned 0x0 [0201.959] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0201.959] CoUninitialize () [0201.959] RoInitialize () returned 0x1 [0201.959] RoUninitialize () returned 0x0 [0201.974] WSARecv (in: s=0x600, lpBuffers=0x26cc57c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef554, lpFlags=0x57ef584*=0x0, lpOverlapped=0x26cbcb8, lpCompletionRoutine=0x0 | out: lpBuffers=0x26cc57c*=((len=0x5, buf=0x2649ed4*)), lpNumberOfBytesRecvd=0x57ef554*=0x5, lpFlags=0x57ef584*=0x0, lpOverlapped=0x26cbcb8) returned 0 [0201.976] WSARecv (in: s=0x600, lpBuffers=0x26ccc68, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cbcb8, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ccc68*=((len=0x572, buf=0x2649ed9*)), lpNumberOfBytesRecvd=0x57ef73c*=0x572, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cbcb8) returned 0 [0201.976] DecryptMessage (in: phContext=0x2634240, pMessage=0x26ccd70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ccd70, pfQOP=0x0) returned 0x0 [0201.977] WSARecv (in: s=0x600, lpBuffers=0x26cd808, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef520, lpFlags=0x57ef550*=0x0, lpOverlapped=0x26cbcb8, lpCompletionRoutine=0x0 | out: lpBuffers=0x26cd808*=((len=0x5, buf=0x2649ed4*)), lpNumberOfBytesRecvd=0x57ef520*=0x5, lpFlags=0x57ef550*=0x0, lpOverlapped=0x26cbcb8) returned 0 [0201.978] WSARecv (in: s=0x600, lpBuffers=0x26cd8d8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cbcb8, lpCompletionRoutine=0x0 | out: lpBuffers=0x26cd8d8*=((len=0x572, buf=0x2649ed9*)), lpNumberOfBytesRecvd=0x57ef73c*=0x572, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cbcb8) returned 0 [0201.978] DecryptMessage (in: phContext=0x2634240, pMessage=0x26cd9e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26cd9e0, pfQOP=0x0) returned 0x0 [0201.979] WSARecv (in: s=0x600, lpBuffers=0x26cdb28, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef520, lpFlags=0x57ef550*=0x0, lpOverlapped=0x26cbcb8, lpCompletionRoutine=0x0 | out: lpBuffers=0x26cdb28*=((len=0x5, buf=0x2649ed4*)), lpNumberOfBytesRecvd=0x57ef520*=0x5, lpFlags=0x57ef550*=0x0, lpOverlapped=0x26cbcb8) returned 0 [0201.979] WSARecv (in: s=0x600, lpBuffers=0x26cdbf8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cbcb8, lpCompletionRoutine=0x0 | out: lpBuffers=0x26cdbf8*=((len=0x301, buf=0x2649ed9*)), lpNumberOfBytesRecvd=0x57ef73c*=0x301, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cbcb8) returned 0 [0201.980] DecryptMessage (in: phContext=0x2634240, pMessage=0x26cdd00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26cdd00, pfQOP=0x0) returned 0x0 [0201.984] select (in: nfds=0, readfds=0x26cfe9c, writefds=0x0, exceptfds=0x0, timeout=0x57ef4f4*(tv_sec=0, tv_usec=0) | out: readfds=0x26cfe9c, writefds=0x0, exceptfds=0x0) returned 0 [0201.985] EncryptMessage (in: phContext=0x26643e4, fQOP=0x0, pMessage=0x26d0200, MessageSeqNo=0x0 | out: pMessage=0x26d0200) returned 0x0 [0201.986] WSASend (in: s=0x714, lpBuffers=0x26d02dc*=((len=0x7a, buf=0x263b248*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x57ef2f0, dwFlags=0x0, lpOverlapped=0x26ccabc, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x57ef2f0*=0x7a, lpOverlapped=0x26ccabc) returned 0 [0201.988] WSARecv (in: s=0x714, lpBuffers=0x26d04d8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef554, lpFlags=0x57ef584*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26d04d8*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef554*=0x0, lpFlags=0x57ef584*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.337] WSARecv (in: s=0x714, lpBuffers=0x26d16c0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26d16c0*=((len=0x3a5, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x3a5, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.339] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26d17c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26d17c8, pfQOP=0x0) returned 0x0 [0202.380] WSARecv (in: s=0x714, lpBuffers=0x26e29c8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef2c0, lpFlags=0x57ef2f0*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e29c8*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef2c0*=0x5, lpFlags=0x57ef2f0*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.380] WSARecv (in: s=0x714, lpBuffers=0x26e2a98, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e2a98*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.385] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e2ba0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e2ba0, pfQOP=0x0) returned 0x0 [0202.386] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.409] PostMessageW (hWnd=0x401ee, Msg=0xc150, wParam=0x0, lParam=0x0) returned 1 [0202.411] WSARecv (in: s=0x714, lpBuffers=0x26e2e6c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e2e6c*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.411] WSARecv (in: s=0x714, lpBuffers=0x26e2f3c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e2f3c*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.411] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e3044, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e3044, pfQOP=0x0) returned 0x0 [0202.411] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.412] WSARecv (in: s=0x714, lpBuffers=0x26e32f4, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e32f4*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.412] WSARecv (in: s=0x714, lpBuffers=0x26e33c4, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e33c4*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.413] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e34cc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e34cc, pfQOP=0x0) returned 0x0 [0202.413] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.413] WSARecv (in: s=0x714, lpBuffers=0x26e377c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e377c*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.414] WSARecv (in: s=0x714, lpBuffers=0x26e384c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e384c*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.414] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e3954, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e3954, pfQOP=0x0) returned 0x0 [0202.414] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.415] WSARecv (in: s=0x714, lpBuffers=0x26e3c04, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e3c04*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.415] WSARecv (in: s=0x714, lpBuffers=0x26e3cd4, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e3cd4*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.415] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e3ddc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e3ddc, pfQOP=0x0) returned 0x0 [0202.415] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.416] WSARecv (in: s=0x714, lpBuffers=0x26e4098, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e4098*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.417] WSARecv (in: s=0x714, lpBuffers=0x26e4168, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e4168*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.417] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e4270, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4270, pfQOP=0x0) returned 0x0 [0202.417] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.418] WSARecv (in: s=0x714, lpBuffers=0x26e4520, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e4520*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.418] WSARecv (in: s=0x714, lpBuffers=0x26e45f0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e45f0*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.418] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e46f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e46f8, pfQOP=0x0) returned 0x0 [0202.418] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.419] WSARecv (in: s=0x714, lpBuffers=0x26e49a8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e49a8*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.419] WSARecv (in: s=0x714, lpBuffers=0x26e4a78, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e4a78*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.419] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e4b80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e4b80, pfQOP=0x0) returned 0x0 [0202.419] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.420] WSARecv (in: s=0x714, lpBuffers=0x26e4e30, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e4e30*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.503] WSARecv (in: s=0x714, lpBuffers=0x26e4f00, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e4f00*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.504] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e5008, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5008, pfQOP=0x0) returned 0x0 [0202.504] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.505] WSARecv (in: s=0x714, lpBuffers=0x26e52b8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e52b8*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.505] WSARecv (in: s=0x714, lpBuffers=0x26e5388, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e5388*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.505] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e5490, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5490, pfQOP=0x0) returned 0x0 [0202.505] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.506] WSARecv (in: s=0x714, lpBuffers=0x26e5740, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e5740*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.506] WSARecv (in: s=0x714, lpBuffers=0x26e5810, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e5810*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.507] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e5918, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5918, pfQOP=0x0) returned 0x0 [0202.507] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.507] WSARecv (in: s=0x714, lpBuffers=0x26e5bc8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e5bc8*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.508] WSARecv (in: s=0x714, lpBuffers=0x26e5c98, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e5c98*=((len=0x3b49, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x3b49, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.508] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e5da0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e5da0, pfQOP=0x0) returned 0x0 [0202.508] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x3b31, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x3b31, lpOverlapped=0x0) returned 1 [0202.509] WSARecv (in: s=0x714, lpBuffers=0x26e605c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e605c*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.509] WSARecv (in: s=0x714, lpBuffers=0x26e612c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e612c*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.510] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e6234, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e6234, pfQOP=0x0) returned 0x0 [0202.510] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.510] WSARecv (in: s=0x714, lpBuffers=0x26e64e4, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e64e4*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.511] WSARecv (in: s=0x714, lpBuffers=0x26e65b4, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e65b4*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.511] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e66bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e66bc, pfQOP=0x0) returned 0x0 [0202.511] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.512] WSARecv (in: s=0x714, lpBuffers=0x26e696c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e696c*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.512] WSARecv (in: s=0x714, lpBuffers=0x26e6a3c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e6a3c*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.512] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e6b44, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e6b44, pfQOP=0x0) returned 0x0 [0202.513] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.513] WSARecv (in: s=0x714, lpBuffers=0x26e6df4, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e6df4*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.514] WSARecv (in: s=0x714, lpBuffers=0x26e6ec4, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e6ec4*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.514] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e6fcc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e6fcc, pfQOP=0x0) returned 0x0 [0202.514] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.515] WSARecv (in: s=0x714, lpBuffers=0x26e727c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e727c*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.515] WSARecv (in: s=0x714, lpBuffers=0x26e734c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e734c*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.517] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e7454, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e7454, pfQOP=0x0) returned 0x0 [0202.517] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.518] WSARecv (in: s=0x714, lpBuffers=0x26e7704, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e7704*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.519] WSARecv (in: s=0x714, lpBuffers=0x26e77d4, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e77d4*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.519] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e78dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e78dc, pfQOP=0x0) returned 0x0 [0202.519] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.520] WSARecv (in: s=0x714, lpBuffers=0x26e7b8c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e7b8c*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.520] WSARecv (in: s=0x714, lpBuffers=0x26e7c5c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e7c5c*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.520] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e7d64, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e7d64, pfQOP=0x0) returned 0x0 [0202.520] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.521] WSARecv (in: s=0x714, lpBuffers=0x26e8020, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e8020*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.522] WSARecv (in: s=0x714, lpBuffers=0x26e80f0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e80f0*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.522] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e81f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e81f8, pfQOP=0x0) returned 0x0 [0202.522] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.523] WSARecv (in: s=0x714, lpBuffers=0x26e84a8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e84a8*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.523] WSARecv (in: s=0x714, lpBuffers=0x26e8578, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e8578*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.523] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e8680, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e8680, pfQOP=0x0) returned 0x0 [0202.523] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.529] WSARecv (in: s=0x714, lpBuffers=0x26e8930, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e8930*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.533] WSARecv (in: s=0x714, lpBuffers=0x26e8a00, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e8a00*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.533] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e8b08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e8b08, pfQOP=0x0) returned 0x0 [0202.534] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.534] WSARecv (in: s=0x714, lpBuffers=0x26e8db8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e8db8*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.535] WSARecv (in: s=0x714, lpBuffers=0x26e8e88, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e8e88*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.535] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e8f90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e8f90, pfQOP=0x0) returned 0x0 [0202.535] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.536] WSARecv (in: s=0x714, lpBuffers=0x26e9240, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e9240*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.536] WSARecv (in: s=0x714, lpBuffers=0x26e9310, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e9310*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.536] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e9418, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e9418, pfQOP=0x0) returned 0x0 [0202.536] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.537] WSARecv (in: s=0x714, lpBuffers=0x26e96c8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e96c8*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.538] WSARecv (in: s=0x714, lpBuffers=0x26e9798, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e9798*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.538] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e98a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e98a0, pfQOP=0x0) returned 0x0 [0202.538] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.539] WSARecv (in: s=0x714, lpBuffers=0x26e9b50, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e9b50*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.539] WSARecv (in: s=0x714, lpBuffers=0x26e9c20, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e9c20*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.539] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26e9d28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26e9d28, pfQOP=0x0) returned 0x0 [0202.539] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.540] WSARecv (in: s=0x714, lpBuffers=0x26e9fd8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26e9fd8*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.541] WSARecv (in: s=0x714, lpBuffers=0x26ea0b4, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ea0b4*=((len=0x2727, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x2727, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.541] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ea1bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ea1bc, pfQOP=0x0) returned 0x0 [0202.541] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x270f, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x270f, lpOverlapped=0x0) returned 1 [0202.542] WSARecv (in: s=0x714, lpBuffers=0x26ea46c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ea46c*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.542] WSARecv (in: s=0x714, lpBuffers=0x26ea53c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ea53c*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.542] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ea644, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ea644, pfQOP=0x0) returned 0x0 [0202.542] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.543] WSARecv (in: s=0x714, lpBuffers=0x26ea8f4, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ea8f4*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.543] WSARecv (in: s=0x714, lpBuffers=0x26ea9c4, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ea9c4*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.544] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26eaacc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26eaacc, pfQOP=0x0) returned 0x0 [0202.544] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.544] WSARecv (in: s=0x714, lpBuffers=0x26ead7c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ead7c*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.545] WSARecv (in: s=0x714, lpBuffers=0x26eae4c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26eae4c*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.545] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26eaf54, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26eaf54, pfQOP=0x0) returned 0x0 [0202.545] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.605] WSARecv (in: s=0x714, lpBuffers=0x26eb6ec, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26eb6ec*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.605] WSARecv (in: s=0x714, lpBuffers=0x26eb7bc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26eb7bc*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.605] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26eb8c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26eb8c4, pfQOP=0x0) returned 0x0 [0202.606] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.607] WSARecv (in: s=0x714, lpBuffers=0x26ebb74, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ebb74*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.608] WSARecv (in: s=0x714, lpBuffers=0x26ebc44, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ebc44*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.608] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ebd4c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ebd4c, pfQOP=0x0) returned 0x0 [0202.608] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.610] WSARecv (in: s=0x714, lpBuffers=0x26ec008, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ec008*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.611] WSARecv (in: s=0x714, lpBuffers=0x26ec0d8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ec0d8*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.614] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ec1e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ec1e0, pfQOP=0x0) returned 0x0 [0202.614] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.618] WSARecv (in: s=0x714, lpBuffers=0x26ec490, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ec490*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.618] WSARecv (in: s=0x714, lpBuffers=0x26ec560, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ec560*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.624] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ec668, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ec668, pfQOP=0x0) returned 0x0 [0202.624] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.625] WSARecv (in: s=0x714, lpBuffers=0x26ec918, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ec918*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.626] WSARecv (in: s=0x714, lpBuffers=0x26ec9e8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ec9e8*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.626] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ecaf0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ecaf0, pfQOP=0x0) returned 0x0 [0202.626] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.627] WSARecv (in: s=0x714, lpBuffers=0x26ecda0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ecda0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.629] WSARecv (in: s=0x714, lpBuffers=0x26ece70, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ece70*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.629] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ecf78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ecf78, pfQOP=0x0) returned 0x0 [0202.630] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.630] WSARecv (in: s=0x714, lpBuffers=0x26ed228, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ed228*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.631] WSARecv (in: s=0x714, lpBuffers=0x26ed2f8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ed2f8*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.631] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ed400, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ed400, pfQOP=0x0) returned 0x0 [0202.631] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.632] WSARecv (in: s=0x714, lpBuffers=0x26ed6b0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ed6b0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.632] WSARecv (in: s=0x714, lpBuffers=0x26ed780, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ed780*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.633] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ed888, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ed888, pfQOP=0x0) returned 0x0 [0202.633] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.633] WSARecv (in: s=0x714, lpBuffers=0x26edb38, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26edb38*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.634] WSARecv (in: s=0x714, lpBuffers=0x26edc08, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26edc08*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.634] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26edd10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26edd10, pfQOP=0x0) returned 0x0 [0202.634] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.635] WSARecv (in: s=0x714, lpBuffers=0x26edfc0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26edfc0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.636] WSARecv (in: s=0x714, lpBuffers=0x26ee09c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ee09c*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.636] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ee1a4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ee1a4, pfQOP=0x0) returned 0x0 [0202.636] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.637] WSARecv (in: s=0x714, lpBuffers=0x26ee454, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ee454*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.637] WSARecv (in: s=0x714, lpBuffers=0x26ee524, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ee524*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.638] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ee62c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ee62c, pfQOP=0x0) returned 0x0 [0202.638] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.639] WSARecv (in: s=0x714, lpBuffers=0x26ee8dc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ee8dc*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.639] WSARecv (in: s=0x714, lpBuffers=0x26ee9ac, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ee9ac*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.639] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26eeab4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26eeab4, pfQOP=0x0) returned 0x0 [0202.639] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.640] WSARecv (in: s=0x714, lpBuffers=0x26eed64, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26eed64*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.640] WSARecv (in: s=0x714, lpBuffers=0x26eee34, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26eee34*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.641] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26eef3c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26eef3c, pfQOP=0x0) returned 0x0 [0202.641] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.642] WSARecv (in: s=0x714, lpBuffers=0x26ef1ec, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ef1ec*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.642] WSARecv (in: s=0x714, lpBuffers=0x26ef2bc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ef2bc*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.642] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ef3c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ef3c4, pfQOP=0x0) returned 0x0 [0202.642] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.644] WSARecv (in: s=0x714, lpBuffers=0x26ef674, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ef674*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.644] WSARecv (in: s=0x714, lpBuffers=0x26ef744, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ef744*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.644] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ef84c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ef84c, pfQOP=0x0) returned 0x0 [0202.644] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.645] WSARecv (in: s=0x714, lpBuffers=0x26efafc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26efafc*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.646] WSARecv (in: s=0x714, lpBuffers=0x26efbcc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26efbcc*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.646] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26efcd4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26efcd4, pfQOP=0x0) returned 0x0 [0202.646] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.647] WSARecv (in: s=0x714, lpBuffers=0x26eff84, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26eff84*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.647] WSARecv (in: s=0x714, lpBuffers=0x26f0060, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f0060*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.647] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f0168, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f0168, pfQOP=0x0) returned 0x0 [0202.648] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.648] WSARecv (in: s=0x714, lpBuffers=0x26f0418, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f0418*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.649] WSARecv (in: s=0x714, lpBuffers=0x26f04e8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f04e8*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.649] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f05f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f05f0, pfQOP=0x0) returned 0x0 [0202.649] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.650] WSARecv (in: s=0x714, lpBuffers=0x26f08a0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f08a0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.650] WSARecv (in: s=0x714, lpBuffers=0x26f0970, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f0970*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.651] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f0a78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f0a78, pfQOP=0x0) returned 0x0 [0202.651] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.653] WSARecv (in: s=0x714, lpBuffers=0x26f0d28, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f0d28*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.653] WSARecv (in: s=0x714, lpBuffers=0x26f0df8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f0df8*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.653] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f0f00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f0f00, pfQOP=0x0) returned 0x0 [0202.654] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.654] WSARecv (in: s=0x714, lpBuffers=0x26f11b0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f11b0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.655] WSARecv (in: s=0x714, lpBuffers=0x26f1280, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f1280*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.656] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f1388, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f1388, pfQOP=0x0) returned 0x0 [0202.656] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.657] WSARecv (in: s=0x714, lpBuffers=0x26f1638, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f1638*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.657] WSARecv (in: s=0x714, lpBuffers=0x26f1708, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f1708*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.657] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f1810, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f1810, pfQOP=0x0) returned 0x0 [0202.657] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.711] WSARecv (in: s=0x714, lpBuffers=0x26f1be0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f1be0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.754] WSARecv (in: s=0x714, lpBuffers=0x26f2580, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f2580*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.755] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f2688, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f2688, pfQOP=0x0) returned 0x0 [0202.755] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.756] WSARecv (in: s=0x714, lpBuffers=0x26f2938, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f2938*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.756] WSARecv (in: s=0x714, lpBuffers=0x26f2a08, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f2a08*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.756] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f2b10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f2b10, pfQOP=0x0) returned 0x0 [0202.756] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.757] WSARecv (in: s=0x714, lpBuffers=0x26f2dc0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f2dc0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.758] WSARecv (in: s=0x714, lpBuffers=0x26f2e90, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f2e90*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.758] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f2f98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f2f98, pfQOP=0x0) returned 0x0 [0202.758] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.759] WSARecv (in: s=0x714, lpBuffers=0x26f3248, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f3248*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.759] WSARecv (in: s=0x714, lpBuffers=0x26f3318, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f3318*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.759] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f3420, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f3420, pfQOP=0x0) returned 0x0 [0202.759] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.760] WSARecv (in: s=0x714, lpBuffers=0x26f36d0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f36d0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.760] WSARecv (in: s=0x714, lpBuffers=0x26f37a0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f37a0*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.761] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f38a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f38a8, pfQOP=0x0) returned 0x0 [0202.761] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.762] WSARecv (in: s=0x714, lpBuffers=0x26f3b58, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f3b58*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.762] WSARecv (in: s=0x714, lpBuffers=0x26f3c28, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f3c28*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.762] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f3d30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f3d30, pfQOP=0x0) returned 0x0 [0202.762] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.763] WSARecv (in: s=0x714, lpBuffers=0x26f3fec, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f3fec*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.764] WSARecv (in: s=0x714, lpBuffers=0x26f40bc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f40bc*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.764] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f41c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f41c4, pfQOP=0x0) returned 0x0 [0202.764] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.765] WSARecv (in: s=0x714, lpBuffers=0x26f4474, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f4474*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.765] WSARecv (in: s=0x714, lpBuffers=0x26f4544, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f4544*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.766] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f464c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f464c, pfQOP=0x0) returned 0x0 [0202.766] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.766] WSARecv (in: s=0x714, lpBuffers=0x26f48fc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f48fc*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.767] WSARecv (in: s=0x714, lpBuffers=0x26f49cc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f49cc*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.767] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f4ad4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f4ad4, pfQOP=0x0) returned 0x0 [0202.767] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.769] WSARecv (in: s=0x714, lpBuffers=0x26f4d84, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f4d84*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.769] WSARecv (in: s=0x714, lpBuffers=0x26f4e54, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f4e54*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.769] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f4f5c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f4f5c, pfQOP=0x0) returned 0x0 [0202.769] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.770] WSARecv (in: s=0x714, lpBuffers=0x26f520c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f520c*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.770] WSARecv (in: s=0x714, lpBuffers=0x26f52dc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f52dc*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.771] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f53e4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f53e4, pfQOP=0x0) returned 0x0 [0202.771] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.772] WSARecv (in: s=0x714, lpBuffers=0x26f5694, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f5694*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.772] WSARecv (in: s=0x714, lpBuffers=0x26f5764, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f5764*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.772] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f586c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f586c, pfQOP=0x0) returned 0x0 [0202.772] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.773] WSARecv (in: s=0x714, lpBuffers=0x26f5b1c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f5b1c*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.773] WSARecv (in: s=0x714, lpBuffers=0x26f5bec, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f5bec*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.774] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f5cf4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f5cf4, pfQOP=0x0) returned 0x0 [0202.774] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.789] WSARecv (in: s=0x714, lpBuffers=0x26f5fa4, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f5fa4*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.790] WSARecv (in: s=0x714, lpBuffers=0x26f6080, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f6080*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.790] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f6188, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f6188, pfQOP=0x0) returned 0x0 [0202.791] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.792] WSARecv (in: s=0x714, lpBuffers=0x26f6438, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f6438*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.792] WSARecv (in: s=0x714, lpBuffers=0x26f6508, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f6508*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.792] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f6610, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f6610, pfQOP=0x0) returned 0x0 [0202.792] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.793] WSARecv (in: s=0x714, lpBuffers=0x26f68c0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f68c0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.793] WSARecv (in: s=0x714, lpBuffers=0x26f6990, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f6990*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.794] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f6a98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f6a98, pfQOP=0x0) returned 0x0 [0202.794] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.795] WSARecv (in: s=0x714, lpBuffers=0x26f6d48, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f6d48*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.795] WSARecv (in: s=0x714, lpBuffers=0x26f6e18, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f6e18*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.795] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f6f20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f6f20, pfQOP=0x0) returned 0x0 [0202.795] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.796] WSARecv (in: s=0x714, lpBuffers=0x26f71d0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f71d0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.797] WSARecv (in: s=0x714, lpBuffers=0x26f72a0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f72a0*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.797] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f73a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f73a8, pfQOP=0x0) returned 0x0 [0202.797] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0202.798] WSARecv (in: s=0x714, lpBuffers=0x26f7658, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f7658*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.798] WSARecv (in: s=0x714, lpBuffers=0x26f7728, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f7728*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0202.798] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f7830, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f7830, pfQOP=0x0) returned 0x0 [0202.798] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.090] WSARecv (in: s=0x714, lpBuffers=0x26f7b28, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f7b28*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.090] WSARecv (in: s=0x714, lpBuffers=0x26f7bf8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f7bf8*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.091] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f7d00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f7d00, pfQOP=0x0) returned 0x0 [0203.091] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.092] WSARecv (in: s=0x714, lpBuffers=0x26f7fb0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f7fb0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.093] WSARecv (in: s=0x714, lpBuffers=0x26f808c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f808c*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.093] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f8194, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f8194, pfQOP=0x0) returned 0x0 [0203.093] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.094] WSARecv (in: s=0x714, lpBuffers=0x26f8444, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f8444*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.094] WSARecv (in: s=0x714, lpBuffers=0x26f8514, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f8514*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.095] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f861c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f861c, pfQOP=0x0) returned 0x0 [0203.095] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.096] WSARecv (in: s=0x714, lpBuffers=0x26f88cc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f88cc*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.096] WSARecv (in: s=0x714, lpBuffers=0x26f899c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f899c*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.097] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f8aa4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f8aa4, pfQOP=0x0) returned 0x0 [0203.097] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.097] WSARecv (in: s=0x714, lpBuffers=0x26f8d54, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f8d54*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.098] WSARecv (in: s=0x714, lpBuffers=0x26f8e24, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f8e24*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.098] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f8f2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f8f2c, pfQOP=0x0) returned 0x0 [0203.098] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.098] WSARecv (in: s=0x714, lpBuffers=0x26f91dc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f91dc*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.099] WSARecv (in: s=0x714, lpBuffers=0x26f92ac, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f92ac*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.099] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f93b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f93b4, pfQOP=0x0) returned 0x0 [0203.099] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.100] WSARecv (in: s=0x714, lpBuffers=0x26f9664, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f9664*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.100] WSARecv (in: s=0x714, lpBuffers=0x26f9734, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f9734*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.100] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f983c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f983c, pfQOP=0x0) returned 0x0 [0203.100] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.101] WSARecv (in: s=0x714, lpBuffers=0x26f9aec, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f9aec*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.101] WSARecv (in: s=0x714, lpBuffers=0x26f9bbc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f9bbc*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.101] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26f9cc4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26f9cc4, pfQOP=0x0) returned 0x0 [0203.102] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.102] WSARecv (in: s=0x714, lpBuffers=0x26f9f74, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26f9f74*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.103] WSARecv (in: s=0x714, lpBuffers=0x26fa050, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fa050*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.103] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fa158, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fa158, pfQOP=0x0) returned 0x0 [0203.103] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.104] WSARecv (in: s=0x714, lpBuffers=0x26fa408, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fa408*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.104] WSARecv (in: s=0x714, lpBuffers=0x26fa4d8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fa4d8*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.105] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fa5e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fa5e0, pfQOP=0x0) returned 0x0 [0203.105] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.106] WSARecv (in: s=0x714, lpBuffers=0x26fa890, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fa890*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.106] WSARecv (in: s=0x714, lpBuffers=0x26fa960, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fa960*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.107] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26faa68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26faa68, pfQOP=0x0) returned 0x0 [0203.107] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.107] WSARecv (in: s=0x714, lpBuffers=0x26fad18, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fad18*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.108] WSARecv (in: s=0x714, lpBuffers=0x26fade8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fade8*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.108] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26faef0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26faef0, pfQOP=0x0) returned 0x0 [0203.108] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.108] WSARecv (in: s=0x714, lpBuffers=0x26fb1a0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fb1a0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.109] WSARecv (in: s=0x714, lpBuffers=0x26fb270, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fb270*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.109] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fb378, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fb378, pfQOP=0x0) returned 0x0 [0203.109] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.110] WSARecv (in: s=0x714, lpBuffers=0x26fb628, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fb628*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.110] WSARecv (in: s=0x714, lpBuffers=0x26fb6f8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fb6f8*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.110] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fb800, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fb800, pfQOP=0x0) returned 0x0 [0203.110] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.111] WSARecv (in: s=0x714, lpBuffers=0x26fbab0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fbab0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.111] WSARecv (in: s=0x714, lpBuffers=0x26fbb80, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fbb80*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.111] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fbc88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fbc88, pfQOP=0x0) returned 0x0 [0203.112] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.116] WSARecv (in: s=0x714, lpBuffers=0x26fbf38, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fbf38*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.116] WSARecv (in: s=0x714, lpBuffers=0x26fc014, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fc014*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.117] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fc11c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fc11c, pfQOP=0x0) returned 0x0 [0203.117] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.117] WSARecv (in: s=0x714, lpBuffers=0x26fc3cc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fc3cc*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.118] WSARecv (in: s=0x714, lpBuffers=0x26fc49c, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fc49c*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.118] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fc5a4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fc5a4, pfQOP=0x0) returned 0x0 [0203.118] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.119] WSARecv (in: s=0x714, lpBuffers=0x26fc854, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fc854*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.119] WSARecv (in: s=0x714, lpBuffers=0x26fc924, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fc924*=((len=0x1358, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x1358, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.119] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fca2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fca2c, pfQOP=0x0) returned 0x0 [0203.120] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x1340, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x1340, lpOverlapped=0x0) returned 1 [0203.120] WSARecv (in: s=0x714, lpBuffers=0x26fccdc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fccdc*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.120] WSARecv (in: s=0x714, lpBuffers=0x26fcdac, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fcdac*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.120] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fceb4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fceb4, pfQOP=0x0) returned 0x0 [0203.121] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.121] WSARecv (in: s=0x714, lpBuffers=0x26fd164, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fd164*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.122] WSARecv (in: s=0x714, lpBuffers=0x26fd234, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fd234*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.122] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fd33c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fd33c, pfQOP=0x0) returned 0x0 [0203.122] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.123] WSARecv (in: s=0x714, lpBuffers=0x26fd5ec, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fd5ec*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.123] WSARecv (in: s=0x714, lpBuffers=0x26fd6bc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fd6bc*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.123] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fd7c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fd7c4, pfQOP=0x0) returned 0x0 [0203.123] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.124] WSARecv (in: s=0x714, lpBuffers=0x26fda74, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fda74*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.124] WSARecv (in: s=0x714, lpBuffers=0x26fdb44, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fdb44*=((len=0x2758, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x2758, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.124] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fdc4c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fdc4c, pfQOP=0x0) returned 0x0 [0203.124] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x2740, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x2740, lpOverlapped=0x0) returned 1 [0203.125] WSARecv (in: s=0x714, lpBuffers=0x26fdefc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fdefc*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.125] WSARecv (in: s=0x714, lpBuffers=0x26fdfcc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fdfcc*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.126] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fe0e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fe0e0, pfQOP=0x0) returned 0x0 [0203.126] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.126] WSARecv (in: s=0x714, lpBuffers=0x26fe390, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fe390*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.127] WSARecv (in: s=0x714, lpBuffers=0x26fe460, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fe460*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.127] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fe568, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fe568, pfQOP=0x0) returned 0x0 [0203.127] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.180] WSARecv (in: s=0x714, lpBuffers=0x26fe818, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fe818*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.188] WSARecv (in: s=0x714, lpBuffers=0x26fe8e8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fe8e8*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.188] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fe9f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fe9f0, pfQOP=0x0) returned 0x0 [0203.188] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.189] WSARecv (in: s=0x714, lpBuffers=0x26feca0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26feca0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.189] WSARecv (in: s=0x714, lpBuffers=0x26fed70, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fed70*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.189] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26fee78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26fee78, pfQOP=0x0) returned 0x0 [0203.189] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.190] WSARecv (in: s=0x714, lpBuffers=0x26ff128, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ff128*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.190] WSARecv (in: s=0x714, lpBuffers=0x26ff1f8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ff1f8*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.191] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ff300, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ff300, pfQOP=0x0) returned 0x0 [0203.191] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.192] WSARecv (in: s=0x714, lpBuffers=0x26ff5b0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ff5b0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.192] WSARecv (in: s=0x714, lpBuffers=0x26ff680, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ff680*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.193] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ff788, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ff788, pfQOP=0x0) returned 0x0 [0203.193] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.193] WSARecv (in: s=0x714, lpBuffers=0x26ffa38, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ffa38*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.194] WSARecv (in: s=0x714, lpBuffers=0x26ffb08, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ffb08*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.194] DecryptMessage (in: phContext=0x26643e4, pMessage=0x26ffc10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26ffc10, pfQOP=0x0) returned 0x0 [0203.194] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.194] WSARecv (in: s=0x714, lpBuffers=0x26ffec0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26ffec0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.195] WSARecv (in: s=0x714, lpBuffers=0x26fff90, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x26fff90*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.195] DecryptMessage (in: phContext=0x26643e4, pMessage=0x27000a4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27000a4, pfQOP=0x0) returned 0x0 [0203.195] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.196] WSARecv (in: s=0x714, lpBuffers=0x2700354, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2700354*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.196] WSARecv (in: s=0x714, lpBuffers=0x2700424, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2700424*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.197] DecryptMessage (in: phContext=0x26643e4, pMessage=0x270052c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x270052c, pfQOP=0x0) returned 0x0 [0203.197] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.197] WSARecv (in: s=0x714, lpBuffers=0x27007dc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x27007dc*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.198] WSARecv (in: s=0x714, lpBuffers=0x27008ac, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x27008ac*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.198] DecryptMessage (in: phContext=0x26643e4, pMessage=0x27009b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27009b4, pfQOP=0x0) returned 0x0 [0203.198] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.198] WSARecv (in: s=0x714, lpBuffers=0x2700c64, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2700c64*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.199] WSARecv (in: s=0x714, lpBuffers=0x2700d34, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2700d34*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.199] DecryptMessage (in: phContext=0x26643e4, pMessage=0x2700e3c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2700e3c, pfQOP=0x0) returned 0x0 [0203.199] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.200] WSARecv (in: s=0x714, lpBuffers=0x27010ec, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x27010ec*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.200] WSARecv (in: s=0x714, lpBuffers=0x27011bc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x27011bc*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.200] DecryptMessage (in: phContext=0x26643e4, pMessage=0x27012c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27012c4, pfQOP=0x0) returned 0x0 [0203.200] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.201] WSARecv (in: s=0x714, lpBuffers=0x2701574, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2701574*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.201] WSARecv (in: s=0x714, lpBuffers=0x2701644, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2701644*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.202] DecryptMessage (in: phContext=0x26643e4, pMessage=0x270174c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x270174c, pfQOP=0x0) returned 0x0 [0203.202] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.202] WSARecv (in: s=0x714, lpBuffers=0x27019fc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x27019fc*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.203] WSARecv (in: s=0x714, lpBuffers=0x2701acc, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2701acc*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.203] DecryptMessage (in: phContext=0x26643e4, pMessage=0x2701bd4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2701bd4, pfQOP=0x0) returned 0x0 [0203.203] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.204] WSARecv (in: s=0x714, lpBuffers=0x2701e84, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2701e84*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.204] WSARecv (in: s=0x714, lpBuffers=0x2701f54, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2701f54*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.205] DecryptMessage (in: phContext=0x26643e4, pMessage=0x2702068, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2702068, pfQOP=0x0) returned 0x0 [0203.205] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.206] WSARecv (in: s=0x714, lpBuffers=0x2702318, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2702318*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.207] WSARecv (in: s=0x714, lpBuffers=0x27023e8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x27023e8*=((len=0x2758, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x2758, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.207] DecryptMessage (in: phContext=0x26643e4, pMessage=0x27024f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x27024f0, pfQOP=0x0) returned 0x0 [0203.207] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x2740, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x2740, lpOverlapped=0x0) returned 1 [0203.207] WSARecv (in: s=0x714, lpBuffers=0x27027a0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x27027a0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.208] WSARecv (in: s=0x714, lpBuffers=0x2702870, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2702870*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.208] DecryptMessage (in: phContext=0x26643e4, pMessage=0x2702978, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2702978, pfQOP=0x0) returned 0x0 [0203.208] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.209] WSARecv (in: s=0x714, lpBuffers=0x2702c28, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2702c28*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.209] WSARecv (in: s=0x714, lpBuffers=0x2702cf8, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2702cf8*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.209] DecryptMessage (in: phContext=0x26643e4, pMessage=0x2702e00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2702e00, pfQOP=0x0) returned 0x0 [0203.209] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.210] WSARecv (in: s=0x714, lpBuffers=0x27030b0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x27030b0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.210] WSARecv (in: s=0x714, lpBuffers=0x2703180, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2703180*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.210] DecryptMessage (in: phContext=0x26643e4, pMessage=0x2703288, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2703288, pfQOP=0x0) returned 0x0 [0203.210] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.211] WSARecv (in: s=0x714, lpBuffers=0x2703538, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2703538*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.211] WSARecv (in: s=0x714, lpBuffers=0x2703608, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2703608*=((len=0x4018, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x4018, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.212] DecryptMessage (in: phContext=0x26643e4, pMessage=0x2703710, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2703710, pfQOP=0x0) returned 0x0 [0203.212] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x4000, lpOverlapped=0x0) returned 1 [0203.212] WSARecv (in: s=0x714, lpBuffers=0x27039c0, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef4f8, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x27039c0*=((len=0x5, buf=0x2645e90*)), lpNumberOfBytesRecvd=0x57ef4f8*=0x5, lpFlags=0x57ef528*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.213] WSARecv (in: s=0x714, lpBuffers=0x2703a90, dwBufferCount=0x1, lpNumberOfBytesRecvd=0x57ef73c, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4, lpCompletionRoutine=0x0 | out: lpBuffers=0x2703a90*=((len=0x135a, buf=0x2645e95*)), lpNumberOfBytesRecvd=0x57ef73c*=0x135a, lpFlags=0x57ef76c*=0x0, lpOverlapped=0x26cc9e4) returned 0 [0203.213] DecryptMessage (in: phContext=0x26643e4, pMessage=0x2703b98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2703b98, pfQOP=0x0) returned 0x0 [0203.214] WriteFile (in: hFile=0x734, lpBuffer=0x26d28ec*, nNumberOfBytesToWrite=0x1342, lpNumberOfBytesWritten=0x57ef6f0, lpOverlapped=0x0 | out: lpBuffer=0x26d28ec*, lpNumberOfBytesWritten=0x57ef6f0*=0x1342, lpOverlapped=0x0) returned 1 [0203.214] CloseHandle (hObject=0x734) returned 1 Thread: id = 17 os_tid = 0xb00 Thread: id = 18 os_tid = 0xb4c Thread: id = 19 os_tid = 0x484 Thread: id = 20 os_tid = 0xbe0 Thread: id = 21 os_tid = 0x954 Thread: id = 79 os_tid = 0x178 Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x5c3fb000" os_pid = "0x674" os_integrity_level = "0x4000" os_privileges = "0x260914080" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x264" cmd_line = "C:\\Windows\\system32\\svchost.exe -k appmodel -p" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "S-1-5-80-3369530244-1263555520-1552818992-544823788-1590281562" [0xa], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:000128c3" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 590 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 591 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 592 start_va = 0x30000 end_va = 0x4cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 593 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 594 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 595 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 596 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 597 start_va = 0x100000 end_va = 0x108fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 598 start_va = 0x110000 end_va = 0x1d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 599 start_va = 0x1e0000 end_va = 0x1e7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "staterepository-deployment.srd-shm" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\StateRepository-Deployment.srd-shm" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\staterepository-deployment.srd-shm") Region: id = 600 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 601 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 602 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 603 start_va = 0x680000 end_va = 0x688fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 604 start_va = 0x690000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000690000" filename = "" Region: id = 605 start_va = 0x890000 end_va = 0x897fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 606 start_va = 0x8a0000 end_va = 0xa20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 607 start_va = 0xa30000 end_va = 0xaf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 608 start_va = 0xb00000 end_va = 0xb00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 609 start_va = 0xb10000 end_va = 0xb18fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b10000" filename = "" Region: id = 610 start_va = 0xb30000 end_va = 0xb37fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "staterepository-machine.srd-shm" filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\StateRepository-Machine.srd-shm" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\staterepository-machine.srd-shm") Region: id = 611 start_va = 0xb40000 end_va = 0xb40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b40000" filename = "" Region: id = 612 start_va = 0xb50000 end_va = 0xb50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b50000" filename = "" Region: id = 613 start_va = 0xb60000 end_va = 0xb60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b60000" filename = "" Region: id = 614 start_va = 0xb70000 end_va = 0xb70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b70000" filename = "" Region: id = 615 start_va = 0xb80000 end_va = 0xb80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b80000" filename = "" Region: id = 616 start_va = 0xc00000 end_va = 0xdfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 617 start_va = 0x1000000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001000000" filename = "" Region: id = 618 start_va = 0x1200000 end_va = 0x13fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 619 start_va = 0x1400000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001400000" filename = "" Region: id = 620 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 621 start_va = 0x1700000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 622 start_va = 0x1a00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 623 start_va = 0x1c00000 end_va = 0x1d3efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 624 start_va = 0x1e40000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e40000" filename = "" Region: id = 625 start_va = 0x2040000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 626 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 627 start_va = 0x7ff4fde90000 end_va = 0x7ff4fdf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff4fde90000" filename = "" Region: id = 628 start_va = 0x7ff4fdf90000 end_va = 0x7ff5fdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdf90000" filename = "" Region: id = 629 start_va = 0x7ff5fdfb0000 end_va = 0x7ff5fffb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fdfb0000" filename = "" Region: id = 630 start_va = 0x7ff5fffc0000 end_va = 0x7ff5fffc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffc0000" filename = "" Region: id = 631 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 632 start_va = 0x7ff612ac0000 end_va = 0x7ff612ad0fff monitored = 0 entry_point = 0x7ff612ac4e80 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 633 start_va = 0x7fffaf250000 end_va = 0x7fffaf25ffff monitored = 0 entry_point = 0x7fffaf256080 region_type = mapped_file name = "wifidatacapabilityhandler.dll" filename = "\\Windows\\System32\\wifidatacapabilityhandler.dll" (normalized: "c:\\windows\\system32\\wifidatacapabilityhandler.dll") Region: id = 634 start_va = 0x7fffb1740000 end_va = 0x7fffb174ffff monitored = 0 entry_point = 0x7fffb17460a0 region_type = mapped_file name = "cellulardatacapabilityhandler.dll" filename = "\\Windows\\System32\\cellulardatacapabilityhandler.dll" (normalized: "c:\\windows\\system32\\cellulardatacapabilityhandler.dll") Region: id = 635 start_va = 0x7fffb1770000 end_va = 0x7fffb17d3fff monitored = 0 entry_point = 0x7fffb17b13a0 region_type = mapped_file name = "capabilityaccessmanager.dll" filename = "\\Windows\\System32\\CapabilityAccessManager.dll" (normalized: "c:\\windows\\system32\\capabilityaccessmanager.dll") Region: id = 636 start_va = 0x7fffb1840000 end_va = 0x7fffb187efff monitored = 0 entry_point = 0x7fffb185e5f0 region_type = mapped_file name = "capabilityaccessmanagerclient.dll" filename = "\\Windows\\System32\\CapabilityAccessManagerClient.dll" (normalized: "c:\\windows\\system32\\capabilityaccessmanagerclient.dll") Region: id = 637 start_va = 0x7fffb3890000 end_va = 0x7fffb38e0fff monitored = 0 entry_point = 0x7fffb38c2fd0 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 638 start_va = 0x7fffbd920000 end_va = 0x7fffbda65fff monitored = 0 entry_point = 0x7fffbd927620 region_type = mapped_file name = "windows.staterepositoryps.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryPS.dll" (normalized: "c:\\windows\\system32\\windows.staterepositoryps.dll") Region: id = 639 start_va = 0x7fffbe5b0000 end_va = 0x7fffbe5c9fff monitored = 0 entry_point = 0x7fffbe5b1d80 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 640 start_va = 0x7fffbebf0000 end_va = 0x7fffbec00fff monitored = 0 entry_point = 0x7fffbebf3900 region_type = mapped_file name = "windows.staterepositorycore.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryCore.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorycore.dll") Region: id = 641 start_va = 0x7fffbee80000 end_va = 0x7fffbef30fff monitored = 0 entry_point = 0x7fffbeec6e10 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 642 start_va = 0x7fffbef40000 end_va = 0x7fffbf4c5fff monitored = 0 entry_point = 0x7fffbef97790 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 643 start_va = 0x7fffc6f30000 end_va = 0x7fffc7085fff monitored = 0 entry_point = 0x7fffc6f5b240 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 644 start_va = 0x7fffc8120000 end_va = 0x7fffc8132fff monitored = 0 entry_point = 0x7fffc8123f60 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 645 start_va = 0x7fffc9b80000 end_va = 0x7fffc9baafff monitored = 0 entry_point = 0x7fffc9b82db0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 646 start_va = 0x7fffc9d00000 end_va = 0x7fffc9d11fff monitored = 0 entry_point = 0x7fffc9d055f0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 647 start_va = 0x7fffca270000 end_va = 0x7fffca36ffff monitored = 0 entry_point = 0x7fffca285ac0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 648 start_va = 0x7fffca370000 end_va = 0x7fffca479fff monitored = 0 entry_point = 0x7fffca3a1300 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll") Region: id = 649 start_va = 0x7fffca480000 end_va = 0x7fffca4fefff monitored = 0 entry_point = 0x7fffca4b73e0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 650 start_va = 0x7fffca500000 end_va = 0x7fffca55ffff monitored = 0 entry_point = 0x7fffca510380 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 651 start_va = 0x7fffca560000 end_va = 0x7fffca5fcfff monitored = 0 entry_point = 0x7fffca575390 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 652 start_va = 0x7fffca600000 end_va = 0x7fffca75cfff monitored = 0 entry_point = 0x7fffca64efa0 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 653 start_va = 0x7fffca760000 end_va = 0x7fffca781fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll") Region: id = 654 start_va = 0x7fffca790000 end_va = 0x7fffcaa56fff monitored = 0 entry_point = 0x7fffca7a1bd0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 655 start_va = 0x7fffcaa60000 end_va = 0x7fffcaa86fff monitored = 0 entry_point = 0x7fffcaa68690 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 656 start_va = 0x7fffcad80000 end_va = 0x7fffcae2dfff monitored = 0 entry_point = 0x7fffcadbb940 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 657 start_va = 0x7fffcb2a0000 end_va = 0x7fffcb33afff monitored = 0 entry_point = 0x7fffcb2bc3e0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 658 start_va = 0x7fffcb350000 end_va = 0x7fffcb424fff monitored = 0 entry_point = 0x7fffcb36d190 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 659 start_va = 0x7fffcb440000 end_va = 0x7fffcb4fcfff monitored = 0 entry_point = 0x7fffcb457070 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 660 start_va = 0x7fffcb560000 end_va = 0x7fffcb5fdfff monitored = 0 entry_point = 0x7fffcb567850 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 661 start_va = 0x7fffcb600000 end_va = 0x7fffcb6a9fff monitored = 0 entry_point = 0x7fffcb615470 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 662 start_va = 0x7fffcb7a0000 end_va = 0x7fffcb93ffff monitored = 0 entry_point = 0x7fffcb7b7a10 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 663 start_va = 0x7fffcbae0000 end_va = 0x7fffcbb87fff monitored = 0 entry_point = 0x7fffcbafd990 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 664 start_va = 0x7fffcbb90000 end_va = 0x7fffcbee3fff monitored = 0 entry_point = 0x7fffcbc81d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 665 start_va = 0x7fffcc830000 end_va = 0x7fffcc952fff monitored = 0 entry_point = 0x7fffcc88da30 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 666 start_va = 0x7fffcc960000 end_va = 0x7fffcc989fff monitored = 0 entry_point = 0x7fffcc9648d0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 667 start_va = 0x7fffcca30000 end_va = 0x7fffccc23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 669 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 670 start_va = 0xe00000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 671 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1293 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1416 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1430 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1452 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1458 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1493 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1576 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1623 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1697 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1750 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1787 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1855 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1876 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1888 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1900 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1905 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1914 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1921 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1924 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1933 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1934 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1943 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1953 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1982 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 1997 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2009 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2015 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2849 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2863 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2864 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2874 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2888 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2894 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2904 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2922 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2936 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2941 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2943 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2949 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2956 start_va = 0x600000 end_va = 0x601fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2958 start_va = 0x7fffc35f0000 end_va = 0x7fffc3682fff monitored = 0 entry_point = 0x7fffc35f9e10 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 2959 start_va = 0x600000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 2960 start_va = 0x7fffc92d0000 end_va = 0x7fffc9359fff monitored = 0 entry_point = 0x7fffc9315870 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 2961 start_va = 0x7fffad890000 end_va = 0x7fffadac6fff monitored = 0 entry_point = 0x7fffad9d0970 region_type = mapped_file name = "windows.devices.bluetooth.dll" filename = "\\Windows\\System32\\Windows.Devices.Bluetooth.dll" (normalized: "c:\\windows\\system32\\windows.devices.bluetooth.dll") Region: id = 2962 start_va = 0x7fffca220000 end_va = 0x7fffca26cfff monitored = 0 entry_point = 0x7fffca233280 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2963 start_va = 0x7fffcc020000 end_va = 0x7fffcc08afff monitored = 0 entry_point = 0x7fffcc034300 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2964 start_va = 0x7fffc3510000 end_va = 0x7fffc3547fff monitored = 0 entry_point = 0x7fffc3512200 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 2965 start_va = 0x7fffb2fe0000 end_va = 0x7fffb3032fff monitored = 0 entry_point = 0x7fffb2ff0bd0 region_type = mapped_file name = "biwinrt.dll" filename = "\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll") Region: id = 2966 start_va = 0x7fffaecf0000 end_va = 0x7fffaede1fff monitored = 0 entry_point = 0x7fffaed7cb50 region_type = mapped_file name = "windows.networking.dll" filename = "\\Windows\\System32\\Windows.Networking.dll" (normalized: "c:\\windows\\system32\\windows.networking.dll") Region: id = 2967 start_va = 0x7fffbad10000 end_va = 0x7fffbadc7fff monitored = 0 entry_point = 0x7fffbad1d870 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 2968 start_va = 0x7fffc8f60000 end_va = 0x7fffc8ff2fff monitored = 0 entry_point = 0x7fffc8f68f80 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2969 start_va = 0x7fffc95e0000 end_va = 0x7fffc96a9fff monitored = 0 entry_point = 0x7fffc960bc80 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2970 start_va = 0x7fffc9590000 end_va = 0x7fffc95cafff monitored = 0 entry_point = 0x7fffc959a620 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2971 start_va = 0x7fffcb790000 end_va = 0x7fffcb798fff monitored = 0 entry_point = 0x7fffcb792020 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2972 start_va = 0x7fffc8f30000 end_va = 0x7fffc8f5efff monitored = 0 entry_point = 0x7fffc8f372e0 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 2973 start_va = 0x7fffc34f0000 end_va = 0x7fffc3503fff monitored = 0 entry_point = 0x7fffc34f9810 region_type = mapped_file name = "capabilityaccesshandlers.dll" filename = "\\Windows\\System32\\CapabilityAccessHandlers.dll" (normalized: "c:\\windows\\system32\\capabilityaccesshandlers.dll") Region: id = 2980 start_va = 0x7fffbf6a0000 end_va = 0x7fffbf81ffff monitored = 0 entry_point = 0x7fffbf6c7430 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 2981 start_va = 0x7fffc9f30000 end_va = 0x7fffc9f7afff monitored = 0 entry_point = 0x7fffc9f33480 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2982 start_va = 0x7fffc0190000 end_va = 0x7fffc0214fff monitored = 0 entry_point = 0x7fffc01b0b70 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2983 start_va = 0x7fffc9ec0000 end_va = 0x7fffc9eebfff monitored = 0 entry_point = 0x7fffc9ec7370 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2984 start_va = 0x7fffc9f10000 end_va = 0x7fffc9f21fff monitored = 0 entry_point = 0x7fffc9f13e30 region_type = mapped_file name = "umpdc.dll" filename = "\\Windows\\System32\\umpdc.dll" (normalized: "c:\\windows\\system32\\umpdc.dll") Thread: id = 22 os_tid = 0x129c Thread: id = 23 os_tid = 0x156c Thread: id = 24 os_tid = 0xffc Thread: id = 25 os_tid = 0xf2c Thread: id = 26 os_tid = 0x784 Thread: id = 27 os_tid = 0x678 Thread: id = 28 os_tid = 0xe2c Thread: id = 227 os_tid = 0x1208 Thread: id = 229 os_tid = 0x1290 Thread: id = 236 os_tid = 0x14a8 Thread: id = 237 os_tid = 0x14b0 Process: id = "3" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x5a6ff000" os_pid = "0xa64" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0xffffffffffffffff" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001bd08" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 681 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 682 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 683 start_va = 0x30000 end_va = 0x4cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 684 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 685 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 686 start_va = 0xe0000 end_va = 0xe1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 687 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 688 start_va = 0x100000 end_va = 0x1c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 689 start_va = 0x1d0000 end_va = 0x1d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 690 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 691 start_va = 0x1f0000 end_va = 0x1f5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorerframe.dll.mui" filename = "\\Windows\\System32\\en-US\\explorerframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\explorerframe.dll.mui") Region: id = 692 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 693 start_va = 0x400000 end_va = 0x409fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "combase.dll.mui" filename = "\\Windows\\System32\\en-US\\combase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\combase.dll.mui") Region: id = 694 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stobject.dll.mui" filename = "\\Windows\\System32\\en-US\\stobject.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\stobject.dll.mui") Region: id = 695 start_va = 0x420000 end_va = 0x422fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "inputswitch.dll.mui" filename = "\\Windows\\System32\\en-US\\InputSwitch.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\inputswitch.dll.mui") Region: id = 696 start_va = 0x430000 end_va = 0x431fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 697 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 698 start_va = 0x450000 end_va = 0x470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stobject.dll.mun" filename = "\\Windows\\SystemResources\\stobject.dll.mun" (normalized: "c:\\windows\\systemresources\\stobject.dll.mun") Region: id = 699 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 700 start_va = 0x490000 end_va = 0x497fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 701 start_va = 0x4a0000 end_va = 0x4a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorer.exe.mui" filename = "\\Windows\\en-US\\explorer.exe.mui" (normalized: "c:\\windows\\en-us\\explorer.exe.mui") Region: id = 702 start_va = 0x4b0000 end_va = 0x4b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 703 start_va = 0x4c0000 end_va = 0x4c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 704 start_va = 0x4d0000 end_va = 0x4d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004d0000" filename = "" Region: id = 705 start_va = 0x4e0000 end_va = 0x4e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 706 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 707 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 708 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 709 start_va = 0x520000 end_va = 0x533fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000006.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000006.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000006.db") Region: id = 710 start_va = 0x540000 end_va = 0x54bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dsreg.dll.mui" filename = "\\Windows\\System32\\en-US\\dsreg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dsreg.dll.mui") Region: id = 711 start_va = 0x550000 end_va = 0x64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 712 start_va = 0x650000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 713 start_va = 0x6d0000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 714 start_va = 0x750000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 715 start_va = 0x760000 end_va = 0x760fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 716 start_va = 0x770000 end_va = 0x770fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000770000" filename = "" Region: id = 717 start_va = 0x780000 end_va = 0x783fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.3.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db") Region: id = 718 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 719 start_va = 0x7a0000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 720 start_va = 0x9a0000 end_va = 0xb20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 721 start_va = 0xb30000 end_va = 0x1f30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 722 start_va = 0x1f40000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f40000" filename = "" Region: id = 723 start_va = 0x1fc0000 end_va = 0x1fc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fc0000" filename = "" Region: id = 724 start_va = 0x1fd0000 end_va = 0x1fd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fd0000" filename = "" Region: id = 725 start_va = 0x1fe0000 end_va = 0x1fe1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hcproviders.dll.mui" filename = "\\Windows\\System32\\en-US\\hcproviders.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\hcproviders.dll.mui") Region: id = 726 start_va = 0x1ff0000 end_va = 0x1ffafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "actioncenter.dll.mui" filename = "\\Windows\\System32\\en-US\\ActionCenter.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\actioncenter.dll.mui") Region: id = 727 start_va = 0x2000000 end_va = 0x2001fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002000000" filename = "" Region: id = 728 start_va = 0x2010000 end_va = 0x2011fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002010000" filename = "" Region: id = 729 start_va = 0x2040000 end_va = 0x2043fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 730 start_va = 0x2050000 end_va = 0x2053fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 731 start_va = 0x2060000 end_va = 0x2061fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002060000" filename = "" Region: id = 732 start_va = 0x2070000 end_va = 0x2071fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002070000" filename = "" Region: id = 733 start_va = 0x2080000 end_va = 0x2081fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002080000" filename = "" Region: id = 734 start_va = 0x2090000 end_va = 0x2091fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002090000" filename = "" Region: id = 735 start_va = 0x20a0000 end_va = 0x20a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020a0000" filename = "" Region: id = 736 start_va = 0x20b0000 end_va = 0x20b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowszones.res" filename = "\\Windows\\Globalization\\ICU\\windowsZones.res" (normalized: "c:\\windows\\globalization\\icu\\windowszones.res") Region: id = 737 start_va = 0x20c0000 end_va = 0x20c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020c0000" filename = "" Region: id = 738 start_va = 0x20d0000 end_va = 0x20d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 739 start_va = 0x20e0000 end_va = 0x20e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020e0000" filename = "" Region: id = 740 start_va = 0x20f0000 end_va = 0x20f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 741 start_va = 0x2100000 end_va = 0x2101fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002100000" filename = "" Region: id = 742 start_va = 0x2110000 end_va = 0x2111fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll" filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll") Region: id = 743 start_va = 0x2120000 end_va = 0x212ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 744 start_va = 0x2130000 end_va = 0x2467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 745 start_va = 0x2470000 end_va = 0x247bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002470000" filename = "" Region: id = 746 start_va = 0x2480000 end_va = 0x2481fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002480000" filename = "" Region: id = 747 start_va = 0x2490000 end_va = 0x24a4fff monitored = 0 entry_point = 0x2492110 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 748 start_va = 0x24b0000 end_va = 0x24c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wscui.cpl.mui" filename = "\\Windows\\System32\\en-US\\wscui.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\wscui.cpl.mui") Region: id = 749 start_va = 0x24d0000 end_va = 0x24d7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 750 start_va = 0x24e0000 end_va = 0x24e7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 751 start_va = 0x24f0000 end_va = 0x2550fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shell32.dll.mui" filename = "\\Windows\\System32\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\shell32.dll.mui") Region: id = 752 start_va = 0x2560000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 753 start_va = 0x25e0000 end_va = 0x25e7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\System32\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\windows.storage.dll.mui") Region: id = 754 start_va = 0x25f0000 end_va = 0x25f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Region: id = 755 start_va = 0x2600000 end_va = 0x2600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 756 start_va = 0x2610000 end_va = 0x2611fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002610000" filename = "" Region: id = 757 start_va = 0x2620000 end_va = 0x2621fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002620000" filename = "" Region: id = 758 start_va = 0x2630000 end_va = 0x2631fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "twinui.pcshell.dll.mui" filename = "\\Windows\\System32\\en-US\\twinui.pcshell.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\twinui.pcshell.dll.mui") Region: id = 759 start_va = 0x2640000 end_va = 0x2643fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "2222399582.pri" filename = "\\Windows\\rescache\\_merged\\1840795356\\2222399582.pri" (normalized: "c:\\windows\\rescache\\_merged\\1840795356\\2222399582.pri") Region: id = 760 start_va = 0x2650000 end_va = 0x2651fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002650000" filename = "" Region: id = 761 start_va = 0x2660000 end_va = 0x2664fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oleaccrc.dll.mui" filename = "\\Windows\\System32\\en-US\\oleaccrc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\oleaccrc.dll.mui") Region: id = 762 start_va = 0x2670000 end_va = 0x2751fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 763 start_va = 0x2760000 end_va = 0x2763fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002760000" filename = "" Region: id = 764 start_va = 0x2770000 end_va = 0x2776fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 765 start_va = 0x2780000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 766 start_va = 0x2800000 end_va = 0x2801fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002800000" filename = "" Region: id = 767 start_va = 0x2810000 end_va = 0x2810fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002810000" filename = "" Region: id = 768 start_va = 0x2820000 end_va = 0x2821fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002820000" filename = "" Region: id = 769 start_va = 0x2830000 end_va = 0x283ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002830000" filename = "" Region: id = 770 start_va = 0x2840000 end_va = 0x2840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002840000" filename = "" Region: id = 771 start_va = 0x2860000 end_va = 0x2874fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002860000" filename = "" Region: id = 772 start_va = 0x2880000 end_va = 0x2880fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002880000" filename = "" Region: id = 773 start_va = 0x2890000 end_va = 0x2890fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002890000" filename = "" Region: id = 774 start_va = 0x28a0000 end_va = 0x3afffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 775 start_va = 0x3b00000 end_va = 0x3b00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 776 start_va = 0x3b10000 end_va = 0x3c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b10000" filename = "" Region: id = 777 start_va = 0x3c10000 end_va = 0x3c10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c10000" filename = "" Region: id = 778 start_va = 0x3c20000 end_va = 0x3c2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c20000" filename = "" Region: id = 779 start_va = 0x3c30000 end_va = 0x3c3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c30000" filename = "" Region: id = 780 start_va = 0x3c40000 end_va = 0x3c4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c40000" filename = "" Region: id = 781 start_va = 0x3c50000 end_va = 0x3c50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c50000" filename = "" Region: id = 782 start_va = 0x3c60000 end_va = 0x3c60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c60000" filename = "" Region: id = 783 start_va = 0x3c70000 end_va = 0x3c73fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 784 start_va = 0x3c80000 end_va = 0x3c81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003c80000" filename = "" Region: id = 785 start_va = 0x3c90000 end_va = 0x3d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c90000" filename = "" Region: id = 786 start_va = 0x3d90000 end_va = 0x3d90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d90000" filename = "" Region: id = 787 start_va = 0x3da0000 end_va = 0x3da0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003da0000" filename = "" Region: id = 788 start_va = 0x3db0000 end_va = 0x3db0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003db0000" filename = "" Region: id = 789 start_va = 0x3dc0000 end_va = 0x3e06fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003dc0000" filename = "" Region: id = 790 start_va = 0x3e10000 end_va = 0x3e11fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e10000" filename = "" Region: id = 791 start_va = 0x3e20000 end_va = 0x3e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e20000" filename = "" Region: id = 792 start_va = 0x3e30000 end_va = 0x3e30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e30000" filename = "" Region: id = 793 start_va = 0x3e40000 end_va = 0x3e40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e40000" filename = "" Region: id = 794 start_va = 0x3e50000 end_va = 0x3e50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e50000" filename = "" Region: id = 795 start_va = 0x3e60000 end_va = 0x3e60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 796 start_va = 0x3ef0000 end_va = 0x3ef1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ef0000" filename = "" Region: id = 797 start_va = 0x3f00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 798 start_va = 0x4000000 end_va = 0x407ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 799 start_va = 0x4080000 end_va = 0x4080fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004080000" filename = "" Region: id = 800 start_va = 0x4090000 end_va = 0x4097fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 801 start_va = 0x40a0000 end_va = 0x40a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 802 start_va = 0x40d0000 end_va = 0x40d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 803 start_va = 0x40f0000 end_va = 0x40fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 804 start_va = 0x4110000 end_va = 0x4110fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 805 start_va = 0x41a0000 end_va = 0x41a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041a0000" filename = "" Region: id = 806 start_va = 0x4230000 end_va = 0x4230fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004230000" filename = "" Region: id = 807 start_va = 0x4240000 end_va = 0x4240fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004240000" filename = "" Region: id = 808 start_va = 0x4250000 end_va = 0x4288fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004250000" filename = "" Region: id = 809 start_va = 0x4290000 end_va = 0x429ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 810 start_va = 0x42a0000 end_va = 0x42a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042a0000" filename = "" Region: id = 811 start_va = 0x42b0000 end_va = 0x432ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042b0000" filename = "" Region: id = 812 start_va = 0x4340000 end_va = 0x4360fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellcomponents.pri" filename = "\\Windows\\SystemResources\\ShellComponents\\ShellComponents.pri" (normalized: "c:\\windows\\systemresources\\shellcomponents\\shellcomponents.pri") Region: id = 813 start_va = 0x4370000 end_va = 0x4378fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004370000" filename = "" Region: id = 814 start_va = 0x4380000 end_va = 0x4388fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004380000" filename = "" Region: id = 815 start_va = 0x4390000 end_va = 0x4390fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004390000" filename = "" Region: id = 816 start_va = 0x43a0000 end_va = 0x43a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000043a0000" filename = "" Region: id = 817 start_va = 0x43b0000 end_va = 0x43b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000043b0000" filename = "" Region: id = 818 start_va = 0x43c0000 end_va = 0x43c3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 819 start_va = 0x43d0000 end_va = 0x4418fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db") Region: id = 820 start_va = 0x4420000 end_va = 0x4423fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 821 start_va = 0x4430000 end_va = 0x44cbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 822 start_va = 0x44d0000 end_va = 0x44dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 823 start_va = 0x4560000 end_va = 0x4565fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004560000" filename = "" Region: id = 824 start_va = 0x4570000 end_va = 0x45effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004570000" filename = "" Region: id = 825 start_va = 0x4670000 end_va = 0x4670fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004670000" filename = "" Region: id = 826 start_va = 0x4700000 end_va = 0x477ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 827 start_va = 0x4800000 end_va = 0x487ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 828 start_va = 0x4880000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004880000" filename = "" Region: id = 829 start_va = 0x4900000 end_va = 0x4907fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 830 start_va = 0x4910000 end_va = 0x4911fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004910000" filename = "" Region: id = 831 start_va = 0x4920000 end_va = 0x4920fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004920000" filename = "" Region: id = 832 start_va = 0x4930000 end_va = 0x49affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004930000" filename = "" Region: id = 833 start_va = 0x49b0000 end_va = 0x49f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049b0000" filename = "" Region: id = 834 start_va = 0x4a00000 end_va = 0x4a00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 835 start_va = 0x4a10000 end_va = 0x4a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a10000" filename = "" Region: id = 836 start_va = 0x4b10000 end_va = 0x4b10fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b10000" filename = "" Region: id = 837 start_va = 0x4b20000 end_va = 0x4b20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b20000" filename = "" Region: id = 838 start_va = 0x4b30000 end_va = 0x5021fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004b30000" filename = "" Region: id = 839 start_va = 0x5030000 end_va = 0x5031fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005030000" filename = "" Region: id = 840 start_va = 0x5040000 end_va = 0x5040fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 841 start_va = 0x50d0000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 842 start_va = 0x5150000 end_va = 0x51cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 843 start_va = 0x51d0000 end_va = 0x51f5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "zoneinfo64.res" filename = "\\Windows\\Globalization\\ICU\\zoneinfo64.res" (normalized: "c:\\windows\\globalization\\icu\\zoneinfo64.res") Region: id = 844 start_va = 0x5200000 end_va = 0x5201fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005200000" filename = "" Region: id = 845 start_va = 0x5210000 end_va = 0x5213fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bthprops.cpl.mui" filename = "\\Windows\\System32\\en-US\\bthprops.cpl.mui" (normalized: "c:\\windows\\system32\\en-us\\bthprops.cpl.mui") Region: id = 846 start_va = 0x5220000 end_va = 0x5220fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005220000" filename = "" Region: id = 847 start_va = 0x5260000 end_va = 0x5260fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\System32\\msxml6r.dll" (normalized: "c:\\windows\\system32\\msxml6r.dll") Region: id = 848 start_va = 0x5270000 end_va = 0x527ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005270000" filename = "" Region: id = 849 start_va = 0x5280000 end_va = 0x5291fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001b.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001b.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001b.db") Region: id = 850 start_va = 0x52a0000 end_va = 0x52b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "3968321142.pri" filename = "\\Windows\\rescache\\_merged\\2457103279\\3968321142.pri" (normalized: "c:\\windows\\rescache\\_merged\\2457103279\\3968321142.pri") Region: id = 851 start_va = 0x52c0000 end_va = 0x52c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sndvolsso.dll.mui" filename = "\\Windows\\System32\\en-US\\sndvolsso.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sndvolsso.dll.mui") Region: id = 852 start_va = 0x52d0000 end_va = 0x52d1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnidui.dll.mui" filename = "\\Windows\\System32\\en-US\\pnidui.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnidui.dll.mui") Region: id = 853 start_va = 0x52e0000 end_va = 0x52e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052e0000" filename = "" Region: id = 854 start_va = 0x52f0000 end_va = 0x52f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000052f0000" filename = "" Region: id = 855 start_va = 0x5300000 end_va = 0x5306fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 856 start_va = 0x5310000 end_va = 0x540ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005310000" filename = "" Region: id = 857 start_va = 0x5410000 end_va = 0x548ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005410000" filename = "" Region: id = 858 start_va = 0x54a0000 end_va = 0x54a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054a0000" filename = "" Region: id = 859 start_va = 0x54c0000 end_va = 0x54c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054c0000" filename = "" Region: id = 860 start_va = 0x54f0000 end_va = 0x54fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054f0000" filename = "" Region: id = 861 start_va = 0x5510000 end_va = 0x5513fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db") Region: id = 862 start_va = 0x5530000 end_va = 0x562ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005530000" filename = "" Region: id = 863 start_va = 0x5630000 end_va = 0x5677fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005630000" filename = "" Region: id = 864 start_va = 0x5680000 end_va = 0x587ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005680000" filename = "" Region: id = 865 start_va = 0x5c00000 end_va = 0x5c47fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c00000" filename = "" Region: id = 866 start_va = 0x5cd0000 end_va = 0x64cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005cd0000" filename = "" Region: id = 867 start_va = 0x64d0000 end_va = 0x654ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000064d0000" filename = "" Region: id = 868 start_va = 0x6550000 end_va = 0x65cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006550000" filename = "" Region: id = 869 start_va = 0x65d0000 end_va = 0x664ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065d0000" filename = "" Region: id = 870 start_va = 0x6650000 end_va = 0x66cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006650000" filename = "" Region: id = 871 start_va = 0x66d0000 end_va = 0x674ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 872 start_va = 0x6750000 end_va = 0x67cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006750000" filename = "" Region: id = 873 start_va = 0x67d0000 end_va = 0x690efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 874 start_va = 0x6910000 end_va = 0x6910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000006910000" filename = "" Region: id = 875 start_va = 0x6920000 end_va = 0x6972fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 876 start_va = 0x6980000 end_va = 0x6b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006980000" filename = "" Region: id = 877 start_va = 0x6b80000 end_va = 0x70fafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "prm0009.dll" filename = "\\Windows\\System32\\prm0009.dll" (normalized: "c:\\windows\\system32\\prm0009.dll") Region: id = 878 start_va = 0x7100000 end_va = 0x717ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007100000" filename = "" Region: id = 879 start_va = 0x7180000 end_va = 0x71fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007180000" filename = "" Region: id = 880 start_va = 0x7200000 end_va = 0x727ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007200000" filename = "" Region: id = 881 start_va = 0x7280000 end_va = 0x927ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007280000" filename = "" Region: id = 882 start_va = 0x9280000 end_va = 0x92fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009280000" filename = "" Region: id = 883 start_va = 0x9300000 end_va = 0x96fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009300000" filename = "" Region: id = 884 start_va = 0x9700000 end_va = 0x97fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009700000" filename = "" Region: id = 885 start_va = 0x9800000 end_va = 0x987ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009800000" filename = "" Region: id = 886 start_va = 0x9880000 end_va = 0x997ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 887 start_va = 0x9980000 end_va = 0x9980fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009980000" filename = "" Region: id = 888 start_va = 0x9990000 end_va = 0x9a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009990000" filename = "" Region: id = 889 start_va = 0x9a90000 end_va = 0x9b8ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 890 start_va = 0x9c10000 end_va = 0x9da1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.ui.shellcommon.pri" filename = "\\Windows\\SystemResources\\Windows.UI.ShellCommon\\Windows.UI.ShellCommon.pri" (normalized: "c:\\windows\\systemresources\\windows.ui.shellcommon\\windows.ui.shellcommon.pri") Region: id = 891 start_va = 0x9db0000 end_va = 0x9e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009db0000" filename = "" Region: id = 892 start_va = 0x9e30000 end_va = 0x9eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009e30000" filename = "" Region: id = 893 start_va = 0x9eb0000 end_va = 0x9f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009eb0000" filename = "" Region: id = 894 start_va = 0x9f30000 end_va = 0x9fbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sndvolsso.dll.mun" filename = "\\Windows\\SystemResources\\SndVolSSO.dll.mun" (normalized: "c:\\windows\\systemresources\\sndvolsso.dll.mun") Region: id = 895 start_va = 0x9fc0000 end_va = 0xa0bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 896 start_va = 0xa0c0000 end_va = 0xa13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a0c0000" filename = "" Region: id = 897 start_va = 0xa140000 end_va = 0xa1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a140000" filename = "" Region: id = 898 start_va = 0xa1c0000 end_va = 0xa23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a1c0000" filename = "" Region: id = 899 start_va = 0xa340000 end_va = 0xa3bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a340000" filename = "" Region: id = 900 start_va = 0xa3c0000 end_va = 0xa43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a3c0000" filename = "" Region: id = 901 start_va = 0xa440000 end_va = 0xa4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a440000" filename = "" Region: id = 902 start_va = 0xa4c0000 end_va = 0xa53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a4c0000" filename = "" Region: id = 903 start_va = 0xa540000 end_va = 0xa5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a540000" filename = "" Region: id = 904 start_va = 0xa640000 end_va = 0xa6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a640000" filename = "" Region: id = 905 start_va = 0xa6c0000 end_va = 0xa73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a6c0000" filename = "" Region: id = 906 start_va = 0xa740000 end_va = 0xb73ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 907 start_va = 0xb740000 end_va = 0xbf3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-s-1-5-21-245394380-2276627025-4024548581-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-245394380-2276627025-4024548581-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-245394380-2276627025-4024548581-1000.dat") Region: id = 908 start_va = 0xbf40000 end_va = 0xc029fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 909 start_va = 0xc030000 end_va = 0xc0defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.ui.xaml.resources.19h1.dll" filename = "\\Windows\\System32\\Windows.UI.Xaml.Resources.19h1.dll" (normalized: "c:\\windows\\system32\\windows.ui.xaml.resources.19h1.dll") Region: id = 910 start_va = 0xc0e0000 end_va = 0xc1dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 911 start_va = 0xc1e0000 end_va = 0xc2dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 912 start_va = 0xc2e0000 end_va = 0xc3dffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 913 start_va = 0xc3e0000 end_va = 0xc58afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ieframe.dll.mui" filename = "\\Windows\\System32\\en-US\\ieframe.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\ieframe.dll.mui") Region: id = 914 start_va = 0xc5e0000 end_va = 0xcddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c5e0000" filename = "" Region: id = 915 start_va = 0xcde0000 end_va = 0xcedffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_32.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db") Region: id = 916 start_va = 0xd260000 end_va = 0xd35ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 917 start_va = 0xd560000 end_va = 0xd65ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_32.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_32.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_32.db") Region: id = 918 start_va = 0xd660000 end_va = 0xd75ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 919 start_va = 0xdb60000 end_va = 0xdb67fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 920 start_va = 0xdf30000 end_va = 0xdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000df30000" filename = "" Region: id = 921 start_va = 0xe1b0000 end_va = 0xe22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e1b0000" filename = "" Region: id = 922 start_va = 0xe830000 end_va = 0xe8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e830000" filename = "" Region: id = 923 start_va = 0xf140000 end_va = 0xf631fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f140000" filename = "" Region: id = 924 start_va = 0xf640000 end_va = 0xfa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f640000" filename = "" Region: id = 925 start_va = 0xfa40000 end_va = 0xff31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fa40000" filename = "" Region: id = 926 start_va = 0x10440000 end_va = 0x10931fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010440000" filename = "" Region: id = 927 start_va = 0x10940000 end_va = 0x10e31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010940000" filename = "" Region: id = 928 start_va = 0x11390000 end_va = 0x1140ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011390000" filename = "" Region: id = 929 start_va = 0x11410000 end_va = 0x1148ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011410000" filename = "" Region: id = 930 start_va = 0x11510000 end_va = 0x1158ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011510000" filename = "" Region: id = 931 start_va = 0x119d0000 end_va = 0x11acffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db") Region: id = 932 start_va = 0x11ad0000 end_va = 0x11bcffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "thumbcache_48.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db") Region: id = 933 start_va = 0x127d0000 end_va = 0x12cc1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000127d0000" filename = "" Region: id = 934 start_va = 0x136c0000 end_va = 0x13bb1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000136c0000" filename = "" Region: id = 935 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 936 start_va = 0x7ff4fde80000 end_va = 0x7ff4fde8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fde80000" filename = "" Region: id = 937 start_va = 0x7ff4fde90000 end_va = 0x7ff4fdf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff4fde90000" filename = "" Region: id = 938 start_va = 0x7ff4fdf90000 end_va = 0x7ff5fdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdf90000" filename = "" Region: id = 939 start_va = 0x7ff5fdfb0000 end_va = 0x7ff5fffb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fdfb0000" filename = "" Region: id = 940 start_va = 0x7ff5fffc0000 end_va = 0x7ff5fffc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffc0000" filename = "" Region: id = 941 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 942 start_va = 0x7ff6a6b30000 end_va = 0x7ff6a6f72fff monitored = 0 entry_point = 0x7ff6a6bc6d20 region_type = mapped_file name = "explorer.exe" filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe") Region: id = 943 start_va = 0x7fffaa640000 end_va = 0x7fffaa719fff monitored = 0 entry_point = 0x7fffaa646450 region_type = mapped_file name = "ieproxy.dll" filename = "\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll") Region: id = 944 start_va = 0x7fffaa910000 end_va = 0x7fffab059fff monitored = 0 entry_point = 0x7fffaaa2b240 region_type = mapped_file name = "ieframe.dll" filename = "\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll") Region: id = 945 start_va = 0x7fffab060000 end_va = 0x7fffab0b3fff monitored = 0 entry_point = 0x7fffab063650 region_type = mapped_file name = "msiso.dll" filename = "\\Windows\\System32\\msIso.dll" (normalized: "c:\\windows\\system32\\msiso.dll") Region: id = 946 start_va = 0x7fffab0c0000 end_va = 0x7fffab0d5fff monitored = 0 entry_point = 0x7fffab0c3a20 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\System32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll") Region: id = 947 start_va = 0x7fffab0e0000 end_va = 0x7fffab131fff monitored = 0 entry_point = 0x7fffab105540 region_type = mapped_file name = "smartscreenps.dll" filename = "\\Windows\\System32\\smartscreenps.dll" (normalized: "c:\\windows\\system32\\smartscreenps.dll") Region: id = 948 start_va = 0x7fffac300000 end_va = 0x7fffac4a5fff monitored = 0 entry_point = 0x7fffac356b40 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.207_none_faee9ef77614c0c2\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.207_none_faee9ef77614c0c2\\gdiplus.dll") Region: id = 949 start_va = 0x7fffac770000 end_va = 0x7fffac848fff monitored = 0 entry_point = 0x7fffac7753c0 region_type = mapped_file name = "werconcpl.dll" filename = "\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll") Region: id = 950 start_va = 0x7fffae070000 end_va = 0x7fffae27dfff monitored = 0 entry_point = 0x7fffae1e4360 region_type = mapped_file name = "taskflowui.dll" filename = "\\Windows\\ShellComponents\\TaskFlowUI.dll" (normalized: "c:\\windows\\shellcomponents\\taskflowui.dll") Region: id = 951 start_va = 0x7fffae5b0000 end_va = 0x7fffae5fbfff monitored = 0 entry_point = 0x7fffae5b5fd0 region_type = mapped_file name = "wscapi.dll" filename = "\\Windows\\System32\\wscapi.dll" (normalized: "c:\\windows\\system32\\wscapi.dll") Region: id = 952 start_va = 0x7fffae600000 end_va = 0x7fffae660fff monitored = 0 entry_point = 0x7fffae641980 region_type = mapped_file name = "windows.fileexplorer.common.dll" filename = "\\Windows\\System32\\Windows.FileExplorer.Common.dll" (normalized: "c:\\windows\\system32\\windows.fileexplorer.common.dll") Region: id = 953 start_va = 0x7fffae670000 end_va = 0x7fffae6c2fff monitored = 0 entry_point = 0x7fffae678810 region_type = mapped_file name = "actioncenter.dll" filename = "\\Windows\\System32\\ActionCenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll") Region: id = 954 start_va = 0x7fffae6d0000 end_va = 0x7fffae8e8fff monitored = 0 entry_point = 0x7fffae6ddaf0 region_type = mapped_file name = "pnidui.dll" filename = "\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll") Region: id = 955 start_va = 0x7fffae8f0000 end_va = 0x7fffae8fcfff monitored = 0 entry_point = 0x7fffae8f4630 region_type = mapped_file name = "atlthunk.dll" filename = "\\Windows\\System32\\atlthunk.dll" (normalized: "c:\\windows\\system32\\atlthunk.dll") Region: id = 956 start_va = 0x7fffae900000 end_va = 0x7fffae918fff monitored = 0 entry_point = 0x7fffae902820 region_type = mapped_file name = "syncreg.dll" filename = "\\Windows\\System32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll") Region: id = 957 start_va = 0x7fffae920000 end_va = 0x7fffae960fff monitored = 0 entry_point = 0x7fffae921e00 region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\System32\\shdocvw.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll") Region: id = 958 start_va = 0x7fffae970000 end_va = 0x7fffae9e9fff monitored = 0 entry_point = 0x7fffae972550 region_type = mapped_file name = "dxp.dll" filename = "\\Windows\\System32\\DXP.dll" (normalized: "c:\\windows\\system32\\dxp.dll") Region: id = 959 start_va = 0x7fffaeb90000 end_va = 0x7fffaebcdfff monitored = 0 entry_point = 0x7fffaeb938e0 region_type = mapped_file name = "prnfldr.dll" filename = "\\Windows\\System32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll") Region: id = 960 start_va = 0x7fffaebd0000 end_va = 0x7fffaebddfff monitored = 0 entry_point = 0x7fffaebd26d0 region_type = mapped_file name = "windows.ui.shell.dll" filename = "\\Windows\\System32\\Windows.UI.Shell.dll" (normalized: "c:\\windows\\system32\\windows.ui.shell.dll") Region: id = 961 start_va = 0x7fffaebe0000 end_va = 0x7fffaebeefff monitored = 0 entry_point = 0x7fffaebe1450 region_type = mapped_file name = "batmeter.dll" filename = "\\Windows\\System32\\batmeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll") Region: id = 962 start_va = 0x7fffaebf0000 end_va = 0x7fffaec40fff monitored = 0 entry_point = 0x7fffaebf7350 region_type = mapped_file name = "stobject.dll" filename = "\\Windows\\System32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll") Region: id = 963 start_va = 0x7fffaeec0000 end_va = 0x7fffaeeeffff monitored = 0 entry_point = 0x7fffaeecbe20 region_type = mapped_file name = "rtworkq.dll" filename = "\\Windows\\System32\\RTWorkQ.dll" (normalized: "c:\\windows\\system32\\rtworkq.dll") Region: id = 964 start_va = 0x7fffaeef0000 end_va = 0x7fffaf0aafff monitored = 0 entry_point = 0x7fffaef24590 region_type = mapped_file name = "mfplat.dll" filename = "\\Windows\\System32\\mfplat.dll" (normalized: "c:\\windows\\system32\\mfplat.dll") Region: id = 965 start_va = 0x7fffaf320000 end_va = 0x7fffaf54dfff monitored = 0 entry_point = 0x7fffaf3335e0 region_type = mapped_file name = "icu.dll" filename = "\\Windows\\System32\\icu.dll" (normalized: "c:\\windows\\system32\\icu.dll") Region: id = 966 start_va = 0x7fffb1820000 end_va = 0x7fffb1830fff monitored = 0 entry_point = 0x7fffb1826910 region_type = mapped_file name = "dusmapi.dll" filename = "\\Windows\\System32\\dusmapi.dll" (normalized: "c:\\windows\\system32\\dusmapi.dll") Region: id = 967 start_va = 0x7fffb1840000 end_va = 0x7fffb187efff monitored = 0 entry_point = 0x7fffb185e5f0 region_type = mapped_file name = "capabilityaccessmanagerclient.dll" filename = "\\Windows\\System32\\CapabilityAccessManagerClient.dll" (normalized: "c:\\windows\\system32\\capabilityaccessmanagerclient.dll") Region: id = 968 start_va = 0x7fffb2dd0000 end_va = 0x7fffb2e2dfff monitored = 0 entry_point = 0x7fffb2dd24d0 region_type = mapped_file name = "wpnclient.dll" filename = "\\Windows\\System32\\wpnclient.dll" (normalized: "c:\\windows\\system32\\wpnclient.dll") Region: id = 969 start_va = 0x7fffb2f60000 end_va = 0x7fffb2fdcfff monitored = 0 entry_point = 0x7fffb2f626f0 region_type = mapped_file name = "provsvc.dll" filename = "\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll") Region: id = 970 start_va = 0x7fffb3890000 end_va = 0x7fffb38e0fff monitored = 0 entry_point = 0x7fffb38c2fd0 region_type = mapped_file name = "capauthz.dll" filename = "\\Windows\\System32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll") Region: id = 971 start_va = 0x7fffb3910000 end_va = 0x7fffb393efff monitored = 0 entry_point = 0x7fffb392ac30 region_type = mapped_file name = "cflapi.dll" filename = "\\Windows\\System32\\cflapi.dll" (normalized: "c:\\windows\\system32\\cflapi.dll") Region: id = 972 start_va = 0x7fffb3940000 end_va = 0x7fffb39affff monitored = 0 entry_point = 0x7fffb3953d40 region_type = mapped_file name = "cryptngc.dll" filename = "\\Windows\\System32\\cryptngc.dll" (normalized: "c:\\windows\\system32\\cryptngc.dll") Region: id = 973 start_va = 0x7fffb39b0000 end_va = 0x7fffb3a5efff monitored = 0 entry_point = 0x7fffb39b44f0 region_type = mapped_file name = "shellcommoncommonproxystub.dll" filename = "\\Windows\\System32\\ShellCommonCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\shellcommoncommonproxystub.dll") Region: id = 974 start_va = 0x7fffb3a60000 end_va = 0x7fffb3a70fff monitored = 0 entry_point = 0x7fffb3a61af0 region_type = mapped_file name = "pcshellcommonproxystub.dll" filename = "\\Windows\\System32\\PCShellCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\pcshellcommonproxystub.dll") Region: id = 975 start_va = 0x7fffb3a90000 end_va = 0x7fffb3b98fff monitored = 0 entry_point = 0x7fffb3ab7910 region_type = mapped_file name = "windows.ui.core.textinput.dll" filename = "\\Windows\\System32\\Windows.UI.Core.TextInput.dll" (normalized: "c:\\windows\\system32\\windows.ui.core.textinput.dll") Region: id = 976 start_va = 0x7fffb3ba0000 end_va = 0x7fffb3bf1fff monitored = 0 entry_point = 0x7fffb3bb3150 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 977 start_va = 0x7fffb3eb0000 end_va = 0x7fffb3f2cfff monitored = 0 entry_point = 0x7fffb3ef5320 region_type = mapped_file name = "tilecontrol.dll" filename = "\\Windows\\ShellExperiences\\TileControl.dll" (normalized: "c:\\windows\\shellexperiences\\tilecontrol.dll") Region: id = 978 start_va = 0x7fffb3f30000 end_va = 0x7fffb417afff monitored = 0 entry_point = 0x7fffb40cbfa0 region_type = mapped_file name = "windowsinternal.composableshell.experiences.switcher.dll" filename = "\\Windows\\ShellComponents\\WindowsInternal.ComposableShell.Experiences.Switcher.dll" (normalized: "c:\\windows\\shellcomponents\\windowsinternal.composableshell.experiences.switcher.dll") Region: id = 979 start_va = 0x7fffb4400000 end_va = 0x7fffb4409fff monitored = 0 entry_point = 0x7fffb4401390 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 980 start_va = 0x7fffb4480000 end_va = 0x7fffb44fffff monitored = 0 entry_point = 0x7fffb44cb0c0 region_type = mapped_file name = "dictationmanager.dll" filename = "\\Windows\\System32\\DictationManager.dll" (normalized: "c:\\windows\\system32\\dictationmanager.dll") Region: id = 981 start_va = 0x7fffb4500000 end_va = 0x7fffb46d9fff monitored = 0 entry_point = 0x7fffb4521560 region_type = mapped_file name = "windowsudk.shellcommon.dll" filename = "\\Windows\\System32\\windowsudk.shellcommon.dll" (normalized: "c:\\windows\\system32\\windowsudk.shellcommon.dll") Region: id = 982 start_va = 0x7fffb4b10000 end_va = 0x7fffb4b8cfff monitored = 0 entry_point = 0x7fffb4b18340 region_type = mapped_file name = "synccenter.dll" filename = "\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll") Region: id = 983 start_va = 0x7fffb4b90000 end_va = 0x7fffb4c16fff monitored = 0 entry_point = 0x7fffb4b91e10 region_type = mapped_file name = "windows.data.activities.dll" filename = "\\Windows\\System32\\Windows.Data.Activities.dll" (normalized: "c:\\windows\\system32\\windows.data.activities.dll") Region: id = 984 start_va = 0x7fffb4d60000 end_va = 0x7fffb4edbfff monitored = 0 entry_point = 0x7fffb4e46f30 region_type = mapped_file name = "taskflowdataengine.dll" filename = "\\Windows\\System32\\TaskFlowDataEngine.dll" (normalized: "c:\\windows\\system32\\taskflowdataengine.dll") Region: id = 985 start_va = 0x7fffb5030000 end_va = 0x7fffb528dfff monitored = 0 entry_point = 0x7fffb5098a80 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll") Region: id = 986 start_va = 0x7fffb54c0000 end_va = 0x7fffb55cffff monitored = 0 entry_point = 0x7fffb5573a20 region_type = mapped_file name = "windows.internal.signals.dll" filename = "\\Windows\\System32\\Windows.Internal.Signals.dll" (normalized: "c:\\windows\\system32\\windows.internal.signals.dll") Region: id = 987 start_va = 0x7fffb55d0000 end_va = 0x7fffb5623fff monitored = 0 entry_point = 0x7fffb5606a80 region_type = mapped_file name = "windows.shell.bluelightreduction.dll" filename = "\\Windows\\System32\\Windows.Shell.BlueLightReduction.dll" (normalized: "c:\\windows\\system32\\windows.shell.bluelightreduction.dll") Region: id = 988 start_va = 0x7fffb5630000 end_va = 0x7fffb5664fff monitored = 0 entry_point = 0x7fffb564f4a0 region_type = mapped_file name = "npsm.dll" filename = "\\Windows\\System32\\NPSM.dll" (normalized: "c:\\windows\\system32\\npsm.dll") Region: id = 989 start_va = 0x7fffb5740000 end_va = 0x7fffb57abfff monitored = 0 entry_point = 0x7fffb574d1e0 region_type = mapped_file name = "abovelockapphost.dll" filename = "\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll") Region: id = 990 start_va = 0x7fffb57b0000 end_va = 0x7fffb57d6fff monitored = 0 entry_point = 0x7fffb57b4220 region_type = mapped_file name = "winmm.dll" filename = "\\Windows\\System32\\winmm.dll" (normalized: "c:\\windows\\system32\\winmm.dll") Region: id = 991 start_va = 0x7fffb57e0000 end_va = 0x7fffb57f7fff monitored = 0 entry_point = 0x7fffb57e1360 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 992 start_va = 0x7fffb59b0000 end_va = 0x7fffb59cbfff monitored = 0 entry_point = 0x7fffb59beb20 region_type = mapped_file name = "virtualmonitormanager.dll" filename = "\\Windows\\System32\\VirtualMonitorManager.dll" (normalized: "c:\\windows\\system32\\virtualmonitormanager.dll") Region: id = 993 start_va = 0x7fffb59d0000 end_va = 0x7fffb5aa2fff monitored = 0 entry_point = 0x7fffb5a51ad0 region_type = mapped_file name = "holographicextensions.dll" filename = "\\Windows\\System32\\HolographicExtensions.dll" (normalized: "c:\\windows\\system32\\holographicextensions.dll") Region: id = 994 start_va = 0x7fffb5d40000 end_va = 0x7fffb5d4bfff monitored = 0 entry_point = 0x7fffb5d42560 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 995 start_va = 0x7fffb6030000 end_va = 0x7fffb60fcfff monitored = 0 entry_point = 0x7fffb6035b60 region_type = mapped_file name = "cscui.dll" filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll") Region: id = 996 start_va = 0x7fffb6100000 end_va = 0x7fffb6136fff monitored = 0 entry_point = 0x7fffb6102e30 region_type = mapped_file name = "ehstorshell.dll" filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll") Region: id = 997 start_va = 0x7fffb6240000 end_va = 0x7fffb624cfff monitored = 0 entry_point = 0x7fffb6241df0 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\System32\\linkinfo.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll") Region: id = 998 start_va = 0x7fffb6250000 end_va = 0x7fffb62ccfff monitored = 0 entry_point = 0x7fffb62617b0 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll") Region: id = 999 start_va = 0x7fffb62d0000 end_va = 0x7fffb637afff monitored = 0 entry_point = 0x7fffb6300af0 region_type = mapped_file name = "applicationframe.dll" filename = "\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll") Region: id = 1000 start_va = 0x7fffb6380000 end_va = 0x7fffb63c8fff monitored = 0 entry_point = 0x7fffb6383550 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 1001 start_va = 0x7fffb63d0000 end_va = 0x7fffb69bdfff monitored = 0 entry_point = 0x7fffb6484e60 region_type = mapped_file name = "twinui.dll" filename = "\\Windows\\System32\\twinui.dll" (normalized: "c:\\windows\\system32\\twinui.dll") Region: id = 1002 start_va = 0x7fffb6ac0000 end_va = 0x7fffb6ae3fff monitored = 0 entry_point = 0x7fffb6ac1790 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 1003 start_va = 0x7fffb6af0000 end_va = 0x7fffb6b55fff monitored = 0 entry_point = 0x7fffb6b0d000 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll") Region: id = 1004 start_va = 0x7fffb6c20000 end_va = 0x7fffb6c41fff monitored = 0 entry_point = 0x7fffb6c35070 region_type = mapped_file name = "cldapi.dll" filename = "\\Windows\\System32\\cldapi.dll" (normalized: "c:\\windows\\system32\\cldapi.dll") Region: id = 1005 start_va = 0x7fffb6c50000 end_va = 0x7fffb6d0dfff monitored = 0 entry_point = 0x7fffb6c63a80 region_type = mapped_file name = "windows.immersiveshell.serviceprovider.dll" filename = "\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll") Region: id = 1006 start_va = 0x7fffb6d10000 end_va = 0x7fffb72dcfff monitored = 0 entry_point = 0x7fffb6d99030 region_type = mapped_file name = "twinui.pcshell.dll" filename = "\\Windows\\System32\\twinui.pcshell.dll" (normalized: "c:\\windows\\system32\\twinui.pcshell.dll") Region: id = 1007 start_va = 0x7fffb72e0000 end_va = 0x7fffb74fefff monitored = 0 entry_point = 0x7fffb7366f20 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll") Region: id = 1008 start_va = 0x7fffb7500000 end_va = 0x7fffb753dfff monitored = 0 entry_point = 0x7fffb7507f40 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll") Region: id = 1009 start_va = 0x7fffb7540000 end_va = 0x7fffb75a5fff monitored = 0 entry_point = 0x7fffb754eb60 region_type = mapped_file name = "oleacc.dll" filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll") Region: id = 1010 start_va = 0x7fffb75b0000 end_va = 0x7fffb75fffff monitored = 0 entry_point = 0x7fffb75ba9a0 region_type = mapped_file name = "sndvolsso.dll" filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll") Region: id = 1011 start_va = 0x7fffb7600000 end_va = 0x7fffb7b82fff monitored = 0 entry_point = 0x7fffb7724880 region_type = mapped_file name = "starttiledata.dll" filename = "\\Windows\\System32\\StartTileData.dll" (normalized: "c:\\windows\\system32\\starttiledata.dll") Region: id = 1012 start_va = 0x7fffb7b90000 end_va = 0x7fffb7e29fff monitored = 0 entry_point = 0x7fffb7c296c0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec\\comctl32.dll") Region: id = 1013 start_va = 0x7fffb7e30000 end_va = 0x7fffb7ed8fff monitored = 0 entry_point = 0x7fffb7e3e040 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll") Region: id = 1014 start_va = 0x7fffb7ee0000 end_va = 0x7fffb7f6afff monitored = 0 entry_point = 0x7fffb7ef7060 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 1015 start_va = 0x7fffb7f70000 end_va = 0x7fffb7fcdfff monitored = 0 entry_point = 0x7fffb7f72ba0 region_type = mapped_file name = "notificationcontrollerps.dll" filename = "\\Windows\\System32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll") Region: id = 1016 start_va = 0x7fffb7fd0000 end_va = 0x7fffb8113fff monitored = 0 entry_point = 0x7fffb7febfd0 region_type = mapped_file name = "wpnapps.dll" filename = "\\Windows\\System32\\wpnapps.dll" (normalized: "c:\\windows\\system32\\wpnapps.dll") Region: id = 1017 start_va = 0x7fffb8120000 end_va = 0x7fffb815ffff monitored = 0 entry_point = 0x7fffb8125af0 region_type = mapped_file name = "windows.staterepositoryclient.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryClient.dll" (normalized: "c:\\windows\\system32\\windows.staterepositoryclient.dll") Region: id = 1018 start_va = 0x7fffb8160000 end_va = 0x7fffb81f8fff monitored = 0 entry_point = 0x7fffb816e1c0 region_type = mapped_file name = "tiledatarepository.dll" filename = "\\Windows\\System32\\TileDataRepository.dll" (normalized: "c:\\windows\\system32\\tiledatarepository.dll") Region: id = 1019 start_va = 0x7fffb8a20000 end_va = 0x7fffb8a66fff monitored = 0 entry_point = 0x7fffb8a4dc00 region_type = mapped_file name = "container.dll" filename = "\\Windows\\System32\\container.dll" (normalized: "c:\\windows\\system32\\container.dll") Region: id = 1020 start_va = 0x7fffb8a70000 end_va = 0x7fffb8a7afff monitored = 0 entry_point = 0x7fffb8a73070 region_type = mapped_file name = "fltlib.dll" filename = "\\Windows\\System32\\fltLib.dll" (normalized: "c:\\windows\\system32\\fltlib.dll") Region: id = 1021 start_va = 0x7fffb8a80000 end_va = 0x7fffb8b2dfff monitored = 0 entry_point = 0x7fffb8aef9d0 region_type = mapped_file name = "daxexec.dll" filename = "\\Windows\\System32\\daxexec.dll" (normalized: "c:\\windows\\system32\\daxexec.dll") Region: id = 1022 start_va = 0x7fffb8bb0000 end_va = 0x7fffb8bc7fff monitored = 0 entry_point = 0x7fffb8bb1bf0 region_type = mapped_file name = "execmodelproxy.dll" filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll") Region: id = 1023 start_va = 0x7fffb8bd0000 end_va = 0x7fffb8c69fff monitored = 0 entry_point = 0x7fffb8bd60e0 region_type = mapped_file name = "uiamanager.dll" filename = "\\Windows\\System32\\UiaManager.dll" (normalized: "c:\\windows\\system32\\uiamanager.dll") Region: id = 1024 start_va = 0x7fffb8c70000 end_va = 0x7fffb8d14fff monitored = 0 entry_point = 0x7fffb8c767f0 region_type = mapped_file name = "twinui.appcore.dll" filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll") Region: id = 1025 start_va = 0x7fffb8d40000 end_va = 0x7fffb8dfbfff monitored = 0 entry_point = 0x7fffb8dbd430 region_type = mapped_file name = "windows.system.launcher.dll" filename = "\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll") Region: id = 1026 start_va = 0x7fffb9010000 end_va = 0x7fffb902ffff monitored = 0 entry_point = 0x7fffb9018480 region_type = mapped_file name = "windows.staterepositorybroker.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryBroker.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorybroker.dll") Region: id = 1027 start_va = 0x7fffb97a0000 end_va = 0x7fffb9848fff monitored = 0 entry_point = 0x7fffb97a9a00 region_type = mapped_file name = "wlidprov.dll" filename = "\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll") Region: id = 1028 start_va = 0x7fffb9a00000 end_va = 0x7fffb9a58fff monitored = 0 entry_point = 0x7fffb9a0daa0 region_type = mapped_file name = "execmodelclient.dll" filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll") Region: id = 1029 start_va = 0x7fffb9af0000 end_va = 0x7fffb9c0cfff monitored = 0 entry_point = 0x7fffb9b0dc60 region_type = mapped_file name = "windows.security.authentication.web.core.dll" filename = "\\Windows\\System32\\Windows.Security.Authentication.Web.Core.dll" (normalized: "c:\\windows\\system32\\windows.security.authentication.web.core.dll") Region: id = 1030 start_va = 0x7fffb9e60000 end_va = 0x7fffb9f47fff monitored = 0 entry_point = 0x7fffb9eaf5b0 region_type = mapped_file name = "windows.cloudstore.schema.shell.dll" filename = "\\Windows\\System32\\Windows.CloudStore.Schema.Shell.dll" (normalized: "c:\\windows\\system32\\windows.cloudstore.schema.shell.dll") Region: id = 1031 start_va = 0x7fffb9f50000 end_va = 0x7fffb9f86fff monitored = 0 entry_point = 0x7fffb9f58c10 region_type = mapped_file name = "appextension.dll" filename = "\\Windows\\System32\\AppExtension.dll" (normalized: "c:\\windows\\system32\\appextension.dll") Region: id = 1032 start_va = 0x7fffb9f90000 end_va = 0x7fffba01ffff monitored = 0 entry_point = 0x7fffb9ff2720 region_type = mapped_file name = "appresolver.dll" filename = "\\Windows\\System32\\AppResolver.dll" (normalized: "c:\\windows\\system32\\appresolver.dll") Region: id = 1033 start_va = 0x7fffba1a0000 end_va = 0x7fffba2b6fff monitored = 0 entry_point = 0x7fffba1fcbc0 region_type = mapped_file name = "settingsynccore.dll" filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll") Region: id = 1034 start_va = 0x7fffba530000 end_va = 0x7fffba55bfff monitored = 0 entry_point = 0x7fffba54b730 region_type = mapped_file name = "dbgcore.dll" filename = "\\Windows\\System32\\dbgcore.dll" (normalized: "c:\\windows\\system32\\dbgcore.dll") Region: id = 1035 start_va = 0x7fffba560000 end_va = 0x7fffba743fff monitored = 0 entry_point = 0x7fffba57a770 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 1036 start_va = 0x7fffba7f0000 end_va = 0x7fffbac8dfff monitored = 0 entry_point = 0x7fffba841e80 region_type = mapped_file name = "cdp.dll" filename = "\\Windows\\System32\\cdp.dll" (normalized: "c:\\windows\\system32\\cdp.dll") Region: id = 1037 start_va = 0x7fffbad10000 end_va = 0x7fffbadc7fff monitored = 0 entry_point = 0x7fffbad1d870 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 1038 start_va = 0x7fffbae40000 end_va = 0x7fffbae5cfff monitored = 0 entry_point = 0x7fffbae46080 region_type = mapped_file name = "windows.shell.servicehostbuilder.dll" filename = "\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll") Region: id = 1039 start_va = 0x7fffbae80000 end_va = 0x7fffbae91fff monitored = 0 entry_point = 0x7fffbae83330 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1040 start_va = 0x7fffbaf10000 end_va = 0x7fffbaf2cfff monitored = 0 entry_point = 0x7fffbaf128d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 1041 start_va = 0x7fffbb250000 end_va = 0x7fffbb308fff monitored = 0 entry_point = 0x7fffbb25d080 region_type = mapped_file name = "settingsync.dll" filename = "\\Windows\\System32\\SettingSync.dll" (normalized: "c:\\windows\\system32\\settingsync.dll") Region: id = 1042 start_va = 0x7fffbb330000 end_va = 0x7fffbb523fff monitored = 0 entry_point = 0x7fffbb3b4bf0 region_type = mapped_file name = "windows.cloudstore.dll" filename = "\\Windows\\System32\\Windows.CloudStore.dll" (normalized: "c:\\windows\\system32\\windows.cloudstore.dll") Region: id = 1043 start_va = 0x7fffbbfb0000 end_va = 0x7fffbc02ffff monitored = 0 entry_point = 0x7fffbbfb90a0 region_type = mapped_file name = "photometadatahandler.dll" filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll") Region: id = 1044 start_va = 0x7fffbc040000 end_va = 0x7fffbc06efff monitored = 0 entry_point = 0x7fffbc059ea0 region_type = mapped_file name = "storageusage.dll" filename = "\\Windows\\System32\\StorageUsage.dll" (normalized: "c:\\windows\\system32\\storageusage.dll") Region: id = 1045 start_va = 0x7fffbc070000 end_va = 0x7fffbc09afff monitored = 0 entry_point = 0x7fffbc076c40 region_type = mapped_file name = "idstore.dll" filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll") Region: id = 1046 start_va = 0x7fffbc1b0000 end_va = 0x7fffbc35dfff monitored = 0 entry_point = 0x7fffbc1f5290 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\System32\\dui70.dll" (normalized: "c:\\windows\\system32\\dui70.dll") Region: id = 1047 start_va = 0x7fffbc590000 end_va = 0x7fffbc5d1fff monitored = 0 entry_point = 0x7fffbc596d40 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\System32\\mlang.dll" (normalized: "c:\\windows\\system32\\mlang.dll") Region: id = 1048 start_va = 0x7fffbc6b0000 end_va = 0x7fffbc86bfff monitored = 0 entry_point = 0x7fffbc6db1f0 region_type = mapped_file name = "cdprt.dll" filename = "\\Windows\\System32\\cdprt.dll" (normalized: "c:\\windows\\system32\\cdprt.dll") Region: id = 1049 start_va = 0x7fffbc8e0000 end_va = 0x7fffbc90dfff monitored = 0 entry_point = 0x7fffbc8fa9a0 region_type = mapped_file name = "windowsinternal.composableshell.desktophosting.dll" filename = "\\Windows\\System32\\WindowsInternal.ComposableShell.DesktopHosting.dll" (normalized: "c:\\windows\\system32\\windowsinternal.composableshell.desktophosting.dll") Region: id = 1050 start_va = 0x7fffbca30000 end_va = 0x7fffbca4ffff monitored = 0 entry_point = 0x7fffbca47360 region_type = mapped_file name = "devdispitemprovider.dll" filename = "\\Windows\\System32\\DevDispItemProvider.dll" (normalized: "c:\\windows\\system32\\devdispitemprovider.dll") Region: id = 1051 start_va = 0x7fffbca50000 end_va = 0x7fffbca94fff monitored = 0 entry_point = 0x7fffbca5aef0 region_type = mapped_file name = "mswb7.dll" filename = "\\Windows\\System32\\MSWB7.dll" (normalized: "c:\\windows\\system32\\mswb7.dll") Region: id = 1052 start_va = 0x7fffbcaa0000 end_va = 0x7fffbcb4bfff monitored = 0 entry_point = 0x7fffbcacd6a0 region_type = mapped_file name = "structuredquery.dll" filename = "\\Windows\\System32\\StructuredQuery.dll" (normalized: "c:\\windows\\system32\\structuredquery.dll") Region: id = 1053 start_va = 0x7fffbcb50000 end_va = 0x7fffbcbd6fff monitored = 0 entry_point = 0x7fffbcb5e4d0 region_type = mapped_file name = "windows.devices.enumeration.dll" filename = "\\Windows\\System32\\Windows.Devices.Enumeration.dll" (normalized: "c:\\windows\\system32\\windows.devices.enumeration.dll") Region: id = 1054 start_va = 0x7fffbcd40000 end_va = 0x7fffbcdc2fff monitored = 0 entry_point = 0x7fffbcd440e0 region_type = mapped_file name = "imapi2.dll" filename = "\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll") Region: id = 1055 start_va = 0x7fffbce00000 end_va = 0x7fffbce33fff monitored = 0 entry_point = 0x7fffbce1f490 region_type = mapped_file name = "ethernetmediamanager.dll" filename = "\\Windows\\System32\\EthernetMediaManager.dll" (normalized: "c:\\windows\\system32\\ethernetmediamanager.dll") Region: id = 1056 start_va = 0x7fffbceb0000 end_va = 0x7fffbcf92fff monitored = 0 entry_point = 0x7fffbcec49e0 region_type = mapped_file name = "windows.applicationmodel.dll" filename = "\\Windows\\System32\\Windows.ApplicationModel.dll" (normalized: "c:\\windows\\system32\\windows.applicationmodel.dll") Region: id = 1057 start_va = 0x7fffbcfe0000 end_va = 0x7fffbd0a5fff monitored = 0 entry_point = 0x7fffbd013f00 region_type = mapped_file name = "windows.storage.search.dll" filename = "\\Windows\\System32\\Windows.Storage.Search.dll" (normalized: "c:\\windows\\system32\\windows.storage.search.dll") Region: id = 1058 start_va = 0x7fffbd0b0000 end_va = 0x7fffbd11cfff monitored = 0 entry_point = 0x7fffbd0d6a60 region_type = mapped_file name = "networkuxbroker.dll" filename = "\\Windows\\System32\\NetworkUXBroker.dll" (normalized: "c:\\windows\\system32\\networkuxbroker.dll") Region: id = 1059 start_va = 0x7fffbd150000 end_va = 0x7fffbd629fff monitored = 0 entry_point = 0x7fffbd21c180 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll") Region: id = 1060 start_va = 0x7fffbd860000 end_va = 0x7fffbd8e6fff monitored = 0 entry_point = 0x7fffbd86cad0 region_type = mapped_file name = "inputswitch.dll" filename = "\\Windows\\System32\\InputSwitch.dll" (normalized: "c:\\windows\\system32\\inputswitch.dll") Region: id = 1061 start_va = 0x7fffbd920000 end_va = 0x7fffbda65fff monitored = 0 entry_point = 0x7fffbd927620 region_type = mapped_file name = "windows.staterepositoryps.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryPS.dll" (normalized: "c:\\windows\\system32\\windows.staterepositoryps.dll") Region: id = 1062 start_va = 0x7fffbda70000 end_va = 0x7fffbda78fff monitored = 0 entry_point = 0x7fffbda71a40 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\System32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll") Region: id = 1063 start_va = 0x7fffbe540000 end_va = 0x7fffbe567fff monitored = 0 entry_point = 0x7fffbe542110 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1064 start_va = 0x7fffbe670000 end_va = 0x7fffbe6ecfff monitored = 0 entry_point = 0x7fffbe673a80 region_type = mapped_file name = "onecorecommonproxystub.dll" filename = "\\Windows\\System32\\OneCoreCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\onecorecommonproxystub.dll") Region: id = 1065 start_va = 0x7fffbe760000 end_va = 0x7fffbe822fff monitored = 0 entry_point = 0x7fffbe76e000 region_type = mapped_file name = "windows.web.dll" filename = "\\Windows\\System32\\Windows.Web.dll" (normalized: "c:\\windows\\system32\\windows.web.dll") Region: id = 1066 start_va = 0x7fffbebf0000 end_va = 0x7fffbec00fff monitored = 0 entry_point = 0x7fffbebf3900 region_type = mapped_file name = "windows.staterepositorycore.dll" filename = "\\Windows\\System32\\Windows.StateRepositoryCore.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorycore.dll") Region: id = 1067 start_va = 0x7fffbee80000 end_va = 0x7fffbef30fff monitored = 0 entry_point = 0x7fffbeec6e10 region_type = mapped_file name = "staterepository.core.dll" filename = "\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll") Region: id = 1068 start_va = 0x7fffbef40000 end_va = 0x7fffbf4c5fff monitored = 0 entry_point = 0x7fffbef97790 region_type = mapped_file name = "windows.staterepository.dll" filename = "\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll") Region: id = 1069 start_va = 0x7fffbf4f0000 end_va = 0x7fffbf532fff monitored = 0 entry_point = 0x7fffbf4f1810 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1070 start_va = 0x7fffbf540000 end_va = 0x7fffbf5a3fff monitored = 0 entry_point = 0x7fffbf57ca70 region_type = mapped_file name = "useroobe.dll" filename = "\\Windows\\System32\\oobe\\UserOOBE.dll" (normalized: "c:\\windows\\system32\\oobe\\useroobe.dll") Region: id = 1071 start_va = 0x7fffbf6a0000 end_va = 0x7fffbf81ffff monitored = 0 entry_point = 0x7fffbf6c7430 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 1072 start_va = 0x7fffbf910000 end_va = 0x7fffbf919fff monitored = 0 entry_point = 0x7fffbf911f00 region_type = mapped_file name = "mobilenetworking.dll" filename = "\\Windows\\System32\\mobilenetworking.dll" (normalized: "c:\\windows\\system32\\mobilenetworking.dll") Region: id = 1073 start_va = 0x7fffbf980000 end_va = 0x7fffbf98ffff monitored = 0 entry_point = 0x7fffbf9815e0 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1074 start_va = 0x7fffbf9b0000 end_va = 0x7fffbf9e3fff monitored = 0 entry_point = 0x7fffbf9d2260 region_type = mapped_file name = "comppkgsup.dll" filename = "\\Windows\\System32\\CompPkgSup.dll" (normalized: "c:\\windows\\system32\\comppkgsup.dll") Region: id = 1075 start_va = 0x7fffbf9f0000 end_va = 0x7fffbfa6cfff monitored = 0 entry_point = 0x7fffbf9f3320 region_type = mapped_file name = "windows.media.devices.dll" filename = "\\Windows\\System32\\Windows.Media.Devices.dll" (normalized: "c:\\windows\\system32\\windows.media.devices.dll") Region: id = 1076 start_va = 0x7fffbfed0000 end_va = 0x7fffbffd1fff monitored = 0 entry_point = 0x7fffbff157d0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1077 start_va = 0x7fffc0120000 end_va = 0x7fffc0189fff monitored = 0 entry_point = 0x7fffc0122350 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1078 start_va = 0x7fffc0190000 end_va = 0x7fffc0214fff monitored = 0 entry_point = 0x7fffc01b0b70 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 1079 start_va = 0x7fffc0340000 end_va = 0x7fffc03e0fff monitored = 0 entry_point = 0x7fffc0343970 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 1080 start_va = 0x7fffc03f0000 end_va = 0x7fffc0403fff monitored = 0 entry_point = 0x7fffc03f37a0 region_type = mapped_file name = "hcproviders.dll" filename = "\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll") Region: id = 1081 start_va = 0x7fffc0510000 end_va = 0x7fffc057bfff monitored = 0 entry_point = 0x7fffc052ec00 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1082 start_va = 0x7fffc06c0000 end_va = 0x7fffc06dcfff monitored = 0 entry_point = 0x7fffc06c29b0 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1083 start_va = 0x7fffc0700000 end_va = 0x7fffc07adfff monitored = 0 entry_point = 0x7fffc074b570 region_type = mapped_file name = "textshaping.dll" filename = "\\Windows\\System32\\TextShaping.dll" (normalized: "c:\\windows\\system32\\textshaping.dll") Region: id = 1084 start_va = 0x7fffc07b0000 end_va = 0x7fffc07c6fff monitored = 0 entry_point = 0x7fffc07b24b0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1085 start_va = 0x7fffc1190000 end_va = 0x7fffc1335fff monitored = 0 entry_point = 0x7fffc11bf1b0 region_type = mapped_file name = "windows.globalization.dll" filename = "\\Windows\\System32\\Windows.Globalization.dll" (normalized: "c:\\windows\\system32\\windows.globalization.dll") Region: id = 1086 start_va = 0x7fffc1340000 end_va = 0x7fffc15bdfff monitored = 0 entry_point = 0x7fffc13d73a0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\System32\\DWrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll") Region: id = 1087 start_va = 0x7fffc15c0000 end_va = 0x7fffc17acfff monitored = 0 entry_point = 0x7fffc163ea20 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 1088 start_va = 0x7fffc1820000 end_va = 0x7fffc1956fff monitored = 0 entry_point = 0x7fffc1843b60 region_type = mapped_file name = "windows.ui.immersive.dll" filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll") Region: id = 1089 start_va = 0x7fffc1960000 end_va = 0x7fffc1c0dfff monitored = 0 entry_point = 0x7fffc19969a0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1090 start_va = 0x7fffc1c10000 end_va = 0x7fffc2ccffff monitored = 0 entry_point = 0x7fffc1f59f90 region_type = mapped_file name = "windows.ui.xaml.dll" filename = "\\Windows\\System32\\Windows.UI.Xaml.dll" (normalized: "c:\\windows\\system32\\windows.ui.xaml.dll") Region: id = 1091 start_va = 0x7fffc2cd0000 end_va = 0x7fffc2cfcfff monitored = 0 entry_point = 0x7fffc2cd7cd0 region_type = mapped_file name = "bcp47mrm.dll" filename = "\\Windows\\System32\\BCP47mrm.dll" (normalized: "c:\\windows\\system32\\bcp47mrm.dll") Region: id = 1092 start_va = 0x7fffc2d00000 end_va = 0x7fffc2d2cfff monitored = 0 entry_point = 0x7fffc2d17ec0 region_type = mapped_file name = "languageoverlayutil.dll" filename = "\\Windows\\System32\\LanguageOverlayUtil.dll" (normalized: "c:\\windows\\system32\\languageoverlayutil.dll") Region: id = 1093 start_va = 0x7fffc2d30000 end_va = 0x7fffc2e80fff monitored = 0 entry_point = 0x7fffc2d48050 region_type = mapped_file name = "inputhost.dll" filename = "\\Windows\\System32\\InputHost.dll" (normalized: "c:\\windows\\system32\\inputhost.dll") Region: id = 1094 start_va = 0x7fffc2e90000 end_va = 0x7fffc2f8bfff monitored = 0 entry_point = 0x7fffc2ecae50 region_type = mapped_file name = "textinputframework.dll" filename = "\\Windows\\System32\\TextInputFramework.dll" (normalized: "c:\\windows\\system32\\textinputframework.dll") Region: id = 1095 start_va = 0x7fffc2f90000 end_va = 0x7fffc30dbfff monitored = 0 entry_point = 0x7fffc2fc1ac0 region_type = mapped_file name = "windows.ui.dll" filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll") Region: id = 1096 start_va = 0x7fffc30e0000 end_va = 0x7fffc31d3fff monitored = 0 entry_point = 0x7fffc3121eb0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 1097 start_va = 0x7fffc3220000 end_va = 0x7fffc3279fff monitored = 0 entry_point = 0x7fffc32363c0 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 1098 start_va = 0x7fffc3280000 end_va = 0x7fffc32eefff monitored = 0 entry_point = 0x7fffc328a850 region_type = mapped_file name = "wincorlib.dll" filename = "\\Windows\\System32\\wincorlib.dll" (normalized: "c:\\windows\\system32\\wincorlib.dll") Region: id = 1099 start_va = 0x7fffc3300000 end_va = 0x7fffc3339fff monitored = 0 entry_point = 0x7fffc33051c0 region_type = mapped_file name = "srchadmin.dll" filename = "\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll") Region: id = 1100 start_va = 0x7fffc3340000 end_va = 0x7fffc338ffff monitored = 0 entry_point = 0x7fffc3342520 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 1101 start_va = 0x7fffc3390000 end_va = 0x7fffc339bfff monitored = 0 entry_point = 0x7fffc3391690 region_type = mapped_file name = "nlmproxy.dll" filename = "\\Windows\\System32\\nlmproxy.dll" (normalized: "c:\\windows\\system32\\nlmproxy.dll") Region: id = 1102 start_va = 0x7fffc33d0000 end_va = 0x7fffc3420fff monitored = 0 entry_point = 0x7fffc33fcd20 region_type = mapped_file name = "cloudexperiencehostbroker.dll" filename = "\\Windows\\System32\\CloudExperienceHostBroker.dll" (normalized: "c:\\windows\\system32\\cloudexperiencehostbroker.dll") Region: id = 1103 start_va = 0x7fffc3430000 end_va = 0x7fffc3459fff monitored = 0 entry_point = 0x7fffc343f730 region_type = mapped_file name = "windows.internal.system.userprofile.dll" filename = "\\Windows\\System32\\Windows.Internal.System.UserProfile.dll" (normalized: "c:\\windows\\system32\\windows.internal.system.userprofile.dll") Region: id = 1104 start_va = 0x7fffc34a0000 end_va = 0x7fffc34b0fff monitored = 0 entry_point = 0x7fffc34a12e0 region_type = mapped_file name = "credui.dll" filename = "\\Windows\\System32\\credui.dll" (normalized: "c:\\windows\\system32\\credui.dll") Region: id = 1105 start_va = 0x7fffc34c0000 end_va = 0x7fffc34d1fff monitored = 0 entry_point = 0x7fffc34c7280 region_type = mapped_file name = "efsutil.dll" filename = "\\Windows\\System32\\efsutil.dll" (normalized: "c:\\windows\\system32\\efsutil.dll") Region: id = 1106 start_va = 0x7fffc34e0000 end_va = 0x7fffc354efff monitored = 0 entry_point = 0x7fffc3523190 region_type = mapped_file name = "fhcfg.dll" filename = "\\Windows\\System32\\fhcfg.dll" (normalized: "c:\\windows\\system32\\fhcfg.dll") Region: id = 1107 start_va = 0x7fffc3590000 end_va = 0x7fffc35a8fff monitored = 0 entry_point = 0x7fffc3592110 region_type = mapped_file name = "wscui.cpl" filename = "\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl") Region: id = 1108 start_va = 0x7fffc35b0000 end_va = 0x7fffc35ebfff monitored = 0 entry_point = 0x7fffc35b68a0 region_type = mapped_file name = "wscinterop.dll" filename = "\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll") Region: id = 1109 start_va = 0x7fffc35f0000 end_va = 0x7fffc3682fff monitored = 0 entry_point = 0x7fffc35f9e10 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1110 start_va = 0x7fffc3780000 end_va = 0x7fffc37e4fff monitored = 0 entry_point = 0x7fffc3793640 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1111 start_va = 0x7fffc3820000 end_va = 0x7fffc385afff monitored = 0 entry_point = 0x7fffc3841b10 region_type = mapped_file name = "dxcore.dll" filename = "\\Windows\\System32\\DXCore.dll" (normalized: "c:\\windows\\system32\\dxcore.dll") Region: id = 1112 start_va = 0x7fffc3860000 end_va = 0x7fffc3f55fff monitored = 0 entry_point = 0x7fffc3dfec40 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\System32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll") Region: id = 1113 start_va = 0x7fffc3f60000 end_va = 0x7fffc3fb3fff monitored = 0 entry_point = 0x7fffc3f6dee0 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 1114 start_va = 0x7fffc3fc0000 end_va = 0x7fffc40b7fff monitored = 0 entry_point = 0x7fffc3fd73e0 region_type = mapped_file name = "appxdeploymentclient.dll" filename = "\\Windows\\System32\\AppXDeploymentClient.dll" (normalized: "c:\\windows\\system32\\appxdeploymentclient.dll") Region: id = 1115 start_va = 0x7fffc43b0000 end_va = 0x7fffc43c8fff monitored = 0 entry_point = 0x7fffc43b51e0 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1116 start_va = 0x7fffc43d0000 end_va = 0x7fffc446ffff monitored = 0 entry_point = 0x7fffc43d4570 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1117 start_va = 0x7fffc4610000 end_va = 0x7fffc464cfff monitored = 0 entry_point = 0x7fffc461b030 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1118 start_va = 0x7fffc4780000 end_va = 0x7fffc4795fff monitored = 0 entry_point = 0x7fffc4784250 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 1119 start_va = 0x7fffc48e0000 end_va = 0x7fffc48f0fff monitored = 0 entry_point = 0x7fffc48e3670 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1120 start_va = 0x7fffc4a20000 end_va = 0x7fffc51b0fff monitored = 0 entry_point = 0x7fffc4a35f30 region_type = mapped_file name = "onecoreuapcommonproxystub.dll" filename = "\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll" (normalized: "c:\\windows\\system32\\onecoreuapcommonproxystub.dll") Region: id = 1121 start_va = 0x7fffc5270000 end_va = 0x7fffc5280fff monitored = 0 entry_point = 0x7fffc5276a80 region_type = mapped_file name = "coloradapterclient.dll" filename = "\\Windows\\System32\\coloradapterclient.dll" (normalized: "c:\\windows\\system32\\coloradapterclient.dll") Region: id = 1122 start_va = 0x7fffc5290000 end_va = 0x7fffc533dfff monitored = 0 entry_point = 0x7fffc529b110 region_type = mapped_file name = "mscms.dll" filename = "\\Windows\\System32\\mscms.dll" (normalized: "c:\\windows\\system32\\mscms.dll") Region: id = 1123 start_va = 0x7fffc53b0000 end_va = 0x7fffc53f6fff monitored = 0 entry_point = 0x7fffc53c30b0 region_type = mapped_file name = "uianimation.dll" filename = "\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll") Region: id = 1124 start_va = 0x7fffc5400000 end_va = 0x7fffc55b3fff monitored = 0 entry_point = 0x7fffc54768b0 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll") Region: id = 1125 start_va = 0x7fffc56c0000 end_va = 0x7fffc58c1fff monitored = 0 entry_point = 0x7fffc572d800 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1126 start_va = 0x7fffc58d0000 end_va = 0x7fffc5970fff monitored = 0 entry_point = 0x7fffc58e01b0 region_type = mapped_file name = "windowmanagementapi.dll" filename = "\\Windows\\System32\\WindowManagementAPI.dll" (normalized: "c:\\windows\\system32\\windowmanagementapi.dll") Region: id = 1127 start_va = 0x7fffc5980000 end_va = 0x7fffc59e9fff monitored = 0 entry_point = 0x7fffc5988c30 region_type = mapped_file name = "ninput.dll" filename = "\\Windows\\System32\\ninput.dll" (normalized: "c:\\windows\\system32\\ninput.dll") Region: id = 1128 start_va = 0x7fffc5c40000 end_va = 0x7fffc5c49fff monitored = 0 entry_point = 0x7fffc5c41780 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1129 start_va = 0x7fffc5c50000 end_va = 0x7fffc5c6cfff monitored = 0 entry_point = 0x7fffc5c56d40 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1130 start_va = 0x7fffc5ea0000 end_va = 0x7fffc5ed5fff monitored = 0 entry_point = 0x7fffc5eaf5a0 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1131 start_va = 0x7fffc6370000 end_va = 0x7fffc65d2fff monitored = 0 entry_point = 0x7fffc63eb0b0 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll") Region: id = 1132 start_va = 0x7fffc65e0000 end_va = 0x7fffc66d4fff monitored = 0 entry_point = 0x7fffc6622860 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1133 start_va = 0x7fffc66e0000 end_va = 0x7fffc6703fff monitored = 0 entry_point = 0x7fffc66e3de0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1134 start_va = 0x7fffc6710000 end_va = 0x7fffc673cfff monitored = 0 entry_point = 0x7fffc6715010 region_type = mapped_file name = "settingmonitor.dll" filename = "\\Windows\\System32\\SettingMonitor.dll" (normalized: "c:\\windows\\system32\\settingmonitor.dll") Region: id = 1135 start_va = 0x7fffc6740000 end_va = 0x7fffc6753fff monitored = 0 entry_point = 0x7fffc67428c0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1136 start_va = 0x7fffc6760000 end_va = 0x7fffc688ffff monitored = 0 entry_point = 0x7fffc67fdcf0 region_type = mapped_file name = "dsreg.dll" filename = "\\Windows\\System32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll") Region: id = 1137 start_va = 0x7fffc68b0000 end_va = 0x7fffc68e0fff monitored = 0 entry_point = 0x7fffc68b2590 region_type = mapped_file name = "portabledevicetypes.dll" filename = "\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll") Region: id = 1138 start_va = 0x7fffc68f0000 end_va = 0x7fffc6904fff monitored = 0 entry_point = 0x7fffc68f29c0 region_type = mapped_file name = "wpdshserviceobj.dll" filename = "\\Windows\\System32\\WPDShServiceObj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll") Region: id = 1139 start_va = 0x7fffc6910000 end_va = 0x7fffc6955fff monitored = 0 entry_point = 0x7fffc69127a0 region_type = mapped_file name = "bthprops.cpl" filename = "\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl") Region: id = 1140 start_va = 0x7fffc6970000 end_va = 0x7fffc6f2ffff monitored = 0 entry_point = 0x7fffc6a49920 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll") Region: id = 1141 start_va = 0x7fffc6f30000 end_va = 0x7fffc7085fff monitored = 0 entry_point = 0x7fffc6f5b240 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1142 start_va = 0x7fffc7090000 end_va = 0x7fffc7274fff monitored = 0 entry_point = 0x7fffc70eddd0 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll") Region: id = 1143 start_va = 0x7fffc7600000 end_va = 0x7fffc7959fff monitored = 0 entry_point = 0x7fffc7682d50 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 1144 start_va = 0x7fffc7960000 end_va = 0x7fffc7a51fff monitored = 0 entry_point = 0x7fffc79b70f0 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 1145 start_va = 0x7fffc7bb0000 end_va = 0x7fffc7c3ffff monitored = 0 entry_point = 0x7fffc7bc0880 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 1146 start_va = 0x7fffc7c60000 end_va = 0x7fffc7cfefff monitored = 0 entry_point = 0x7fffc7c89120 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1147 start_va = 0x7fffc7d40000 end_va = 0x7fffc7d53fff monitored = 0 entry_point = 0x7fffc7d44280 region_type = mapped_file name = "resourcepolicyclient.dll" filename = "\\Windows\\System32\\ResourcePolicyClient.dll" (normalized: "c:\\windows\\system32\\resourcepolicyclient.dll") Region: id = 1148 start_va = 0x7fffc7e30000 end_va = 0x7fffc7f08fff monitored = 0 entry_point = 0x7fffc7e87a70 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 1149 start_va = 0x7fffc7f10000 end_va = 0x7fffc7f39fff monitored = 0 entry_point = 0x7fffc7f19e30 region_type = mapped_file name = "rmclient.dll" filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll") Region: id = 1150 start_va = 0x7fffc8010000 end_va = 0x7fffc803dfff monitored = 0 entry_point = 0x7fffc80142d0 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1151 start_va = 0x7fffc8120000 end_va = 0x7fffc8132fff monitored = 0 entry_point = 0x7fffc8123f60 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1152 start_va = 0x7fffc8320000 end_va = 0x7fffc8aa9fff monitored = 0 entry_point = 0x7fffc84dc050 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1153 start_va = 0x7fffc8af0000 end_va = 0x7fffc8be2fff monitored = 0 entry_point = 0x7fffc8b144d0 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll") Region: id = 1154 start_va = 0x7fffc8bf0000 end_va = 0x7fffc8d0afff monitored = 0 entry_point = 0x7fffc8bfc250 region_type = mapped_file name = "tdh.dll" filename = "\\Windows\\System32\\tdh.dll" (normalized: "c:\\windows\\system32\\tdh.dll") Region: id = 1155 start_va = 0x7fffc8d40000 end_va = 0x7fffc8d64fff monitored = 0 entry_point = 0x7fffc8d43920 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 1156 start_va = 0x7fffc8d70000 end_va = 0x7fffc8d98fff monitored = 0 entry_point = 0x7fffc8d71bd0 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 1157 start_va = 0x7fffc9000000 end_va = 0x7fffc9032fff monitored = 0 entry_point = 0x7fffc9006930 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1158 start_va = 0x7fffc9040000 end_va = 0x7fffc9068fff monitored = 0 entry_point = 0x7fffc9049780 region_type = mapped_file name = "profext.dll" filename = "\\Windows\\System32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll") Region: id = 1159 start_va = 0x7fffc92d0000 end_va = 0x7fffc9359fff monitored = 0 entry_point = 0x7fffc9315870 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1160 start_va = 0x7fffc9360000 end_va = 0x7fffc9376fff monitored = 0 entry_point = 0x7fffc9361d60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1161 start_va = 0x7fffc9590000 end_va = 0x7fffc95cafff monitored = 0 entry_point = 0x7fffc959a620 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1162 start_va = 0x7fffc95d0000 end_va = 0x7fffc95dbfff monitored = 0 entry_point = 0x7fffc95d1ce0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1163 start_va = 0x7fffc9a70000 end_va = 0x7fffc9a87fff monitored = 0 entry_point = 0x7fffc9a74aa0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1164 start_va = 0x7fffc9a90000 end_va = 0x7fffc9a9bfff monitored = 0 entry_point = 0x7fffc9a92200 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1165 start_va = 0x7fffc9ad0000 end_va = 0x7fffc9b29fff monitored = 0 entry_point = 0x7fffc9adb770 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1166 start_va = 0x7fffc9b80000 end_va = 0x7fffc9baafff monitored = 0 entry_point = 0x7fffc9b82db0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 1167 start_va = 0x7fffc9bb0000 end_va = 0x7fffc9beafff monitored = 0 entry_point = 0x7fffc9bb4000 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1168 start_va = 0x7fffc9bf0000 end_va = 0x7fffc9c16fff monitored = 0 entry_point = 0x7fffc9bf6200 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1169 start_va = 0x7fffc9d00000 end_va = 0x7fffc9d11fff monitored = 0 entry_point = 0x7fffc9d055f0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1170 start_va = 0x7fffc9ec0000 end_va = 0x7fffc9eebfff monitored = 0 entry_point = 0x7fffc9ec7370 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1171 start_va = 0x7fffc9f10000 end_va = 0x7fffc9f21fff monitored = 0 entry_point = 0x7fffc9f13e30 region_type = mapped_file name = "umpdc.dll" filename = "\\Windows\\System32\\umpdc.dll" (normalized: "c:\\windows\\system32\\umpdc.dll") Region: id = 1172 start_va = 0x7fffc9f30000 end_va = 0x7fffc9f7afff monitored = 0 entry_point = 0x7fffc9f33480 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1173 start_va = 0x7fffc9f80000 end_va = 0x7fffca021fff monitored = 0 entry_point = 0x7fffc9faca60 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1174 start_va = 0x7fffca030000 end_va = 0x7fffca05dfff monitored = 0 entry_point = 0x7fffca034f10 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1175 start_va = 0x7fffca060000 end_va = 0x7fffca090fff monitored = 0 entry_point = 0x7fffca06e380 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1176 start_va = 0x7fffca0b0000 end_va = 0x7fffca0cefff monitored = 0 entry_point = 0x7fffca0b8ca0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1177 start_va = 0x7fffca220000 end_va = 0x7fffca26cfff monitored = 0 entry_point = 0x7fffca233280 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1178 start_va = 0x7fffca270000 end_va = 0x7fffca36ffff monitored = 0 entry_point = 0x7fffca285ac0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1179 start_va = 0x7fffca370000 end_va = 0x7fffca479fff monitored = 0 entry_point = 0x7fffca3a1300 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll") Region: id = 1180 start_va = 0x7fffca480000 end_va = 0x7fffca4fefff monitored = 0 entry_point = 0x7fffca4b73e0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1181 start_va = 0x7fffca500000 end_va = 0x7fffca55ffff monitored = 0 entry_point = 0x7fffca510380 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1182 start_va = 0x7fffca560000 end_va = 0x7fffca5fcfff monitored = 0 entry_point = 0x7fffca575390 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 1183 start_va = 0x7fffca600000 end_va = 0x7fffca75cfff monitored = 0 entry_point = 0x7fffca64efa0 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1184 start_va = 0x7fffca760000 end_va = 0x7fffca781fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll") Region: id = 1185 start_va = 0x7fffca790000 end_va = 0x7fffcaa56fff monitored = 0 entry_point = 0x7fffca7a1bd0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1186 start_va = 0x7fffcaa60000 end_va = 0x7fffcaa86fff monitored = 0 entry_point = 0x7fffcaa68690 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1187 start_va = 0x7fffcaa90000 end_va = 0x7fffcaba4fff monitored = 0 entry_point = 0x7fffcaaceb60 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1188 start_va = 0x7fffcad80000 end_va = 0x7fffcae2dfff monitored = 0 entry_point = 0x7fffcadbb940 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1189 start_va = 0x7fffcae30000 end_va = 0x7fffcb296fff monitored = 0 entry_point = 0x7fffcae53230 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1190 start_va = 0x7fffcb2a0000 end_va = 0x7fffcb33afff monitored = 0 entry_point = 0x7fffcb2bc3e0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1191 start_va = 0x7fffcb350000 end_va = 0x7fffcb424fff monitored = 0 entry_point = 0x7fffcb36d190 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1192 start_va = 0x7fffcb440000 end_va = 0x7fffcb4fcfff monitored = 0 entry_point = 0x7fffcb457070 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1193 start_va = 0x7fffcb560000 end_va = 0x7fffcb5fdfff monitored = 0 entry_point = 0x7fffcb567850 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1194 start_va = 0x7fffcb600000 end_va = 0x7fffcb6a9fff monitored = 0 entry_point = 0x7fffcb615470 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1195 start_va = 0x7fffcb790000 end_va = 0x7fffcb798fff monitored = 0 entry_point = 0x7fffcb792020 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1196 start_va = 0x7fffcb7a0000 end_va = 0x7fffcb93ffff monitored = 0 entry_point = 0x7fffcb7b7a10 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1197 start_va = 0x7fffcb940000 end_va = 0x7fffcb96ffff monitored = 0 entry_point = 0x7fffcb9414d0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1198 start_va = 0x7fffcb970000 end_va = 0x7fffcb9c4fff monitored = 0 entry_point = 0x7fffcb97a7e0 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1199 start_va = 0x7fffcb9d0000 end_va = 0x7fffcba48fff monitored = 0 entry_point = 0x7fffcb9f28f0 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll") Region: id = 1200 start_va = 0x7fffcbae0000 end_va = 0x7fffcbb87fff monitored = 0 entry_point = 0x7fffcbafd990 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1201 start_va = 0x7fffcbb90000 end_va = 0x7fffcbee3fff monitored = 0 entry_point = 0x7fffcbc81d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1202 start_va = 0x7fffcbef0000 end_va = 0x7fffcc018fff monitored = 0 entry_point = 0x7fffcbf16140 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1203 start_va = 0x7fffcc020000 end_va = 0x7fffcc08afff monitored = 0 entry_point = 0x7fffcc034300 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1204 start_va = 0x7fffcc090000 end_va = 0x7fffcc7c0fff monitored = 0 entry_point = 0x7fffcc19e6e0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1205 start_va = 0x7fffcc830000 end_va = 0x7fffcc952fff monitored = 0 entry_point = 0x7fffcc88da30 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1206 start_va = 0x7fffcc960000 end_va = 0x7fffcc989fff monitored = 0 entry_point = 0x7fffcc9648d0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1207 start_va = 0x7fffcca30000 end_va = 0x7fffccc23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1260 start_va = 0x2020000 end_va = 0x2022fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 1261 start_va = 0x2030000 end_va = 0x2030fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 1274 start_va = 0x2020000 end_va = 0x203efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 1275 start_va = 0x3e70000 end_va = 0x3e8efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 1317 start_va = 0x2850000 end_va = 0x2851fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002850000" filename = "" Region: id = 1319 start_va = 0x7fffadef0000 end_va = 0x7fffadf0dfff monitored = 0 entry_point = 0x7fffadef1fa0 region_type = mapped_file name = "securityhealthproxystub.dll" filename = "\\Windows\\System32\\SecurityHealthProxyStub.dll" (normalized: "c:\\windows\\system32\\securityhealthproxystub.dll") Region: id = 1615 start_va = 0x2020000 end_va = 0x203efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 1616 start_va = 0x3e70000 end_va = 0x3e8efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e70000" filename = "" Region: id = 1617 start_va = 0x4120000 end_va = 0x419ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004120000" filename = "" Region: id = 1618 start_va = 0x41b0000 end_va = 0x422ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041b0000" filename = "" Region: id = 1619 start_va = 0x44e0000 end_va = 0x455ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000044e0000" filename = "" Region: id = 1620 start_va = 0x45f0000 end_va = 0x466ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045f0000" filename = "" Region: id = 1890 start_va = 0x2020000 end_va = 0x2020fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002020000" filename = "" Region: id = 1902 start_va = 0x2020000 end_va = 0x2020fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002020000" filename = "" Region: id = 1907 start_va = 0x11bd0000 end_va = 0x125b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011bd0000" filename = "" Region: id = 1911 start_va = 0x2020000 end_va = 0x2020fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002020000" filename = "" Region: id = 1913 start_va = 0xe230000 end_va = 0xe721fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e230000" filename = "" Region: id = 1999 start_va = 0x11bd0000 end_va = 0x125b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011bd0000" filename = "" Region: id = 2001 start_va = 0xe8b0000 end_va = 0xeda1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e8b0000" filename = "" Region: id = 2859 start_va = 0x2020000 end_va = 0x2022fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 2860 start_va = 0x2030000 end_va = 0x2030fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 2861 start_va = 0x11bd0000 end_va = 0x125b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011bd0000" filename = "" Region: id = 2862 start_va = 0xff40000 end_va = 0x10431fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ff40000" filename = "" Region: id = 2935 start_va = 0x11bd0000 end_va = 0x125b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011bd0000" filename = "" Region: id = 2940 start_va = 0x10e40000 end_va = 0x11331fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010e40000" filename = "" Region: id = 2944 start_va = 0x2020000 end_va = 0x202dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 2945 start_va = 0x2780000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 2946 start_va = 0x2850000 end_va = 0x2850fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002850000" filename = "" Region: id = 2947 start_va = 0x11bd0000 end_va = 0x125b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011bd0000" filename = "" Region: id = 2948 start_va = 0x12cd0000 end_va = 0x131c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012cd0000" filename = "" Region: id = 2957 start_va = 0xedb0000 end_va = 0xf2abfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000edb0000" filename = "" Region: id = 2974 start_va = 0x2780000 end_va = 0x279efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002780000" filename = "" Region: id = 2975 start_va = 0x27a0000 end_va = 0x27a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027a0000" filename = "" Region: id = 2976 start_va = 0x27b0000 end_va = 0x27f5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 2977 start_va = 0x3e60000 end_va = 0x3edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e60000" filename = "" Region: id = 2978 start_va = 0x4120000 end_va = 0x419ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004120000" filename = "" Region: id = 2979 start_va = 0xe230000 end_va = 0xe721fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e230000" filename = "" Region: id = 3000 start_va = 0x650000 end_va = 0x651fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000650000" filename = "" Region: id = 3001 start_va = 0x660000 end_va = 0x6a5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 3002 start_va = 0x660000 end_va = 0x66dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 3003 start_va = 0x680000 end_va = 0x680fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 3004 start_va = 0x2780000 end_va = 0x27c5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 3009 start_va = 0xe230000 end_va = 0xe721fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e230000" filename = "" Region: id = 3022 start_va = 0x2780000 end_va = 0x27c5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 3025 start_va = 0xe230000 end_va = 0xe721fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e230000" filename = "" Region: id = 3030 start_va = 0x650000 end_va = 0x65dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 3031 start_va = 0x2780000 end_va = 0x27c5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cachedimage_1440_900_pos4.jpg" filename = "\\Users\\OqXZRaykm\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\oqxzraykm\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg") Region: id = 3032 start_va = 0xcde0000 end_va = 0xd2d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cde0000" filename = "" Thread: id = 29 os_tid = 0x628 Thread: id = 30 os_tid = 0x4d4 Thread: id = 31 os_tid = 0x1490 Thread: id = 32 os_tid = 0x1488 Thread: id = 33 os_tid = 0x1484 Thread: id = 34 os_tid = 0x147c Thread: id = 35 os_tid = 0x12f0 Thread: id = 36 os_tid = 0x12ac Thread: id = 37 os_tid = 0x1270 Thread: id = 38 os_tid = 0xf74 Thread: id = 39 os_tid = 0x910 Thread: id = 40 os_tid = 0xb98 Thread: id = 41 os_tid = 0xe78 Thread: id = 42 os_tid = 0xba0 Thread: id = 43 os_tid = 0x90c Thread: id = 44 os_tid = 0xf78 Thread: id = 45 os_tid = 0xe28 Thread: id = 46 os_tid = 0xe1c Thread: id = 47 os_tid = 0xe0c Thread: id = 48 os_tid = 0xddc Thread: id = 49 os_tid = 0xdd0 Thread: id = 50 os_tid = 0xdcc Thread: id = 51 os_tid = 0xdc8 Thread: id = 52 os_tid = 0xdc4 Thread: id = 53 os_tid = 0xda8 Thread: id = 54 os_tid = 0xda4 Thread: id = 55 os_tid = 0xc90 Thread: id = 56 os_tid = 0x9a0 Thread: id = 57 os_tid = 0x93c Thread: id = 58 os_tid = 0x968 Thread: id = 59 os_tid = 0xa14 Thread: id = 60 os_tid = 0xbfc Thread: id = 61 os_tid = 0xbf8 Thread: id = 62 os_tid = 0xbe4 Thread: id = 63 os_tid = 0xbc8 Thread: id = 64 os_tid = 0xb8c Thread: id = 65 os_tid = 0xb88 Thread: id = 66 os_tid = 0xb40 Thread: id = 67 os_tid = 0xb34 Thread: id = 68 os_tid = 0xb04 Thread: id = 69 os_tid = 0xafc Thread: id = 70 os_tid = 0xad0 Thread: id = 71 os_tid = 0xac4 Thread: id = 72 os_tid = 0xaac Thread: id = 73 os_tid = 0xa90 Thread: id = 74 os_tid = 0xa84 Thread: id = 75 os_tid = 0xa78 Thread: id = 76 os_tid = 0xa74 Thread: id = 77 os_tid = 0xa68 Thread: id = 100 os_tid = 0x17cc Thread: id = 101 os_tid = 0x17d0 Thread: id = 103 os_tid = 0x17e0 Thread: id = 105 os_tid = 0xde4 Thread: id = 225 os_tid = 0x1044 Thread: id = 228 os_tid = 0x1230 Thread: id = 230 os_tid = 0x13e0 Process: id = "4" image_name = "cfg.exe" filename = "c:\\users\\oqxzraykm\\appdata\\local\\temp\\cfg.exe" page_root = "0x4d10d000" os_pid = "0x808" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x75c" cmd_line = "\"C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe\" " cur_dir = "C:\\Users\\OqXZRaykm\\Desktop\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001bd08" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1210 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1211 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1212 start_va = 0x40000 end_va = 0x5cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1213 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1214 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1215 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1216 start_va = 0x1b0000 end_va = 0x228fff monitored = 1 entry_point = 0x1d0790 region_type = mapped_file name = "cfg.exe" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\cfg.exe") Region: id = 1217 start_va = 0x230000 end_va = 0x232fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 1218 start_va = 0x240000 end_va = 0x241fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 1219 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1220 start_va = 0x77d40000 end_va = 0x77ee1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1221 start_va = 0x7ffa0000 end_va = 0x7ffa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffa0000" filename = "" Region: id = 1222 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1223 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1224 start_va = 0x7fff0000 end_va = 0xffffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1225 start_va = 0x7fffcca30000 end_va = 0x7fffccc23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1226 start_va = 0x7ff90000 end_va = 0x7ff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff90000" filename = "" Region: id = 1227 start_va = 0x7ff70000 end_va = 0x7ff80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff70000" filename = "" Region: id = 1228 start_va = 0x250000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 1229 start_va = 0x7fffcc7d0000 end_va = 0x7fffcc828fff monitored = 0 entry_point = 0x7fffcc7e8ff0 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1230 start_va = 0x7fffcba50000 end_va = 0x7fffcbad2fff monitored = 0 entry_point = 0x7fffcba5fb00 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1231 start_va = 0x77d30000 end_va = 0x77d39fff monitored = 0 entry_point = 0x77d312e0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1232 start_va = 0x7ff60000 end_va = 0x7ff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff60000" filename = "" Region: id = 1233 start_va = 0x7ff50000 end_va = 0x7ff58fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff50000" filename = "" Region: id = 1234 start_va = 0x600000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1235 start_va = 0x75ce0000 end_va = 0x75dcffff monitored = 0 entry_point = 0x75cff5a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1240 start_va = 0x77580000 end_va = 0x77792fff monitored = 0 entry_point = 0x77694030 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1241 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1242 start_va = 0x7fe50000 end_va = 0x7ff4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fe50000" filename = "" Region: id = 1243 start_va = 0x250000 end_va = 0x318fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1244 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 1245 start_va = 0x76ca0000 end_va = 0x76d3afff monitored = 0 entry_point = 0x76cd5a20 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1246 start_va = 0x76740000 end_va = 0x767bafff monitored = 0 entry_point = 0x76757800 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\SysWOW64\\msvcp_win.dll" (normalized: "c:\\windows\\syswow64\\msvcp_win.dll") Region: id = 1247 start_va = 0x77380000 end_va = 0x7749ffff monitored = 0 entry_point = 0x773ab170 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 1248 start_va = 0x320000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000320000" filename = "" Region: id = 1249 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1250 start_va = 0x780000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 1251 start_va = 0x777e0000 end_va = 0x77a5ffff monitored = 0 entry_point = 0x7791a960 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1252 start_va = 0x75c20000 end_va = 0x75cd9fff monitored = 0 entry_point = 0x75c5a2c0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1253 start_va = 0x69640000 end_va = 0x697a6fff monitored = 0 entry_point = 0x696b7d30 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.207_none_429bd5ce8a90e9c8\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.207_none_429bd5ce8a90e9c8\\gdiplus.dll") Region: id = 1254 start_va = 0x77ad0000 end_va = 0x77b8efff monitored = 0 entry_point = 0x77b05ac0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1255 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1256 start_va = 0x769d0000 end_va = 0x76b63fff monitored = 0 entry_point = 0x76a09860 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1257 start_va = 0x77ab0000 end_va = 0x77ac7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\SysWOW64\\win32u.dll" (normalized: "c:\\windows\\syswow64\\win32u.dll") Region: id = 1258 start_va = 0x767c0000 end_va = 0x767e2fff monitored = 0 entry_point = 0x767c73c0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1259 start_va = 0x774a0000 end_va = 0x7757afff monitored = 0 entry_point = 0x774ffc10 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\SysWOW64\\gdi32full.dll" (normalized: "c:\\windows\\syswow64\\gdi32full.dll") Region: id = 1262 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1263 start_va = 0x370000 end_va = 0x370fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000370000" filename = "" Region: id = 1264 start_va = 0x380000 end_va = 0x380fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000380000" filename = "" Region: id = 1265 start_va = 0x880000 end_va = 0x961fff monitored = 0 entry_point = 0x8ac600 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1266 start_va = 0x390000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 1267 start_va = 0x390000 end_va = 0x397fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000390000" filename = "" Region: id = 1268 start_va = 0x3c0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 1269 start_va = 0x3d0000 end_va = 0x3f2fff monitored = 0 entry_point = 0x3d4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1270 start_va = 0x880000 end_va = 0xa7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000880000" filename = "" Region: id = 1271 start_va = 0x75ec0000 end_va = 0x75ee4fff monitored = 0 entry_point = 0x75ec4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1272 start_va = 0xa80000 end_va = 0xc00fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a80000" filename = "" Region: id = 1273 start_va = 0xc10000 end_va = 0x2010fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c10000" filename = "" Region: id = 1276 start_va = 0x752b0000 end_va = 0x752b7fff monitored = 0 entry_point = 0x752b1800 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1277 start_va = 0x2020000 end_va = 0x2357fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1278 start_va = 0x69630000 end_va = 0x6963efff monitored = 0 entry_point = 0x69635d70 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\SysWOW64\\sfc_os.dll" (normalized: "c:\\windows\\syswow64\\sfc_os.dll") Region: id = 1279 start_va = 0x73c00000 end_va = 0x73c20fff monitored = 0 entry_point = 0x73c0ca40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1280 start_va = 0x716e0000 end_va = 0x7170efff monitored = 0 entry_point = 0x716ebb00 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1281 start_va = 0x76070000 end_va = 0x76088fff monitored = 0 entry_point = 0x760793e0 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1282 start_va = 0x74e80000 end_va = 0x74ef3fff monitored = 0 entry_point = 0x74eb7550 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1283 start_va = 0x2360000 end_va = 0x250ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 1284 start_va = 0x711a0000 end_va = 0x711c3fff monitored = 0 entry_point = 0x711a53d0 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1285 start_va = 0x73b90000 end_va = 0x73b99fff monitored = 0 entry_point = 0x73b92a60 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1286 start_va = 0x695b0000 end_va = 0x69629fff monitored = 0 entry_point = 0x69616d10 region_type = mapped_file name = "riched20.dll" filename = "\\Windows\\SysWOW64\\riched20.dll" (normalized: "c:\\windows\\syswow64\\riched20.dll") Region: id = 1287 start_va = 0x75ff0000 end_va = 0x76068fff monitored = 0 entry_point = 0x76001a00 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1288 start_va = 0x76c20000 end_va = 0x76c94fff monitored = 0 entry_point = 0x76c3f710 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1289 start_va = 0x69550000 end_va = 0x69580fff monitored = 0 entry_point = 0x69560ef0 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 1290 start_va = 0x69590000 end_va = 0x695a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1291 start_va = 0x77290000 end_va = 0x77372fff monitored = 0 entry_point = 0x772bc600 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1292 start_va = 0x758f0000 end_va = 0x758fefff monitored = 0 entry_point = 0x758f4830 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1294 start_va = 0x77230000 end_va = 0x7728bfff monitored = 0 entry_point = 0x77260900 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1295 start_va = 0x74f60000 end_va = 0x7516ffff monitored = 0 entry_point = 0x74fe4d70 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2\\comctl32.dll") Region: id = 1296 start_va = 0x3a0000 end_va = 0x3a0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1297 start_va = 0x3b0000 end_va = 0x3b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003b0000" filename = "" Region: id = 1298 start_va = 0x2510000 end_va = 0x26bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 1299 start_va = 0x3a0000 end_va = 0x3a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 1300 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 1301 start_va = 0x700000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1302 start_va = 0x2360000 end_va = 0x245ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 1303 start_va = 0x2500000 end_va = 0x250ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 1304 start_va = 0x76090000 end_va = 0x76636fff monitored = 0 entry_point = 0x76209e50 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1305 start_va = 0x2460000 end_va = 0x24dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 1306 start_va = 0x75dd0000 end_va = 0x75ea1fff monitored = 0 entry_point = 0x75e1d9d0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1307 start_va = 0x76bd0000 end_va = 0x76c14fff monitored = 0 entry_point = 0x76be7870 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1308 start_va = 0x76640000 end_va = 0x766c6fff monitored = 0 entry_point = 0x76682d70 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1309 start_va = 0x70270000 end_va = 0x703dffff monitored = 0 entry_point = 0x702f1390 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 1310 start_va = 0x3e0000 end_va = 0x3fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 1311 start_va = 0x740000 end_va = 0x75bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1312 start_va = 0x2510000 end_va = 0x253ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002510000" filename = "" Region: id = 1313 start_va = 0x26b0000 end_va = 0x26bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026b0000" filename = "" Region: id = 1314 start_va = 0x2510000 end_va = 0x251ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002510000" filename = "" Region: id = 1315 start_va = 0x2520000 end_va = 0x252ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002520000" filename = "" Region: id = 1316 start_va = 0x2530000 end_va = 0x253ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002530000" filename = "" Region: id = 1318 start_va = 0x760000 end_va = 0x760fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1393 start_va = 0x740000 end_va = 0x740fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 1394 start_va = 0x2540000 end_va = 0x2621fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002540000" filename = "" Region: id = 1395 start_va = 0x740000 end_va = 0x743fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 1396 start_va = 0x750000 end_va = 0x754fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1397 start_va = 0x770000 end_va = 0x773fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 1398 start_va = 0x26c0000 end_va = 0x27c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026c0000" filename = "" Region: id = 1399 start_va = 0x26c0000 end_va = 0x2bb1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026c0000" filename = "" Region: id = 1400 start_va = 0x24e0000 end_va = 0x24fbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024e0000" filename = "" Region: id = 1401 start_va = 0x2630000 end_va = 0x2630fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002630000" filename = "" Region: id = 1402 start_va = 0x77c90000 end_va = 0x77d0dfff monitored = 0 entry_point = 0x77cfbd50 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1403 start_va = 0x2640000 end_va = 0x2640fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002640000" filename = "" Region: id = 1405 start_va = 0x2650000 end_va = 0x2651fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002650000" filename = "" Region: id = 1406 start_va = 0x701e0000 end_va = 0x70261fff monitored = 0 entry_point = 0x701fb5b0 region_type = mapped_file name = "tiptsf.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\ink\\tiptsf.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tiptsf.dll") Region: id = 1407 start_va = 0x2660000 end_va = 0x2666fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002660000" filename = "" Region: id = 1413 start_va = 0x2bc0000 end_va = 0x3e1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1414 start_va = 0x70140000 end_va = 0x701d4fff monitored = 0 entry_point = 0x701cfe80 region_type = mapped_file name = "textshaping.dll" filename = "\\Windows\\SysWOW64\\TextShaping.dll" (normalized: "c:\\windows\\syswow64\\textshaping.dll") Region: id = 1415 start_va = 0x3e20000 end_va = 0x402ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e20000" filename = "" Region: id = 1417 start_va = 0x3e20000 end_va = 0x3f29fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e20000" filename = "" Region: id = 1418 start_va = 0x2670000 end_va = 0x2670fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 1419 start_va = 0x70810000 end_va = 0x708c8fff monitored = 0 entry_point = 0x7084fcd0 region_type = mapped_file name = "textinputframework.dll" filename = "\\Windows\\SysWOW64\\TextInputFramework.dll" (normalized: "c:\\windows\\syswow64\\textinputframework.dll") Region: id = 1420 start_va = 0x70590000 end_va = 0x7080dfff monitored = 0 entry_point = 0x705ee8f0 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\SysWOW64\\CoreUIComponents.dll" (normalized: "c:\\windows\\syswow64\\coreuicomponents.dll") Region: id = 1421 start_va = 0x704f0000 end_va = 0x7058afff monitored = 0 entry_point = 0x70550d90 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\SysWOW64\\CoreMessaging.dll" (normalized: "c:\\windows\\syswow64\\coremessaging.dll") Region: id = 1422 start_va = 0x704c0000 end_va = 0x704e8fff monitored = 0 entry_point = 0x704c7e90 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 1423 start_va = 0x766d0000 end_va = 0x76732fff monitored = 0 entry_point = 0x766d4b40 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1424 start_va = 0x71ce0000 end_va = 0x71dbcfff monitored = 0 entry_point = 0x71d57530 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 1425 start_va = 0x2670000 end_va = 0x2673fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 1426 start_va = 0x2680000 end_va = 0x2690fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 1427 start_va = 0x3e20000 end_va = 0x4022fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e20000" filename = "" Region: id = 1428 start_va = 0x3e20000 end_va = 0x3f28fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e20000" filename = "" Region: id = 1429 start_va = 0x3e20000 end_va = 0x3f2efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e20000" filename = "" Region: id = 1432 start_va = 0x3e20000 end_va = 0x3f28fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e20000" filename = "" Region: id = 1433 start_va = 0x26a0000 end_va = 0x26a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026a0000" filename = "" Region: id = 1434 start_va = 0x733d0000 end_va = 0x739d2fff monitored = 0 entry_point = 0x735aae30 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1435 start_va = 0x733a0000 end_va = 0x733c2fff monitored = 0 entry_point = 0x733a8580 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\SysWOW64\\wldp.dll" (normalized: "c:\\windows\\syswow64\\wldp.dll") Region: id = 1436 start_va = 0x71e80000 end_va = 0x71f41fff monitored = 0 entry_point = 0x71ee09b0 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 1437 start_va = 0x3e20000 end_va = 0x3e23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1438 start_va = 0x3e30000 end_va = 0x3e78fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db") Region: id = 1439 start_va = 0x3e80000 end_va = 0x3e83fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1440 start_va = 0x3e90000 end_va = 0x3f2bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1441 start_va = 0x3f30000 end_va = 0x3f3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1442 start_va = 0x3f40000 end_va = 0x3f43fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1443 start_va = 0x3f50000 end_va = 0x3f63fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000006.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000006.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000006.db") Region: id = 1444 start_va = 0x3f40000 end_va = 0x3f40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f40000" filename = "" Region: id = 1445 start_va = 0x72f20000 end_va = 0x72f37fff monitored = 0 entry_point = 0x72f2a250 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1446 start_va = 0x3f70000 end_va = 0x3faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f70000" filename = "" Region: id = 1447 start_va = 0x3fb0000 end_va = 0x40affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003fb0000" filename = "" Region: id = 1448 start_va = 0x777a0000 end_va = 0x777dafff monitored = 0 entry_point = 0x777ad450 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1449 start_va = 0x71e60000 end_va = 0x71e7afff monitored = 0 entry_point = 0x71e647c0 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 1450 start_va = 0x40b0000 end_va = 0x40effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 1451 start_va = 0x40f0000 end_va = 0x41effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 1453 start_va = 0x41f0000 end_va = 0x422ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041f0000" filename = "" Region: id = 1454 start_va = 0x4230000 end_va = 0x432ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004230000" filename = "" Region: id = 1455 start_va = 0x4330000 end_va = 0x436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004330000" filename = "" Region: id = 1456 start_va = 0x4370000 end_va = 0x446ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004370000" filename = "" Region: id = 1457 start_va = 0x4470000 end_va = 0x4471fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004470000" filename = "" Region: id = 1459 start_va = 0x4480000 end_va = 0x4480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004480000" filename = "" Region: id = 1460 start_va = 0x4490000 end_va = 0x4490fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004490000" filename = "" Region: id = 1461 start_va = 0x71dc0000 end_va = 0x71e52fff monitored = 0 entry_point = 0x71e3cac0 region_type = mapped_file name = "windows.staterepositoryps.dll" filename = "\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll" (normalized: "c:\\windows\\syswow64\\windows.staterepositoryps.dll") Region: id = 1462 start_va = 0x739e0000 end_va = 0x73b87fff monitored = 0 entry_point = 0x73a61b70 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 1463 start_va = 0x75950000 end_va = 0x75b79fff monitored = 0 entry_point = 0x75b094e0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 1464 start_va = 0x4470000 end_va = 0x4470fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004470000" filename = "" Region: id = 1465 start_va = 0x71c70000 end_va = 0x71cdffff monitored = 0 entry_point = 0x71cc7c50 region_type = mapped_file name = "appresolver.dll" filename = "\\Windows\\SysWOW64\\AppResolver.dll" (normalized: "c:\\windows\\syswow64\\appresolver.dll") Region: id = 1466 start_va = 0x71c20000 end_va = 0x71c67fff monitored = 0 entry_point = 0x71c3ea70 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\SysWOW64\\BCP47Langs.dll" (normalized: "c:\\windows\\syswow64\\bcp47langs.dll") Region: id = 1467 start_va = 0x71c00000 end_va = 0x71c1efff monitored = 0 entry_point = 0x71c02200 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 1468 start_va = 0x75280000 end_va = 0x752a4fff monitored = 0 entry_point = 0x75288820 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1469 start_va = 0x71be0000 end_va = 0x71bfbfff monitored = 0 entry_point = 0x71be7970 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\SysWOW64\\sppc.dll" (normalized: "c:\\windows\\syswow64\\sppc.dll") Region: id = 1470 start_va = 0x44a0000 end_va = 0x44a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.3.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db") Region: id = 1471 start_va = 0x44b0000 end_va = 0x44c1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001b.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001b.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001b.db") Region: id = 1472 start_va = 0x44d0000 end_va = 0x44d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.3.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db") Region: id = 1473 start_va = 0x71ba0000 end_va = 0x71bdcfff monitored = 0 entry_point = 0x71bd0280 region_type = mapped_file name = "onecorecommonproxystub.dll" filename = "\\Windows\\SysWOW64\\OneCoreCommonProxyStub.dll" (normalized: "c:\\windows\\syswow64\\onecorecommonproxystub.dll") Region: id = 1474 start_va = 0x71800000 end_va = 0x71b9cfff monitored = 0 entry_point = 0x71b179e0 region_type = mapped_file name = "onecoreuapcommonproxystub.dll" filename = "\\Windows\\SysWOW64\\OneCoreUAPCommonProxyStub.dll" (normalized: "c:\\windows\\syswow64\\onecoreuapcommonproxystub.dll") Region: id = 1491 start_va = 0x70120000 end_va = 0x70130fff monitored = 0 entry_point = 0x701258f0 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\SysWOW64\\pcacli.dll" (normalized: "c:\\windows\\syswow64\\pcacli.dll") Region: id = 1492 start_va = 0x70100000 end_va = 0x70118fff monitored = 0 entry_point = 0x70103540 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 1886 start_va = 0x24e0000 end_va = 0x24e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1887 start_va = 0x24f0000 end_va = 0x24f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024f0000" filename = "" Region: id = 1889 start_va = 0x24f0000 end_va = 0x24f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024f0000" filename = "" Region: id = 1891 start_va = 0x75b80000 end_va = 0x75c1efff monitored = 0 entry_point = 0x75bb85c0 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1892 start_va = 0x70030000 end_va = 0x7008bfff monitored = 0 entry_point = 0x7003b7d0 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\SysWOW64\\ntshrui.dll" (normalized: "c:\\windows\\syswow64\\ntshrui.dll") Region: id = 1893 start_va = 0x70010000 end_va = 0x7002cfff monitored = 0 entry_point = 0x70014cb0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 1895 start_va = 0x70000000 end_va = 0x7000dfff monitored = 0 entry_point = 0x70003f20 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll") Region: id = 1896 start_va = 0x24f0000 end_va = 0x24f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000024f0000" filename = "" Region: id = 1897 start_va = 0x75170000 end_va = 0x7517afff monitored = 0 entry_point = 0x75172d00 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Region: id = 1898 start_va = 0x26c0000 end_va = 0x26c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026c0000" filename = "" Region: id = 1899 start_va = 0x26c0000 end_va = 0x26c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026c0000" filename = "" Region: id = 1901 start_va = 0x26c0000 end_va = 0x26c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026c0000" filename = "" Region: id = 1903 start_va = 0x76b70000 end_va = 0x76bcdfff monitored = 0 entry_point = 0x76b9fe90 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\SysWOW64\\coml2.dll" (normalized: "c:\\windows\\syswow64\\coml2.dll") Region: id = 1904 start_va = 0x26c0000 end_va = 0x26c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026c0000" filename = "" Region: id = 1906 start_va = 0x6fff0000 end_va = 0x6fffafff monitored = 0 entry_point = 0x6fff26a0 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll") Region: id = 1910 start_va = 0x26c0000 end_va = 0x26c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026c0000" filename = "" Thread: id = 78 os_tid = 0x7cc [0217.271] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0217.272] LoadLibraryExW (lpLibFileName="?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿeØJëÐþ\x19", cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0217.469] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿeØJëÐþ\x19", cbMultiByte=256, lpWideCharStr=0x19f518, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0217.469] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x19f794 | out: lpCharType=0x19f794) returned 1 [0217.469] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿeØJëÐþ\x19", cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0217.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿeØJëÐþ\x19", cbMultiByte=256, lpWideCharStr=0x19f4c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0217.470] LoadLibraryExW (lpLibFileName="?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0217.470] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f2b8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0217.470] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x19fc94, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿeØJëÐþ\x19", lpUsedDefaultChar=0x0) returned 256 [0217.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿeØJëÐþ\x19", cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0217.470] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿeØJëÐþ\x19", cbMultiByte=256, lpWideCharStr=0x19f4e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0217.470] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0217.471] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x19f2d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0217.471] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x19fb94, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿeØJëÐþ\x19", lpUsedDefaultChar=0x0) returned 256 [0217.471] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x788b48 [0217.471] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x214160, nSize=0x104 | out: lpFilename="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\cfg.exe")) returned 0x2d [0217.471] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x36) returned 0x785240 [0217.471] RtlInitializeSListHead (in: ListHead=0x213d68 | out: ListHead=0x213d68) [0217.471] GetLastError () returned 0x0 [0217.471] SetLastError (dwErrCode=0x0) [0217.471] GetEnvironmentStringsW () returned 0x7923a8* [0217.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1566, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1566 [0217.471] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x61e) returned 0x792ff0 [0217.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1566, lpMultiByteStr=0x792ff0, cbMultiByte=1566, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1566 [0217.471] FreeEnvironmentStringsW (penv=0x7923a8) returned 1 [0217.471] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x9c) returned 0x788f38 [0217.471] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x1f) returned 0x785280 [0217.471] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x2b) returned 0x78aee8 [0217.471] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x2c) returned 0x78af20 [0217.471] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x37) returned 0x7842d0 [0217.471] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x3c) returned 0x7939a0 [0217.471] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x31) returned 0x7847f8 [0217.471] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x18) returned 0x784310 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x24) returned 0x784838 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x32) returned 0x784fe8 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0xd) returned 0x788398 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x1a) returned 0x785028 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x2e) returned 0x78ad28 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x19) returned 0x7804c8 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x17) returned 0x7804f0 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x25) returned 0x780510 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0xe) returned 0x7883b0 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0xf6) returned 0x784070 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x3e) returned 0x7937f0 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x1b) returned 0x784170 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x1d) returned 0x785080 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x48) returned 0x7850a8 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x12) returned 0x784638 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x18) returned 0x792650 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x1b) returned 0x784658 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x24) returned 0x784680 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x29) returned 0x78aeb0 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x1e) returned 0x784370 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x6b) returned 0x783c78 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x17) returned 0x792590 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0xf) returned 0x7883c8 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x16) returned 0x792730 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x2a) returned 0x78af58 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x29) returned 0x78add0 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x16) returned 0x792690 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x25) returned 0x792b68 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x13) returned 0x792670 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x1f) returned 0x792eb0 [0217.472] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x12) returned 0x792750 [0217.473] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x792ff0 | out: hHeap=0x780000) returned 1 [0217.473] QueryPerformanceFrequency (in: lpFrequency=0x19ff10 | out: lpFrequency=0x19ff10*=100000000) returned 1 [0217.473] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff08 | out: lpPerformanceCount=0x19ff08*=2718522657982) returned 1 [0217.474] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x800) returned 0x793e20 [0217.474] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0217.474] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x1d0bb0) returned 0x0 [0217.475] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x19fefc | out: lpCPInfo=0x19fefc) returned 1 [0217.563] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x794628 [0217.565] GetCurrentProcess () returned 0xffffffff [0217.565] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x19fed0, lpSystemAffinityMask=0x19fecc | out: lpProcessAffinityMask=0x19fed0, lpSystemAffinityMask=0x19fecc) returned 1 [0217.566] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x794a30 [0217.566] GetCurrentProcess () returned 0xffffffff [0217.566] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x19fed0, lpSystemAffinityMask=0x19fecc | out: lpProcessAffinityMask=0x19fed0, lpSystemAffinityMask=0x19fecc) returned 1 [0217.567] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x794e38 [0217.568] GetStartupInfoW (in: lpStartupInfo=0x19fef0 | out: lpStartupInfo=0x19fef0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0217.571] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0217.571] GetProcAddress (hModule=0x75ce0000, lpProcName="SetDllDirectoryW") returned 0x75d01f50 [0217.574] SetDllDirectoryW (lpPathName="") returned 1 [0217.574] GetProcAddress (hModule=0x75ce0000, lpProcName="SetDefaultDllDirectories") returned 0x7772f4f0 [0217.575] SetDefaultDllDirectories (DirectoryFlags=0x800) returned 1 [0217.575] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x194d6c, nSize=0x800 | out: lpFilename="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\cfg.exe")) returned 0x2d [0217.575] GetVersionExW (in: lpVersionInformation=0x19493c*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x1c1be5, dwMinorVersion=0x782b58, dwBuildNumber=0x9, dwPlatformId=0x0, szCSDVersion="睲⻸x䴈\x1e잀x") | out: lpVersionInformation=0x19493c*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x4a61, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0217.575] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0217.576] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\version.dll") returned 0x752b0000 [0217.670] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="version.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0217.678] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0217.678] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\DXGIDebug.dll") returned 0x0 [0217.679] GetFileAttributesW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\DXGIDebug.dll" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\dxgidebug.dll")) returned 0xffffffff [0217.679] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0217.679] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\sfc_os.dll") returned 0x69630000 [0217.704] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="sfc_os.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0217.704] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0217.704] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\SSPICLI.DLL") returned 0x73c00000 [0217.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SSPICLI.DLL", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0217.711] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0217.711] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\rsaenh.dll") returned 0x716e0000 [0218.082] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="rsaenh.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0218.082] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0218.082] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\UXTheme.dll") returned 0x74e80000 [0218.087] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="UXTheme.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0218.087] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0218.087] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\dwmapi.dll") returned 0x711a0000 [0218.096] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="dwmapi.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 1 [0218.096] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0218.096] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\cryptbase.dll") returned 0x73b90000 [0218.099] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="cryptbase.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 1 [0218.099] GetCurrentDirectoryW (in: nBufferLength=0x800, lpBuffer=0x201890 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop") returned 0x1a [0218.100] GetSystemDirectoryW (in: lpBuffer=0x19ee04, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0218.100] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\riched20.dll") returned 0x695b0000 [0218.366] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75ce0000 [0218.367] GetProcAddress (hModule=0x75ce0000, lpProcName="AcquireSRWLockExclusive") returned 0x77d8a150 [0218.367] GetProcAddress (hModule=0x75ce0000, lpProcName="ReleaseSRWLockExclusive") returned 0x77d8a2f0 [0218.367] VirtualQuery (in: lpAddress=0x215000, lpBuffer=0x19fd64, dwLength=0x1c | out: lpBuffer=0x19fd64*(BaseAddress=0x215000, AllocationBase=0x1b0000, AllocationProtect=0x80, RegionSize=0x14000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0218.367] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0218.367] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x77290000 [0218.378] GetProcAddress (hModule=0x77290000, lpProcName="OleInitialize") returned 0x772b3740 [0218.378] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fda4 | out: lpflOldProtect=0x19fda4*=0x4) returned 1 [0218.379] OleInitialize (pvReserved=0x0) returned 0x0 [0218.760] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0218.760] LoadLibraryExA (lpLibFileName="COMCTL32.dll", hFile=0x0, dwFlags=0x0) returned 0x74f60000 [0218.877] GetProcAddress (hModule=0x74f60000, lpProcName="InitCommonControlsEx") returned 0x74fb2c50 [0218.878] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fda4 | out: lpflOldProtect=0x19fda4*=0x4) returned 1 [0218.878] InitCommonControlsEx (picce=0x19fe28) returned 1 [0218.882] GdiplusStartup (in: token=0x19fe30, input=0x19fe18, output=0x0 | out: token=0x19fe30, output=0x0) returned 0x0 [0218.895] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0218.895] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x76090000 [0218.904] GetProcAddress (hModule=0x76090000, lpProcName="SHGetMalloc") returned 0x76205f60 [0218.905] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fda4 | out: lpflOldProtect=0x19fda4*=0x4) returned 1 [0218.905] SHGetMalloc (in: ppMalloc=0x1fa460 | out: ppMalloc=0x1fa460*=0x77a1fec4) returned 0x0 [0218.907] GetCommandLineW () returned="\"C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe\" " [0218.908] SetEnvironmentVariableW (lpName="sfxcmd", lpValue="\"C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe\" ") returned 1 [0218.908] SetEnvironmentVariableW (lpName="sfxpar", lpValue="") returned 1 [0218.908] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x210cc0, nSize=0x800 | out: lpFilename="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\cfg.exe")) returned 0x2d [0218.908] SetEnvironmentVariableW (lpName="sfxname", lpValue="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe") returned 1 [0218.908] GetLocalTime (in: lpSystemTime=0x19fe4c | out: lpSystemTime=0x19fe4c*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0xb, wMinute=0x28, wSecond=0x2, wMilliseconds=0x2e4)) [0218.908] GetLastError () returned 0x0 [0218.909] SetLastError (dwErrCode=0x0) [0218.909] SetEnvironmentVariableW (lpName="sfxstime", lpValue="2024-04-06-11-40-02-740") returned 1 [0218.909] GetModuleHandleW (lpModuleName=0x0) returned 0x1b0000 [0218.909] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0218.909] LoadLibraryExA (lpLibFileName="USER32.dll", hFile=0x0, dwFlags=0x0) returned 0x769d0000 [0218.909] GetProcAddress (hModule=0x769d0000, lpProcName="LoadIconW") returned 0x76a0d0d0 [0218.909] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fdcc | out: lpflOldProtect=0x19fdcc*=0x4) returned 1 [0218.910] LoadIconW (hInstance=0x1b0000, lpIconName=0x64) returned 0x11029d [0218.913] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0218.914] GetProcAddress (hModule=0x769d0000, lpProcName="LoadBitmapW") returned 0x769f8430 [0218.914] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fda4 | out: lpflOldProtect=0x19fda4*=0x4) returned 1 [0218.915] LoadBitmapW (hInstance=0x1b0000, lpBitmapName=0x65) returned 0x0 [0218.915] FindResourceW (hModule=0x1b0000, lpName=0x65, lpType="PNG") returned 0x216420 [0218.915] SizeofResource (hModule=0x1b0000, hResInfo=0x216420) returned 0xb45 [0218.915] LoadResource (hModule=0x1b0000, hResInfo=0x216420) returned 0x216674 [0218.915] LockResource (hResData=0x216674) returned 0x216674 [0218.918] GlobalLock (hMem=0x2460004) returned 0x780af0 [0218.918] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0218.919] GetProcAddress (hModule=0x77290000, lpProcName="CreateStreamOnHGlobal") returned 0x7786c4d0 [0218.919] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fd80 | out: lpflOldProtect=0x19fd80*=0x4) returned 1 [0218.996] CreateStreamOnHGlobal (in: hGlobal=0x2460004, fDeleteOnRelease=0, ppstm=0x19fe04 | out: ppstm=0x19fe04*=0x792c30) returned 0x0 [0218.997] GdipAlloc (size=0x10) returned 0x26b12b0 [0218.998] GdipCreateBitmapFromStream (stream=0x792c30, bitmap=0x19fdcc) returned 0x0 [0219.102] IUnknown:Release (This=0x792c30) returned 0x2 [0219.102] GdipCreateHBITMAPFromBitmap (bitmap=0x26b12c8, hbmReturn=0x19fe08, background=0xffffff) returned 0x0 [0219.268] GdipDisposeImage (image=0x26b12c8) returned 0x0 [0219.268] GdipFree (ptr=0x26b12b0) [0219.268] GlobalUnlock (hMem=0x2460004) returned 0 [0219.270] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.271] LoadLibraryExA (lpLibFileName="GDI32.dll", hFile=0x0, dwFlags=0x0) returned 0x767c0000 [0219.271] GetProcAddress (hModule=0x767c0000, lpProcName="GetObjectW") returned 0x767c6ca0 [0219.271] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fda0 | out: lpflOldProtect=0x19fda0*=0x4) returned 1 [0219.272] GetObjectW (in: h=0x2b0505ad, c=24, pv=0x19fe1c | out: pv=0x19fe1c) returned 24 [0219.272] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.273] GetProcAddress (hModule=0x769d0000, lpProcName="GetDC") returned 0x76a0b780 [0219.273] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fd94 | out: lpflOldProtect=0x19fd94*=0x4) returned 1 [0219.274] GetDC (hWnd=0x0) returned 0x1e0106ec [0219.274] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.275] GetProcAddress (hModule=0x767c0000, lpProcName="GetDeviceCaps") returned 0x767c5f10 [0219.275] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fd90 | out: lpflOldProtect=0x19fd90*=0x4) returned 1 [0219.276] GetDeviceCaps (hdc=0x1e0106ec, index=88) returned 96 [0219.276] GetDeviceCaps (hdc=0x1e0106ec, index=90) returned 96 [0219.276] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.277] GetProcAddress (hModule=0x769d0000, lpProcName="ReleaseDC") returned 0x76a0b120 [0219.277] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fd90 | out: lpflOldProtect=0x19fd90*=0x4) returned 1 [0219.277] ReleaseDC (hWnd=0x0, hDC=0x1e0106ec) returned 1 [0219.278] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\cfg.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x238 [0219.278] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x79f7c8 [0219.278] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x80) returned 0x79f258 [0219.278] RtlReAllocateHeap (Heap=0x780000, Flags=0x0, Ptr=0x79f7c8, Size=0x120) returned 0x780af0 [0219.278] RtlReAllocateHeap (Heap=0x780000, Flags=0x0, Ptr=0x79f258, Size=0x120) returned 0x780c18 [0219.278] RtlReAllocateHeap (Heap=0x780000, Flags=0x0, Ptr=0x780af0, Size=0x1e8) returned 0x780d40 [0219.278] RtlReAllocateHeap (Heap=0x780000, Flags=0x0, Ptr=0x780c18, Size=0x1e8) returned 0x780f30 [0219.279] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x0 [0219.279] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.280] SetFilePointer (in: hFile=0x238, lDistanceToMove=8176, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x1ff0 [0219.280] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x1ff0 [0219.280] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.281] SetFilePointer (in: hFile=0x238, lDistanceToMove=16352, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x3fe0 [0219.281] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x3fe0 [0219.281] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.281] SetFilePointer (in: hFile=0x238, lDistanceToMove=24528, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x5fd0 [0219.281] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x5fd0 [0219.281] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.281] SetFilePointer (in: hFile=0x238, lDistanceToMove=32704, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x7fc0 [0219.281] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x7fc0 [0219.281] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.282] SetFilePointer (in: hFile=0x238, lDistanceToMove=40880, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x9fb0 [0219.282] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x9fb0 [0219.282] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.282] SetFilePointer (in: hFile=0x238, lDistanceToMove=49056, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0xbfa0 [0219.282] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0xbfa0 [0219.282] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.282] SetFilePointer (in: hFile=0x238, lDistanceToMove=57232, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0xdf90 [0219.282] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0xdf90 [0219.282] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.283] SetFilePointer (in: hFile=0x238, lDistanceToMove=65408, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0xff80 [0219.283] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0xff80 [0219.283] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.283] SetFilePointer (in: hFile=0x238, lDistanceToMove=73584, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x11f70 [0219.283] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x11f70 [0219.283] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.283] SetFilePointer (in: hFile=0x238, lDistanceToMove=81760, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x13f60 [0219.283] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x13f60 [0219.283] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.284] SetFilePointer (in: hFile=0x238, lDistanceToMove=89936, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x15f50 [0219.284] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x15f50 [0219.284] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.284] SetFilePointer (in: hFile=0x238, lDistanceToMove=98112, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x17f40 [0219.284] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x17f40 [0219.284] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.284] SetFilePointer (in: hFile=0x238, lDistanceToMove=106288, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x19f30 [0219.284] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x19f30 [0219.285] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.285] SetFilePointer (in: hFile=0x238, lDistanceToMove=114464, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x1bf20 [0219.285] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x1bf20 [0219.285] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.285] SetFilePointer (in: hFile=0x238, lDistanceToMove=122640, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x1df10 [0219.285] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x1df10 [0219.285] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.285] SetFilePointer (in: hFile=0x238, lDistanceToMove=130816, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x1ff00 [0219.285] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x1ff00 [0219.285] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.286] SetFilePointer (in: hFile=0x238, lDistanceToMove=138992, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x21ef0 [0219.286] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x21ef0 [0219.286] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.286] SetFilePointer (in: hFile=0x238, lDistanceToMove=147168, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x23ee0 [0219.286] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x23ee0 [0219.286] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.286] SetFilePointer (in: hFile=0x238, lDistanceToMove=155344, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x25ed0 [0219.286] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x25ed0 [0219.287] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.287] SetFilePointer (in: hFile=0x238, lDistanceToMove=163520, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x27ec0 [0219.287] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x27ec0 [0219.287] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.287] SetFilePointer (in: hFile=0x238, lDistanceToMove=171696, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x29eb0 [0219.287] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x29eb0 [0219.287] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.287] SetFilePointer (in: hFile=0x238, lDistanceToMove=179872, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x2bea0 [0219.287] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x2bea0 [0219.288] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.288] SetFilePointer (in: hFile=0x238, lDistanceToMove=188048, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x2de90 [0219.288] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x2de90 [0219.288] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.288] SetFilePointer (in: hFile=0x238, lDistanceToMove=196224, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x2fe80 [0219.288] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x2fe80 [0219.288] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.288] SetFilePointer (in: hFile=0x238, lDistanceToMove=204400, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x31e70 [0219.289] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x31e70 [0219.289] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.289] SetFilePointer (in: hFile=0x238, lDistanceToMove=212576, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x33e60 [0219.289] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x33e60 [0219.289] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.289] SetFilePointer (in: hFile=0x238, lDistanceToMove=220752, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x35e50 [0219.289] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x35e50 [0219.289] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.289] SetFilePointer (in: hFile=0x238, lDistanceToMove=228928, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x37e40 [0219.290] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x37e40 [0219.290] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.290] SetFilePointer (in: hFile=0x238, lDistanceToMove=237104, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x39e30 [0219.290] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x39e30 [0219.290] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.290] SetFilePointer (in: hFile=0x238, lDistanceToMove=245280, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x3be20 [0219.290] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x3be20 [0219.290] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.290] SetFilePointer (in: hFile=0x238, lDistanceToMove=253456, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x3de10 [0219.290] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x3de10 [0219.290] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.291] SetFilePointer (in: hFile=0x238, lDistanceToMove=261632, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x3fe00 [0219.291] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x3fe00 [0219.291] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.292] SetFilePointer (in: hFile=0x238, lDistanceToMove=269808, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x41df0 [0219.292] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x41df0 [0219.292] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.292] SetFilePointer (in: hFile=0x238, lDistanceToMove=277984, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x43de0 [0219.292] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x43de0 [0219.292] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.292] SetFilePointer (in: hFile=0x238, lDistanceToMove=286160, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x45dd0 [0219.292] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x45dd0 [0219.292] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.292] SetFilePointer (in: hFile=0x238, lDistanceToMove=294336, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x47dc0 [0219.292] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x47dc0 [0219.292] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.313] SetFilePointer (in: hFile=0x238, lDistanceToMove=302512, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x49db0 [0219.313] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x49db0 [0219.313] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.313] SetFilePointer (in: hFile=0x238, lDistanceToMove=310688, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x4bda0 [0219.313] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x4bda0 [0219.314] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.314] SetFilePointer (in: hFile=0x238, lDistanceToMove=318864, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x4dd90 [0219.314] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x4dd90 [0219.314] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.314] SetFilePointer (in: hFile=0x238, lDistanceToMove=327040, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x4fd80 [0219.314] SetFilePointer (in: hFile=0x238, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x4fd80 [0219.314] ReadFile (in: hFile=0x238, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0219.314] CloseHandle (hObject=0x238) returned 1 [0219.315] GetModuleHandleW (lpModuleName=0x0) returned 0x1b0000 [0219.315] FindResourceW (hModule=0x1b0000, lpName="RTL", lpType=0x5) returned 0x0 [0219.315] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x795d70 [0219.315] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc) returned 0x795c20 [0219.315] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.316] GetProcAddress (hModule=0x769d0000, lpProcName="DialogBoxParamW") returned 0x76a2b380 [0219.316] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fdc0 | out: lpflOldProtect=0x19fdc0*=0x4) returned 1 [0219.316] DialogBoxParamW (hInstance=0x1b0000, lpTemplateName="STARTDLG", hWndParent=0x0, lpDialogFunc=0x1cc9d0, dwInitParam=0x0) returned 0x1 [0219.681] GetLastError () returned 0x0 [0219.681] SetLastError (dwErrCode=0x0) [0219.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="$STARTDLG:", cchWideChar=-1, lpMultiByteStr=0x1907dc, cbMultiByte=80, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$STARTDLG:", lpUsedDefaultChar=0x0) returned 11 [0219.681] GetLastError () returned 0x0 [0219.681] SetLastError (dwErrCode=0x0) [0219.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="$STARTDLG:SIZE", cchWideChar=-1, lpMultiByteStr=0x1902fc, cbMultiByte=80, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$STARTDLG:SIZE", lpUsedDefaultChar=0x0) returned 15 [0219.681] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.682] GetProcAddress (hModule=0x769d0000, lpProcName="GetWindowRect") returned 0x76a01b80 [0219.683] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19070c | out: lpflOldProtect=0x19070c*=0x4) returned 1 [0219.683] GetWindowRect (in: hWnd=0x701f4, lpRect=0x1907a8 | out: lpRect=0x1907a8) returned 1 [0219.683] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.684] GetProcAddress (hModule=0x769d0000, lpProcName="GetClientRect") returned 0x76a01e00 [0219.684] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19070c | out: lpflOldProtect=0x19070c*=0x4) returned 1 [0219.684] GetClientRect (in: hWnd=0x701f4, lpRect=0x1907cc | out: lpRect=0x1907cc) returned 1 [0219.684] GetLastError () returned 0x0 [0219.684] SetLastError (dwErrCode=0x0) [0219.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="$STARTDLG:CAPTION", cchWideChar=-1, lpMultiByteStr=0x190714, cbMultiByte=80, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$STARTDLG:CAPTION", lpUsedDefaultChar=0x0) returned 18 [0219.684] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.685] GetProcAddress (hModule=0x769d0000, lpProcName="GetSystemMetrics") returned 0x76a01aa0 [0219.685] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x190710 | out: lpflOldProtect=0x190710*=0x4) returned 1 [0219.685] GetSystemMetrics (nIndex=8) returned 3 [0219.685] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.687] GetProcAddress (hModule=0x769d0000, lpProcName="GetWindow") returned 0x76a08b50 [0219.687] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19070c | out: lpflOldProtect=0x19070c*=0x4) returned 1 [0219.688] GetWindow (hWnd=0x701f4, uCmd=0x5) returned 0xb01e8 [0219.688] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.688] GetProcAddress (hModule=0x769d0000, lpProcName="SendMessageW") returned 0x76a02680 [0219.688] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x191088 | out: lpflOldProtect=0x191088*=0x4) returned 1 [0219.689] SendMessageW (hWnd=0x701f4, Msg=0x80, wParam=0x1, lParam=0x11029d) returned 0x0 [0219.696] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.697] GetProcAddress (hModule=0x769d0000, lpProcName="SendDlgItemMessageW") returned 0x76a078d0 [0219.697] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x191084 | out: lpflOldProtect=0x191084*=0x4) returned 1 [0219.697] SendDlgItemMessageW (hDlg=0x701f4, nIDDlgItem=108, Msg=0x172, wParam=0x0, lParam=0x2b0505ad) returned 0x0 [0219.704] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.704] GetProcAddress (hModule=0x769d0000, lpProcName="GetDlgItem") returned 0x76a05e40 [0219.705] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x191090 | out: lpflOldProtect=0x191090*=0x4) returned 1 [0219.705] GetDlgItem (hDlg=0x701f4, nIDDlgItem=104) returned 0x70048 [0219.705] SendMessageW (hWnd=0x70048, Msg=0x435, wParam=0x0, lParam=0x400000) returned 0x0 [0219.705] GetCurrentDirectoryW (in: nBufferLength=0x800, lpBuffer=0x19e544 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Desktop") returned 0x1a [0219.705] GetDlgItem (hDlg=0x701f4, nIDDlgItem=102) returned 0x9006c [0219.705] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.706] GetProcAddress (hModule=0x769d0000, lpProcName="SetWindowTextW") returned 0x76a073a0 [0219.706] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x191090 | out: lpflOldProtect=0x191090*=0x4) returned 1 [0219.706] SetWindowTextW (hWnd=0x9006c, lpString="C:\\Users\\OqXZRaykm\\Desktop") returned 1 [0219.707] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.707] GetProcAddress (hModule=0x769d0000, lpProcName="GetClassNameW") returned 0x76a0bdf0 [0219.707] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x190fdc | out: lpflOldProtect=0x190fdc*=0x4) returned 1 [0219.708] GetClassNameW (in: hWnd=0x9006c, lpClassName=0x191054, nMaxCount=80 | out: lpClassName="ComboBox") returned 8 [0219.708] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="ComboBox", cchCount1=-1, lpString2="EDIT", cchCount2=-1) returned 1 [0219.708] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.708] GetProcAddress (hModule=0x769d0000, lpProcName="FindWindowExW") returned 0x769f7eb0 [0219.708] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x190fd4 | out: lpflOldProtect=0x190fd4*=0x4) returned 1 [0219.709] FindWindowExW (hWndParent=0x9006c, hWndChildAfter=0x0, lpszClass="EDIT", lpszWindow=0x0) returned 0xa0052 [0219.709] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0219.709] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x76bd0000 [0219.710] GetProcAddress (hModule=0x76bd0000, lpProcName="SHAutoComplete") returned 0x76bf54a0 [0219.710] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x190fe0 | out: lpflOldProtect=0x190fe0*=0x4) returned 1 [0219.712] SHAutoComplete (hwndEdit=0xa0052, dwFlags=0x10) returned 0x0 [0220.652] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7bb358 [0220.652] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7bb760 [0220.652] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7bbb68 [0220.652] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7bbf70 [0220.652] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7bc378 [0220.652] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7bc780 [0220.652] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7bcb88 [0220.652] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7bcf90 [0220.653] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x930) returned 0x7bd398 [0220.653] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7bdcd0 [0220.653] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7be0d8 [0220.653] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7be4e0 [0220.653] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c3ca0 [0220.653] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c2878 [0220.653] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c4cc0 [0220.653] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c44b0 [0220.653] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c40a8 [0220.653] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x930) returned 0x7c5c40 [0220.653] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c3898 [0220.653] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c48b8 [0220.654] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c2c80 [0220.654] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c3088 [0220.654] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c2068 [0220.654] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c50c8 [0220.654] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c54d0 [0220.654] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c3490 [0220.654] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb3f0) returned 0x7c6578 [0220.655] GetCurrentProcess () returned 0xffffffff [0220.655] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x189c90, lpSystemAffinityMask=0x189c8c | out: lpProcessAffinityMask=0x189c90, lpSystemAffinityMask=0x189c8c) returned 1 [0220.655] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c2470 [0220.655] GetCurrentProcess () returned 0xffffffff [0220.655] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x189c90, lpSystemAffinityMask=0x189c8c | out: lpProcessAffinityMask=0x189c90, lpSystemAffinityMask=0x189c8c) returned 1 [0220.656] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\cfg.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x2b0 [0220.656] ReadFile (in: hFile=0x2b0, lpBuffer=0x18b7c8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x189c9c, lpOverlapped=0x0 | out: lpBuffer=0x18b7c8*, lpNumberOfBytesRead=0x189c9c*=0x7, lpOverlapped=0x0) returned 1 [0220.656] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x200000) returned 0x3e2e020 [0220.657] SetFilePointer (in: hFile=0x2b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189cd0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189cd0*=0) returned 0x7 [0220.657] ReadFile (in: hFile=0x2b0, lpBuffer=0x3e2e020, nNumberOfBytesToRead=0x1ffff0, lpNumberOfBytesRead=0x189c9c, lpOverlapped=0x0 | out: lpBuffer=0x3e2e020*, lpNumberOfBytesRead=0x189c9c*=0x1bd73b, lpOverlapped=0x0) returned 1 [0220.807] SetFilePointer (in: hFile=0x2b0, lDistanceToMove=334336, lpDistanceToMoveHigh=0x188cac*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x188cac*=0) returned 0x51a00 [0220.807] ReadFile (in: hFile=0x2b0, lpBuffer=0x18b7c8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x189c9c, lpOverlapped=0x0 | out: lpBuffer=0x18b7c8*, lpNumberOfBytesRead=0x189c9c*=0x7, lpOverlapped=0x0) returned 1 [0220.826] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x3e2e020 | out: hHeap=0x780000) returned 1 [0220.863] ReadFile (in: hFile=0x2b0, lpBuffer=0x18b7cf, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x189c9c, lpOverlapped=0x0 | out: lpBuffer=0x18b7cf*, lpNumberOfBytesRead=0x189c9c*=0x1, lpOverlapped=0x0) returned 1 [0220.863] SetFilePointer (in: hFile=0x2b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189cc4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189cc4*=0) returned 0x51a08 [0220.863] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x7b25c0 [0220.863] ReadFile (in: hFile=0x2b0, lpBuffer=0x7b25c0, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x187b88, lpOverlapped=0x0 | out: lpBuffer=0x7b25c0*, lpNumberOfBytesRead=0x187b88*=0x7, lpOverlapped=0x0) returned 1 [0220.863] ReadFile (in: hFile=0x2b0, lpBuffer=0x7b25c7, nNumberOfBytesToRead=0xa, lpNumberOfBytesRead=0x187b88, lpOverlapped=0x0 | out: lpBuffer=0x7b25c7*, lpNumberOfBytesRead=0x187b88*=0xa, lpOverlapped=0x0) returned 1 [0220.864] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7b25c0 | out: hHeap=0x780000) returned 1 [0220.864] SetFilePointer (in: hFile=0x2b0, lDistanceToMove=334361, lpDistanceToMoveHigh=0x188ca0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x188ca0*=0) returned 0x51a19 [0220.864] SetFilePointer (in: hFile=0x2b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189cd0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189cd0*=0) returned 0x51a19 [0220.864] SetFilePointer (in: hFile=0x2b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189cc4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189cc4*=0) returned 0x51a19 [0220.864] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x7b24d0 [0220.864] ReadFile (in: hFile=0x2b0, lpBuffer=0x7b24d0, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x187b88, lpOverlapped=0x0 | out: lpBuffer=0x7b24d0*, lpNumberOfBytesRead=0x187b88*=0x7, lpOverlapped=0x0) returned 1 [0220.865] ReadFile (in: hFile=0x2b0, lpBuffer=0x7b24d7, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x187b88, lpOverlapped=0x0 | out: lpBuffer=0x7b24d7*, lpNumberOfBytesRead=0x187b88*=0x11, lpOverlapped=0x0) returned 1 [0220.865] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7b24d0 | out: hHeap=0x780000) returned 1 [0220.865] SetFilePointer (in: hFile=0x2b0, lDistanceToMove=334535, lpDistanceToMoveHigh=0x188ca0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x188ca0*=0) returned 0x51ac7 [0220.866] SetFilePointer (in: hFile=0x2b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189cc4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189cc4*=0) returned 0x51ac7 [0220.866] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x7b25c0 [0220.866] ReadFile (in: hFile=0x2b0, lpBuffer=0x7b25c0, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x187b88, lpOverlapped=0x0 | out: lpBuffer=0x7b25c0*, lpNumberOfBytesRead=0x187b88*=0x7, lpOverlapped=0x0) returned 1 [0220.866] RtlReAllocateHeap (Heap=0x780000, Flags=0x0, Ptr=0x7b25c0, Size=0x48) returned 0x79b1f0 [0220.866] ReadFile (in: hFile=0x2b0, lpBuffer=0x79b1f7, nNumberOfBytesToRead=0x28, lpNumberOfBytesRead=0x187b88, lpOverlapped=0x0 | out: lpBuffer=0x79b1f7*, lpNumberOfBytesRead=0x187b88*=0x28, lpOverlapped=0x0) returned 1 [0220.866] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x79b1f0 | out: hHeap=0x780000) returned 1 [0220.866] SetFilePointer (in: hFile=0x2b0, lDistanceToMove=334361, lpDistanceToMoveHigh=0x188cac*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x188cac*=0) returned 0x51a19 [0220.866] SetFilePointer (in: hFile=0x2b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189d10*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189d10*=0) returned 0x51a19 [0220.866] SetFilePointer (in: hFile=0x2b0, lDistanceToMove=334361, lpDistanceToMoveHigh=0x188cd8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x188cd8*=0) returned 0x51a19 [0220.867] SetFilePointer (in: hFile=0x2b0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189cdc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189cdc*=0) returned 0x51a19 [0220.867] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x7b23b8 [0220.867] ReadFile (in: hFile=0x2b0, lpBuffer=0x7b23b8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x187ba0, lpOverlapped=0x0 | out: lpBuffer=0x7b23b8*, lpNumberOfBytesRead=0x187ba0*=0x7, lpOverlapped=0x0) returned 1 [0220.867] ReadFile (in: hFile=0x2b0, lpBuffer=0x7b23bf, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x187ba0, lpOverlapped=0x0 | out: lpBuffer=0x7b23bf*, lpNumberOfBytesRead=0x187ba0*=0x11, lpOverlapped=0x0) returned 1 [0220.868] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7b23b8 | out: hHeap=0x780000) returned 1 [0220.869] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8004) returned 0x7d1970 [0220.871] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8004) returned 0x7d9980 [0220.872] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x40000) returned 0x7e1990 [0220.881] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x96) returned 0x7be8e8 [0220.881] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb54) returned 0x821998 [0220.881] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x100000) returned 0x3e28020 [0220.882] ReadFile (in: hFile=0x2b0, lpBuffer=0x3e28020, nNumberOfBytesToRead=0x96, lpNumberOfBytesRead=0x17b534, lpOverlapped=0x0 | out: lpBuffer=0x3e28020*, lpNumberOfBytesRead=0x17b534*=0x96, lpOverlapped=0x0) returned 1 [0220.883] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0220.883] GetProcAddress (hModule=0x769d0000, lpProcName="PeekMessageW") returned 0x76a082a0 [0220.884] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x17b4c4 | out: lpflOldProtect=0x17b4c4*=0x4) returned 1 [0220.884] PeekMessageW (in: lpMsg=0x17b544, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x17b544) returned 1 [0220.884] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0220.885] GetProcAddress (hModule=0x769d0000, lpProcName="GetMessageW") returned 0x76a08230 [0220.885] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x17b4c8 | out: lpflOldProtect=0x17b4c8*=0x4) returned 1 [0220.886] GetMessageW (in: lpMsg=0x17b544, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x17b544) returned 1 [0220.886] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0220.886] GetProcAddress (hModule=0x769d0000, lpProcName="IsDialogMessageW") returned 0x76a06890 [0220.887] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x17b4d0 | out: lpflOldProtect=0x17b4d0*=0x4) returned 1 [0220.887] IsDialogMessageW (hDlg=0x701f4, lpMsg=0x17b544) returned 1 [0220.893] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0220.893] PeekMessageW (in: lpMsg=0x17b554, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x17b554) returned 1 [0220.893] GetMessageW (in: lpMsg=0x17b554, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x17b554) returned 1 [0220.893] IsDialogMessageW (hDlg=0x701f4, lpMsg=0x17b554) returned 0 [0220.894] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0220.894] GetProcAddress (hModule=0x769d0000, lpProcName="TranslateMessage") returned 0x76a07060 [0220.894] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x17b4e4 | out: lpflOldProtect=0x17b4e4*=0x4) returned 1 [0220.895] TranslateMessage (lpMsg=0x17b554) returned 0 [0220.895] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0220.895] GetProcAddress (hModule=0x769d0000, lpProcName="DispatchMessageW") returned 0x76a027f0 [0220.896] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x17b4e4 | out: lpflOldProtect=0x17b4e4*=0x4) returned 1 [0220.896] DispatchMessageW (lpMsg=0x17b554) returned 0x0 [0220.896] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0220.896] PeekMessageW (in: lpMsg=0x17b540, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x17b540) returned 0 [0220.896] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0220.904] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x3e28020 | out: hHeap=0x780000) returned 1 [0220.906] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7e1990 | out: hHeap=0x780000) returned 1 [0220.907] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d9980 | out: hHeap=0x780000) returned 1 [0220.977] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d1970 | out: hHeap=0x780000) returned 1 [0220.980] RtlReAllocateHeap (Heap=0x780000, Flags=0x0, Ptr=0x7be8e8, Size=0xdb) returned 0x7be8e8 [0220.980] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x12e) returned 0x7be9d0 [0220.980] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7be8e8 | out: hHeap=0x780000) returned 1 [0220.980] SetFilePointer (in: hFile=0x2b0, lDistanceToMove=334361, lpDistanceToMoveHigh=0x188cec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x188cec*=0) returned 0x51a19 [0220.981] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xc6) returned 0x7be8e8 [0220.981] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7be9d0 | out: hHeap=0x780000) returned 1 [0220.981] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c2470 | out: hHeap=0x780000) returned 1 [0220.982] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c6578 | out: hHeap=0x780000) returned 1 [0220.986] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c40a8 | out: hHeap=0x780000) returned 1 [0220.986] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c44b0 | out: hHeap=0x780000) returned 1 [0220.986] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c4cc0 | out: hHeap=0x780000) returned 1 [0220.987] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c2878 | out: hHeap=0x780000) returned 1 [0220.987] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c3ca0 | out: hHeap=0x780000) returned 1 [0220.987] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7be4e0 | out: hHeap=0x780000) returned 1 [0220.988] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7be0d8 | out: hHeap=0x780000) returned 1 [0220.988] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bdcd0 | out: hHeap=0x780000) returned 1 [0220.988] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bd398 | out: hHeap=0x780000) returned 1 [0220.989] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c3490 | out: hHeap=0x780000) returned 1 [0220.989] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c54d0 | out: hHeap=0x780000) returned 1 [0220.989] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c50c8 | out: hHeap=0x780000) returned 1 [0220.989] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c2068 | out: hHeap=0x780000) returned 1 [0220.990] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c3088 | out: hHeap=0x780000) returned 1 [0220.990] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c2c80 | out: hHeap=0x780000) returned 1 [0220.990] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c48b8 | out: hHeap=0x780000) returned 1 [0220.991] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c3898 | out: hHeap=0x780000) returned 1 [0220.991] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c5c40 | out: hHeap=0x780000) returned 1 [0220.993] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x821998 | out: hHeap=0x780000) returned 1 [0220.993] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bcf90 | out: hHeap=0x780000) returned 1 [0220.994] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bcb88 | out: hHeap=0x780000) returned 1 [0220.994] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bc780 | out: hHeap=0x780000) returned 1 [0220.994] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bc378 | out: hHeap=0x780000) returned 1 [0220.995] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bbf70 | out: hHeap=0x780000) returned 1 [0220.995] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bbb68 | out: hHeap=0x780000) returned 1 [0220.996] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bb760 | out: hHeap=0x780000) returned 1 [0220.996] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bb358 | out: hHeap=0x780000) returned 1 [0220.996] CloseHandle (hObject=0x2b0) returned 1 [0220.997] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0220.997] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0220.997] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0220.997] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0220.997] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0220.997] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0221.001] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0221.001] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0221.001] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0221.001] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0221.001] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0221.002] ExpandEnvironmentStringsW (in: lpSrc="1.bat", lpDst=0x173830, nSize=0x1000 | out: lpDst="1.bat") returned 0x6 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.002] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.003] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.003] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.003] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.003] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0221.003] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0221.003] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.003] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.003] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.003] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.003] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0221.003] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0221.003] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0221.003] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0221.004] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x173830, nSize=0x1000 | out: lpDst="1") returned 0x2 [0221.004] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.004] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.004] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.004] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.004] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0221.004] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0221.004] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.004] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.004] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0221.004] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.004] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0221.004] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0221.004] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0221.005] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0221.006] ExpandEnvironmentStringsW (in: lpSrc="1.bat", lpDst=0x173830, nSize=0x1000 | out: lpDst="1.bat") returned 0x6 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0221.006] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x173830, nSize=0x1000 | out: lpDst="1") returned 0x2 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.006] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.007] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0221.008] ExpandEnvironmentStringsW (in: lpSrc="1.bat", lpDst=0x173830, nSize=0x1000 | out: lpDst="1.bat") returned 0x6 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0221.008] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0221.009] GetTempPathW (in: nBufferLength=0x800, lpBuffer=0x189860 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 0x25 [0221.009] GetLastError () returned 0x0 [0221.009] SetLastError (dwErrCode=0x0) [0221.009] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0")) returned 0xffffffff [0221.009] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0")) returned 0xffffffff [0221.010] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.010] GetProcAddress (hModule=0x769d0000, lpProcName="SetDlgItemTextW") returned 0x769f89d0 [0221.010] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x1757d8 | out: lpflOldProtect=0x1757d8*=0x4) returned 1 [0221.011] SetDlgItemTextW (hDlg=0x701f4, nIDDlgItem=102, lpString="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0") returned 1 [0221.022] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x173830, nSize=0x1000 | out: lpDst="1") returned 0x2 [0221.022] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.022] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.022] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.022] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.022] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0221.022] GetDlgItem (hDlg=0x701f4, nIDDlgItem=103) returned 0xa0050 [0221.022] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.023] GetProcAddress (hModule=0x769d0000, lpProcName="EnableWindow") returned 0x76a0c9d0 [0221.023] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x191080 | out: lpflOldProtect=0x191080*=0x4) returned 1 [0221.023] EnableWindow (hWnd=0xa0050, bEnable=0) returned 0 [0221.024] GetDlgItem (hDlg=0x701f4, nIDDlgItem=102) returned 0x9006c [0221.024] EnableWindow (hWnd=0x9006c, bEnable=0) returned 0 [0221.029] SendMessageW (hWnd=0x701f4, Msg=0x111, wParam=0x1, lParam=0x0) returned 0x0 [0221.029] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.030] GetProcAddress (hModule=0x769d0000, lpProcName="GetDlgItemTextW") returned 0x769f8200 [0221.030] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x1824d8 | out: lpflOldProtect=0x1824d8*=0x4) returned 1 [0221.030] GetDlgItemTextW (in: hDlg=0x701f4, nIDDlgItem=102, lpString=0x18e994, cchMax=2048 | out: lpString="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0") returned 0x2c [0221.031] GetDlgItem (hDlg=0x701f4, nIDDlgItem=104) returned 0x70048 [0221.031] SendMessageW (hWnd=0x70048, Msg=0xb1, wParam=0x0, lParam=0xffffffff) returned 0x0 [0221.031] SendMessageW (hWnd=0x70048, Msg=0xc2, wParam=0x0, lParam=0x1e45f4) returned 0x0 [0221.032] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.032] GetProcAddress (hModule=0x769d0000, lpProcName="SetFocus") returned 0x76a0ef80 [0221.033] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x1824e4 | out: lpflOldProtect=0x1824e4*=0x4) returned 1 [0221.033] SetFocus (hWnd=0x70048) returned 0x0 [0221.441] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.441] GetProcAddress (hModule=0x769d0000, lpProcName="LoadStringW") returned 0x76a0b980 [0221.441] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x1824b8 | out: lpflOldProtect=0x1824b8*=0x4) returned 1 [0221.442] LoadStringW (in: hInstance=0x1b0000, uID=0xba, lpBuffer=0x1f38e8, cchBufferMax=1024 | out: lpBuffer="Извлечение файлов во временную папку") returned 0x24 [0221.442] PeekMessageW (in: lpMsg=0x1824b4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1824b4) returned 1 [0221.442] GetMessageW (in: lpMsg=0x1824b4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x1824b4) returned 1 [0221.442] IsDialogMessageW (hDlg=0x701f4, lpMsg=0x1824b4) returned 0 [0221.442] TranslateMessage (lpMsg=0x1824b4) returned 0 [0221.442] DispatchMessageW (lpMsg=0x1824b4) returned 0x0 [0221.443] GetDlgItem (hDlg=0x701f4, nIDDlgItem=104) returned 0x70048 [0221.443] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.443] GetProcAddress (hModule=0x769d0000, lpProcName="ShowWindow") returned 0x76a0f1f0 [0221.443] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x182468 | out: lpflOldProtect=0x182468*=0x4) returned 1 [0221.444] ShowWindow (hWnd=0x70048, nCmdShow=5) returned 1 [0221.444] SendMessageW (hWnd=0x70048, Msg=0xb1, wParam=0x0, lParam=0xffffffff) returned 0x0 [0221.445] SendMessageW (hWnd=0x70048, Msg=0xc2, wParam=0x0, lParam=0x1e45f4) returned 0x0 [0221.445] SendMessageW (hWnd=0x70048, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x0 [0221.446] SendMessageW (hWnd=0x70048, Msg=0x43a, wParam=0x0, lParam=0x1824e8) returned 0xf800003f [0221.446] SendMessageW (hWnd=0x70048, Msg=0x444, wParam=0x1, lParam=0x1824e8) returned 0x1 [0221.446] SendMessageW (hWnd=0x70048, Msg=0xc2, wParam=0x0, lParam=0x1f38e8) returned 0x24 [0221.460] SendMessageW (hWnd=0x70048, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x24 [0221.461] SendMessageW (hWnd=0x70048, Msg=0xc2, wParam=0x0, lParam=0x1e549c) returned 0x1 [0221.462] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0")) returned 0xffffffff [0221.462] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0")) returned 0xffffffff [0221.463] GetCurrentProcess () returned 0xffffffff [0221.463] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.464] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ff0000 [0221.464] GetProcAddress (hModule=0x75ff0000, lpProcName="OpenProcessToken") returned 0x7600df20 [0221.464] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x182430 | out: lpflOldProtect=0x182430*=0x4) returned 1 [0221.465] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20008, TokenHandle=0x1824a8 | out: TokenHandle=0x1824a8*=0x308) returned 1 [0221.465] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.465] GetProcAddress (hModule=0x75ff0000, lpProcName="GetTokenInformation") returned 0x7600db80 [0221.465] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x182428 | out: lpflOldProtect=0x182428*=0x4) returned 1 [0221.466] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1824ac | out: TokenInformation=0x0, ReturnLength=0x1824ac) returned 0 [0221.466] GetLastError () returned 0x7a [0221.466] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x24) returned 0x7bd9f0 [0221.516] GetTokenInformation (in: TokenHandle=0x308, TokenInformationClass=0x1, TokenInformation=0x7bd9f0, TokenInformationLength=0x24, ReturnLength=0x1824ac | out: TokenInformation=0x7bd9f0, ReturnLength=0x1824ac) returned 1 [0221.516] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.517] GetProcAddress (hModule=0x75ff0000, lpProcName="CopySid") returned 0x7600e140 [0221.517] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x18242c | out: lpflOldProtect=0x18242c*=0x4) returned 1 [0221.517] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x1824bc, pSourceSid=0x7bd9f8*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xcc)) | out: pDestinationSid=0x1824bc*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xcc))) returned 1 [0221.519] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bd9f0 | out: hHeap=0x780000) returned 1 [0221.519] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.519] GetProcAddress (hModule=0x75ff0000, lpProcName="SetEntriesInAclW") returned 0x7600f780 [0221.519] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x18243c | out: lpflOldProtect=0x18243c*=0x4) returned 1 [0221.520] SetEntriesInAclW () returned 0x0 [0221.521] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.521] GetProcAddress (hModule=0x75ff0000, lpProcName="InitializeSecurityDescriptor") returned 0x7600e7e0 [0221.522] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x182444 | out: lpflOldProtect=0x182444*=0x4) returned 1 [0221.522] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x182500, dwRevision=0x1 | out: pSecurityDescriptor=0x182500) returned 1 [0221.522] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.523] GetProcAddress (hModule=0x75ff0000, lpProcName="SetSecurityDescriptorDacl") returned 0x7600e640 [0221.523] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x18243c | out: lpflOldProtect=0x18243c*=0x4) returned 1 [0221.523] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x182500, bDaclPresent=1, pDacl=0x7ac3d0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x182500) returned 1 [0221.523] CreateDirectoryW (lpPathName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0"), lpSecurityAttributes=0x182534) returned 1 [0221.528] LocalFree (hMem=0x7ac3d0) returned 0x0 [0221.528] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0221.528] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0221.528] GetLastError () returned 0xb7 [0221.528] CreateDirectoryW (lpPathName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm"), lpSecurityAttributes=0x0) returned 0 [0221.529] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm")) returned 0x10 [0221.530] GetLastError () returned 0xb7 [0221.530] CreateDirectoryW (lpPathName="C:\\Users\\OQXZRA~1\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpSecurityAttributes=0x0) returned 0 [0221.530] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata")) returned 0x12 [0221.530] GetLastError () returned 0xb7 [0221.530] CreateDirectoryW (lpPathName="C:\\Users\\OQXZRA~1\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0221.530] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local")) returned 0x10 [0221.530] GetLastError () returned 0xb7 [0221.530] CreateDirectoryW (lpPathName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0221.530] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp")) returned 0x10 [0221.531] GetLastError () returned 0xb7 [0221.531] CreateDirectoryW (lpPathName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0"), lpSecurityAttributes=0x0) returned 0 [0221.531] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0")) returned 0x10 [0221.531] GetLastError () returned 0xb7 [0221.531] GetLastError () returned 0xb7 [0221.531] SetCurrentDirectoryW (lpPathName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0")) returned 1 [0221.532] GetTickCount () returned 0x19c8af6 [0221.532] GetLastError () returned 0xb7 [0221.532] SetLastError (dwErrCode=0xb7) [0221.532] CreateFileW (lpFileName="__tmp_rar_sfx_access_check_27036406" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\__tmp_rar_sfx_access_check_27036406"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x84 [0221.540] CloseHandle (hObject=0x84) returned 1 [0221.540] DeleteFileW (lpFileName="__tmp_rar_sfx_access_check_27036406" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\__tmp_rar_sfx_access_check_27036406")) returned 1 [0221.541] GetDlgItem (hDlg=0x701f4, nIDDlgItem=103) returned 0xa0050 [0221.541] ShowWindow (hWnd=0xa0050, nCmdShow=0) returned 1 [0221.541] GetDlgItem (hDlg=0x701f4, nIDDlgItem=102) returned 0x9006c [0221.541] ShowWindow (hWnd=0x9006c, nCmdShow=0) returned 1 [0221.542] LoadStringW (in: hInstance=0x1b0000, uID=0xe6, lpBuffer=0x1f40e8, cchBufferMax=1024 | out: lpBuffer="Приостановить") returned 0xd [0221.542] SetDlgItemTextW (hDlg=0x701f4, nIDDlgItem=1, lpString="Приостановить") returned 1 [0221.542] GetDlgItem (hDlg=0x701f4, nIDDlgItem=105) returned 0xe035c [0221.542] ShowWindow (hWnd=0xe035c, nCmdShow=9) returned 0 [0221.543] SetDlgItemTextW (hDlg=0x701f4, nIDDlgItem=101, lpString="") returned 1 [0221.543] GetDlgItem (hDlg=0x701f4, nIDDlgItem=101) returned 0x9007a [0221.543] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.544] GetProcAddress (hModule=0x769d0000, lpProcName="GetWindowLongW") returned 0x76a05090 [0221.544] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x1824e0 | out: lpflOldProtect=0x1824e0*=0x4) returned 1 [0221.545] GetWindowLongW (hWnd=0x9007a, nIndex=-16) returned 1342341120 [0221.545] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0221.546] GetProcAddress (hModule=0x769d0000, lpProcName="SetWindowLongW") returned 0x76a02560 [0221.546] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x1824dc | out: lpflOldProtect=0x1824dc*=0x4) returned 1 [0221.546] SetWindowLongW (hWnd=0x9007a, nIndex=-16, dwNewLong=1342341248) returned 1342341120 [0221.549] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0221.549] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.549] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.549] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0221.549] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0221.550] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0221.551] ExpandEnvironmentStringsW (in: lpSrc="1.bat", lpDst=0x164c80, nSize=0x1000 | out: lpDst="1.bat") returned 0x6 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0221.551] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x164c80, nSize=0x1000 | out: lpDst="1") returned 0x2 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.551] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.552] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0221.553] ExpandEnvironmentStringsW (in: lpSrc="1.bat", lpDst=0x164c80, nSize=0x1000 | out: lpDst="1.bat") returned 0x6 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.553] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0221.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0221.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0221.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0221.554] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x164c80, nSize=0x1000 | out: lpDst="1") returned 0x2 [0221.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0221.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0221.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0221.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0221.554] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0221.554] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x40) returned 0x799e00 [0221.554] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x5c) returned 0x7c7670 [0221.554] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x930) returned 0x7cd1a8 [0221.554] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c1c60 [0221.554] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c2c80 [0221.554] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c40a8 [0221.554] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c4cc0 [0221.554] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c50c8 [0221.554] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c2878 [0221.554] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c54d0 [0221.554] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c2068 [0221.555] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x930) returned 0x7cdae0 [0221.555] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c2470 [0221.555] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c3088 [0221.555] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c3490 [0221.555] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c3898 [0221.555] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c48b8 [0221.555] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c3ca0 [0221.555] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7c44b0 [0221.555] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d0078 [0221.556] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x2010) returned 0x7d6420 [0221.556] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xe6d0) returned 0x7d8438 [0221.556] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8004) returned 0x7e6b10 [0221.557] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8004) returned 0x7eeb20 [0221.559] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x338) returned 0x7f6b30 [0221.559] CreateSemaphoreW (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=64, lpName=0x0) returned 0x84 [0221.559] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x310 [0221.559] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\cfg.exe"), lpFindFileData=0x17f118 | out: lpFindFileData=0x17f118*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5bfda288, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x5cecab51, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x5ce322d6, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x1bd742, dwReserved0=0x77d87f49, dwReserved1=0x0, cFileName="cfg.exe", cAlternateFileName="")) returned 0x7ca698 [0221.559] FindClose (in: hFindFile=0x7ca698 | out: hFindFile=0x7ca698) returned 1 [0221.559] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d1cb0 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d3cf0 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d28c8 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d30d8 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d20b8 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7cf868 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d38e8 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7cec50 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x930) returned 0x7f6e70 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d0c90 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d40f8 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d18a8 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7cf058 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d4908 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d0480 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7cfc70 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7cf460 [0221.560] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x930) returned 0x7f77a8 [0221.638] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d2cd0 [0221.638] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7ce440 [0221.638] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d5928 [0221.639] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d5d30 [0221.639] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d34e0 [0221.639] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d0888 [0221.639] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d5118 [0221.639] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x400) returned 0x7d24c0 [0221.639] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\cfg.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\cfg.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x314 [0221.639] ReadFile (in: hFile=0x314, lpBuffer=0x177a30, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x175f14, lpOverlapped=0x0 | out: lpBuffer=0x177a30*, lpNumberOfBytesRead=0x175f14*=0x7, lpOverlapped=0x0) returned 1 [0221.640] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x200000) returned 0x3e21020 [0221.642] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f48*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f48*=0) returned 0x7 [0221.642] ReadFile (in: hFile=0x314, lpBuffer=0x3e21020, nNumberOfBytesToRead=0x1ffff0, lpNumberOfBytesRead=0x175f14, lpOverlapped=0x0 | out: lpBuffer=0x3e21020*, lpNumberOfBytesRead=0x175f14*=0x1bd73b, lpOverlapped=0x0) returned 1 [0221.825] SetFilePointer (in: hFile=0x314, lDistanceToMove=334336, lpDistanceToMoveHigh=0x174f24*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f24*=0) returned 0x51a00 [0221.826] ReadFile (in: hFile=0x314, lpBuffer=0x177a30, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x175f14, lpOverlapped=0x0 | out: lpBuffer=0x177a30*, lpNumberOfBytesRead=0x175f14*=0x7, lpOverlapped=0x0) returned 1 [0221.842] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x3e21020 | out: hHeap=0x780000) returned 1 [0221.909] ReadFile (in: hFile=0x314, lpBuffer=0x177a37, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x175f14, lpOverlapped=0x0 | out: lpBuffer=0x177a37*, lpNumberOfBytesRead=0x175f14*=0x1, lpOverlapped=0x0) returned 1 [0221.909] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f3c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f3c*=0) returned 0x51a08 [0221.909] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x7b24d0 [0221.909] ReadFile (in: hFile=0x314, lpBuffer=0x7b24d0, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e00, lpOverlapped=0x0 | out: lpBuffer=0x7b24d0*, lpNumberOfBytesRead=0x173e00*=0x7, lpOverlapped=0x0) returned 1 [0221.909] ReadFile (in: hFile=0x314, lpBuffer=0x7b24d7, nNumberOfBytesToRead=0xa, lpNumberOfBytesRead=0x173e00, lpOverlapped=0x0 | out: lpBuffer=0x7b24d7*, lpNumberOfBytesRead=0x173e00*=0xa, lpOverlapped=0x0) returned 1 [0221.910] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7b24d0 | out: hHeap=0x780000) returned 1 [0221.910] SetFilePointer (in: hFile=0x314, lDistanceToMove=334361, lpDistanceToMoveHigh=0x174f18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f18*=0) returned 0x51a19 [0221.910] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f48*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f48*=0) returned 0x51a19 [0221.910] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f3c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f3c*=0) returned 0x51a19 [0221.910] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x7b24d0 [0221.910] ReadFile (in: hFile=0x314, lpBuffer=0x7b24d0, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e00, lpOverlapped=0x0 | out: lpBuffer=0x7b24d0*, lpNumberOfBytesRead=0x173e00*=0x7, lpOverlapped=0x0) returned 1 [0221.910] ReadFile (in: hFile=0x314, lpBuffer=0x7b24d7, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x173e00, lpOverlapped=0x0 | out: lpBuffer=0x7b24d7*, lpNumberOfBytesRead=0x173e00*=0x11, lpOverlapped=0x0) returned 1 [0221.911] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7b24d0 | out: hHeap=0x780000) returned 1 [0221.911] SetFilePointer (in: hFile=0x314, lDistanceToMove=334535, lpDistanceToMoveHigh=0x174f18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f18*=0) returned 0x51ac7 [0221.911] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f3c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f3c*=0) returned 0x51ac7 [0221.911] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x7b24d0 [0221.911] ReadFile (in: hFile=0x314, lpBuffer=0x7b24d0, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e00, lpOverlapped=0x0 | out: lpBuffer=0x7b24d0*, lpNumberOfBytesRead=0x173e00*=0x7, lpOverlapped=0x0) returned 1 [0221.911] RtlReAllocateHeap (Heap=0x780000, Flags=0x0, Ptr=0x7b24d0, Size=0x48) returned 0x7bc9a8 [0221.911] ReadFile (in: hFile=0x314, lpBuffer=0x7bc9af, nNumberOfBytesToRead=0x28, lpNumberOfBytesRead=0x173e00, lpOverlapped=0x0 | out: lpBuffer=0x7bc9af*, lpNumberOfBytesRead=0x173e00*=0x28, lpOverlapped=0x0) returned 1 [0221.912] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bc9a8 | out: hHeap=0x780000) returned 1 [0221.912] SetFilePointer (in: hFile=0x314, lDistanceToMove=334361, lpDistanceToMoveHigh=0x174f24*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f24*=0) returned 0x51a19 [0221.912] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f54*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f54*=0) returned 0x51a19 [0221.912] SetFilePointer (in: hFile=0x314, lDistanceToMove=334361, lpDistanceToMoveHigh=0x174f1c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f1c*=0) returned 0x51a19 [0221.912] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f20*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f20*=0) returned 0x51a19 [0221.912] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x7b24d0 [0221.912] ReadFile (in: hFile=0x314, lpBuffer=0x7b24d0, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173de4, lpOverlapped=0x0 | out: lpBuffer=0x7b24d0*, lpNumberOfBytesRead=0x173de4*=0x7, lpOverlapped=0x0) returned 1 [0221.912] ReadFile (in: hFile=0x314, lpBuffer=0x7b24d7, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x173de4, lpOverlapped=0x0 | out: lpBuffer=0x7b24d7*, lpNumberOfBytesRead=0x173de4*=0x11, lpOverlapped=0x0) returned 1 [0221.913] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7b24d0 | out: hHeap=0x780000) returned 1 [0221.913] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8004) returned 0x7f80e0 [0221.914] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x8004) returned 0x8000f0 [0221.915] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x40000) returned 0x808100 [0221.921] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x96) returned 0x7be290 [0221.921] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb54) returned 0x848108 [0221.922] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x100000) returned 0x3e27020 [0221.923] ReadFile (in: hFile=0x314, lpBuffer=0x3e27020, nNumberOfBytesToRead=0x96, lpNumberOfBytesRead=0x167778, lpOverlapped=0x0 | out: lpBuffer=0x3e27020*, lpNumberOfBytesRead=0x167778*=0x96, lpOverlapped=0x0) returned 1 [0221.923] PeekMessageW (in: lpMsg=0x167788, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x167788) returned 1 [0221.923] GetMessageW (in: lpMsg=0x167788, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x167788) returned 1 [0221.923] IsDialogMessageW (hDlg=0x701f4, lpMsg=0x167788) returned 0 [0221.923] TranslateMessage (lpMsg=0x167788) returned 0 [0221.923] DispatchMessageW (lpMsg=0x167788) returned 0x0 [0221.923] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0221.923] PeekMessageW (in: lpMsg=0x167798, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x167798) returned 0 [0221.923] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0221.923] PeekMessageW (in: lpMsg=0x167784, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x167784) returned 0 [0221.923] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0221.934] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x3e27020 | out: hHeap=0x780000) returned 1 [0222.034] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x808100 | out: hHeap=0x780000) returned 1 [0222.035] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x8000f0 | out: hHeap=0x780000) returned 1 [0222.038] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7f80e0 | out: hHeap=0x780000) returned 1 [0222.039] RtlReAllocateHeap (Heap=0x780000, Flags=0x0, Ptr=0x7be290, Size=0xdb) returned 0x7be290 [0222.039] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x12e) returned 0x782c40 [0222.040] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7be290 | out: hHeap=0x780000) returned 1 [0222.040] SetFilePointer (in: hFile=0x314, lDistanceToMove=334361, lpDistanceToMoveHigh=0x174f30*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f30*=0) returned 0x51a19 [0222.041] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x782c40 | out: hHeap=0x780000) returned 1 [0222.041] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f4c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f4c*=0) returned 0x51a19 [0222.041] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x174f28*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x174f28*=0) returned 0x1bd742 [0222.041] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f4c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f4c*=0) returned 0x1bd742 [0222.041] SetFilePointer (in: hFile=0x314, lDistanceToMove=334361, lpDistanceToMoveHigh=0x174f28*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f28*=0) returned 0x51a19 [0222.041] GetSystemTime (in: lpSystemTime=0x175f6c | out: lpSystemTime=0x175f6c*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0x9, wMinute=0x28, wSecond=0x5, wMilliseconds=0x361)) [0222.041] SystemTimeToFileTime (in: lpSystemTime=0x175f6c, lpFileTime=0x175f7c | out: lpFileTime=0x175f7c) returned 1 [0222.041] LoadStringW (in: hInstance=0x1b0000, uID=0x8d, lpBuffer=0x1f48e8, cchBufferMax=1024 | out: lpBuffer="Извлечение из %s") returned 0x10 [0222.041] GetLastError () returned 0x0 [0222.041] SetLastError (dwErrCode=0x0) [0222.041] PeekMessageW (in: lpMsg=0x174ae8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x174ae8) returned 1 [0222.041] GetMessageW (in: lpMsg=0x174ae8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x174ae8) returned 1 [0222.041] IsDialogMessageW (hDlg=0x701f4, lpMsg=0x174ae8) returned 1 [0222.041] GetDlgItem (hDlg=0x701f4, nIDDlgItem=104) returned 0x70048 [0222.042] SendMessageW (hWnd=0x70048, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x25 [0222.042] SendMessageW (hWnd=0x70048, Msg=0x43a, wParam=0x0, lParam=0x174b1c) returned 0xf800003f [0222.042] SendMessageW (hWnd=0x70048, Msg=0x444, wParam=0x1, lParam=0x174b1c) returned 0x1 [0222.043] SendMessageW (hWnd=0x70048, Msg=0xc2, wParam=0x0, lParam=0x174b84) returned 0x15 [0222.045] SendMessageW (hWnd=0x70048, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x3a [0222.045] SendMessageW (hWnd=0x70048, Msg=0xc2, wParam=0x0, lParam=0x1e549c) returned 0x1 [0222.046] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f88*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f88*=0) returned 0x51a19 [0222.046] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x7b2318 [0222.046] ReadFile (in: hFile=0x314, lpBuffer=0x7b2318, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x7b2318*, lpNumberOfBytesRead=0x173e4c*=0x7, lpOverlapped=0x0) returned 1 [0222.046] ReadFile (in: hFile=0x314, lpBuffer=0x7b231f, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x7b231f*, lpNumberOfBytesRead=0x173e4c*=0x11, lpOverlapped=0x0) returned 1 [0222.047] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7b2318 | out: hHeap=0x780000) returned 1 [0222.047] SetFilePointer (in: hFile=0x314, lDistanceToMove=334535, lpDistanceToMoveHigh=0x16fe3c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe3c*=0) returned 0x51ac7 [0222.047] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f88*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f88*=0) returned 0x51ac7 [0222.047] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x7b2318 [0222.047] ReadFile (in: hFile=0x314, lpBuffer=0x7b2318, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x7b2318*, lpNumberOfBytesRead=0x173e4c*=0x7, lpOverlapped=0x0) returned 1 [0222.047] RtlReAllocateHeap (Heap=0x780000, Flags=0x0, Ptr=0x7b2318, Size=0x48) returned 0x7bc728 [0222.047] ReadFile (in: hFile=0x314, lpBuffer=0x7bc72f, nNumberOfBytesToRead=0x28, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x7bc72f*, lpNumberOfBytesRead=0x173e4c*=0x28, lpOverlapped=0x0) returned 1 [0222.048] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bc728 | out: hHeap=0x780000) returned 1 [0222.048] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="*", cchCount1=1, lpString2="work.exe", cchCount2=1) returned 1 [0222.048] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0222.049] GetProcAddress (hModule=0x769d0000, lpProcName="CharUpperW") returned 0x76a0c8c0 [0222.049] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x16ed74 | out: lpflOldProtect=0x16ed74*=0x4) returned 1 [0222.049] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="*", cchCount1=-1, lpString2="work.exe", cchCount2=-1) returned 1 [0222.049] SetFilePointer (in: hFile=0x314, lDistanceToMove=334582, lpDistanceToMoveHigh=0x16fe48*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe48*=0) returned 0x51af6 [0222.049] LoadStringW (in: hInstance=0x1b0000, uID=0x65, lpBuffer=0x1f50e8, cchBufferMax=1024 | out: lpBuffer="Извлечение %s") returned 0xd [0222.050] GetLastError () returned 0x6 [0222.050] SetLastError (dwErrCode=0x6) [0222.050] SetDlgItemTextW (hDlg=0x701f4, nIDDlgItem=101, lpString="Извлечение work.exe") returned 1 [0222.050] PeekMessageW (in: lpMsg=0x16fa3c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x16fa3c) returned 0 [0222.050] GetFileAttributesW (lpFileName="work.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\work.exe")) returned 0xffffffff [0222.050] GetCurrentDirectoryW (in: nBufferLength=0x7ff, lpBuffer=0x16ddf0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0") returned 0x2c [0222.050] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\work.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\work.exe")) returned 0xffffffff [0222.051] CreateFileW (lpFileName="work.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\work.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x318 [0222.051] GetFileType (hFile=0x318) returned 0x1 [0222.051] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb54) returned 0x848c68 [0222.052] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0xb54) returned 0x8497c8 [0222.052] SetFilePointer (in: hFile=0x318, lDistanceToMove=1489839, lpDistanceToMoveHigh=0x16fe48*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe48*=0) returned 0x16bbaf [0222.052] SetEndOfFile (hFile=0x318) returned 1 [0222.052] SetFilePointer (in: hFile=0x318, lDistanceToMove=0, lpDistanceToMoveHigh=0x16fe34*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe34*=0) returned 0x0 [0222.052] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x100000) returned 0x3e2d020 [0222.054] ReadFile (in: hFile=0x314, lpBuffer=0x3e2d020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x170dd0, lpOverlapped=0x0 | out: lpBuffer=0x3e2d020*, lpNumberOfBytesRead=0x170dd0*=0x100000, lpOverlapped=0x0) returned 1 [0222.070] SendDlgItemMessageW (hDlg=0x701f4, nIDDlgItem=106, Msg=0x402, wParam=0x4b, lParam=0x0) returned 0x0 [0222.071] PeekMessageW (in: lpMsg=0x170d88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170d88) returned 0 [0222.071] PeekMessageW (in: lpMsg=0x170de0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170de0) returned 0 [0222.071] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0222.071] WriteFile (in: hFile=0x318, lpBuffer=0x3e2d020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x170e0c, lpOverlapped=0x0 | out: lpBuffer=0x3e2d020*, lpNumberOfBytesWritten=0x170e0c*=0x100000, lpOverlapped=0x0) returned 1 [0222.124] PeekMessageW (in: lpMsg=0x170df0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170df0) returned 0 [0222.124] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0222.124] ReadFile (in: hFile=0x314, lpBuffer=0x3e2d020, nNumberOfBytesToRead=0x6bbaf, lpNumberOfBytesRead=0x170dcc, lpOverlapped=0x0 | out: lpBuffer=0x3e2d020*, lpNumberOfBytesRead=0x170dcc*=0x6bbaf, lpOverlapped=0x0) returned 1 [0222.124] SendDlgItemMessageW (hDlg=0x701f4, nIDDlgItem=106, Msg=0x402, wParam=0x63, lParam=0x0) returned 0x4b [0222.124] PeekMessageW (in: lpMsg=0x170d84, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170d84) returned 0 [0222.124] PeekMessageW (in: lpMsg=0x170ddc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170ddc) returned 0 [0222.124] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0222.125] WriteFile (in: hFile=0x318, lpBuffer=0x3e2d020*, nNumberOfBytesToWrite=0x6bbaf, lpNumberOfBytesWritten=0x170e0c, lpOverlapped=0x0 | out: lpBuffer=0x3e2d020*, lpNumberOfBytesWritten=0x170e0c*=0x6bbaf, lpOverlapped=0x0) returned 1 [0222.162] PeekMessageW (in: lpMsg=0x170df0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170df0) returned 0 [0222.162] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0222.162] SendDlgItemMessageW (hDlg=0x701f4, nIDDlgItem=106, Msg=0x402, wParam=0x63, lParam=0x0) returned 0x63 [0222.162] PeekMessageW (in: lpMsg=0x170d84, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170d84) returned 0 [0222.162] PeekMessageW (in: lpMsg=0x170ddc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170ddc) returned 0 [0222.162] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0222.167] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x3e2d020 | out: hHeap=0x780000) returned 1 [0222.177] SetFilePointer (in: hFile=0x314, lDistanceToMove=1824421, lpDistanceToMoveHigh=0x16fe3c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe3c*=0) returned 0x1bd6a5 [0222.178] SetFileTime (hFile=0x318, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x170e50) returned 1 [0222.178] CloseHandle (hObject=0x318) returned 1 [0222.445] SetFileAttributesW (lpFileName="work.exe", dwFileAttributes=0x20) returned 1 [0222.446] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f88*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f88*=0) returned 0x1bd6a5 [0222.446] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x7b2318 [0222.446] ReadFile (in: hFile=0x314, lpBuffer=0x7b2318, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x7b2318*, lpNumberOfBytesRead=0x173e4c*=0x7, lpOverlapped=0x0) returned 1 [0222.446] RtlReAllocateHeap (Heap=0x780000, Flags=0x0, Ptr=0x7b2318, Size=0x48) returned 0x7bca98 [0222.446] ReadFile (in: hFile=0x314, lpBuffer=0x7bca9f, nNumberOfBytesToRead=0x1f, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x7bca9f*, lpNumberOfBytesRead=0x173e4c*=0x1f, lpOverlapped=0x0) returned 1 [0222.446] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7bca98 | out: hHeap=0x780000) returned 1 [0222.447] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="*", cchCount1=1, lpString2="1.bat", cchCount2=1) returned 1 [0222.447] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="*", cchCount1=-1, lpString2="1.bat", cchCount2=-1) returned 1 [0222.447] SetFilePointer (in: hFile=0x314, lDistanceToMove=1824459, lpDistanceToMoveHigh=0x16fe48*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe48*=0) returned 0x1bd6cb [0222.447] LoadStringW (in: hInstance=0x1b0000, uID=0x65, lpBuffer=0x1f58e8, cchBufferMax=1024 | out: lpBuffer="Извлечение %s") returned 0xd [0222.447] GetLastError () returned 0x0 [0222.447] SetLastError (dwErrCode=0x0) [0222.447] SetDlgItemTextW (hDlg=0x701f4, nIDDlgItem=101, lpString="Извлечение 1.bat") returned 1 [0222.447] PeekMessageW (in: lpMsg=0x16fa3c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x16fa3c) returned 0 [0222.447] GetFileAttributesW (lpFileName="1.bat" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\1.bat")) returned 0xffffffff [0222.448] GetCurrentDirectoryW (in: nBufferLength=0x7ff, lpBuffer=0x16ddf0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0") returned 0x2c [0222.448] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\1.bat")) returned 0xffffffff [0222.448] CreateFileW (lpFileName="1.bat" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\1.bat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x318 [0222.448] GetFileType (hFile=0x318) returned 0x1 [0222.448] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x100000) returned 0x3e27020 [0222.450] ReadFile (in: hFile=0x314, lpBuffer=0x3e27020, nNumberOfBytesToRead=0x23, lpNumberOfBytesRead=0x170dd0, lpOverlapped=0x0 | out: lpBuffer=0x3e27020*, lpNumberOfBytesRead=0x170dd0*=0x23, lpOverlapped=0x0) returned 1 [0222.450] SendDlgItemMessageW (hDlg=0x701f4, nIDDlgItem=106, Msg=0x402, wParam=0x64, lParam=0x0) returned 0x63 [0222.450] PeekMessageW (in: lpMsg=0x170d88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170d88) returned 0 [0222.450] PeekMessageW (in: lpMsg=0x170de0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170de0) returned 0 [0222.450] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0222.450] WriteFile (in: hFile=0x318, lpBuffer=0x3e27020*, nNumberOfBytesToWrite=0x23, lpNumberOfBytesWritten=0x170e0c, lpOverlapped=0x0 | out: lpBuffer=0x3e27020*, lpNumberOfBytesWritten=0x170e0c*=0x23, lpOverlapped=0x0) returned 1 [0222.453] PeekMessageW (in: lpMsg=0x170df0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170df0) returned 0 [0222.453] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0222.453] SendDlgItemMessageW (hDlg=0x701f4, nIDDlgItem=106, Msg=0x402, wParam=0x64, lParam=0x0) returned 0x64 [0222.454] PeekMessageW (in: lpMsg=0x170d84, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170d84) returned 0 [0222.454] PeekMessageW (in: lpMsg=0x170ddc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170ddc) returned 0 [0222.454] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0222.462] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x3e27020 | out: hHeap=0x780000) returned 1 [0222.462] SetFilePointer (in: hFile=0x314, lDistanceToMove=1824494, lpDistanceToMoveHigh=0x16fe3c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe3c*=0) returned 0x1bd6ee [0222.462] SetFileTime (hFile=0x318, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x170e50) returned 1 [0222.463] CloseHandle (hObject=0x318) returned 1 [0222.464] SetFileAttributesW (lpFileName="1.bat", dwFileAttributes=0x20) returned 1 [0222.464] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f88*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f88*=0) returned 0x1bd6ee [0222.464] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x7b2660 [0222.464] ReadFile (in: hFile=0x314, lpBuffer=0x7b2660, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x7b2660*, lpNumberOfBytesRead=0x173e4c*=0x7, lpOverlapped=0x0) returned 1 [0222.464] ReadFile (in: hFile=0x314, lpBuffer=0x7b2667, nNumberOfBytesToRead=0xc, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x7b2667*, lpNumberOfBytesRead=0x173e4c*=0xc, lpOverlapped=0x0) returned 1 [0222.465] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7b2660 | out: hHeap=0x780000) returned 1 [0222.465] SetFilePointer (in: hFile=0x314, lDistanceToMove=1824570, lpDistanceToMoveHigh=0x16fe3c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe3c*=0) returned 0x1bd73a [0222.465] SetFilePointer (in: hFile=0x314, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f88*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f88*=0) returned 0x1bd73a [0222.465] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20) returned 0x7b2660 [0222.465] ReadFile (in: hFile=0x314, lpBuffer=0x7b2660, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x7b2660*, lpNumberOfBytesRead=0x173e4c*=0x7, lpOverlapped=0x0) returned 1 [0222.465] ReadFile (in: hFile=0x314, lpBuffer=0x7b2667, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x7b2667*, lpNumberOfBytesRead=0x173e4c*=0x1, lpOverlapped=0x0) returned 1 [0222.466] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7b2660 | out: hHeap=0x780000) returned 1 [0222.467] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7cf460 | out: hHeap=0x780000) returned 1 [0222.468] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7cfc70 | out: hHeap=0x780000) returned 1 [0222.468] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d0480 | out: hHeap=0x780000) returned 1 [0222.468] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d4908 | out: hHeap=0x780000) returned 1 [0222.468] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7cf058 | out: hHeap=0x780000) returned 1 [0222.468] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d18a8 | out: hHeap=0x780000) returned 1 [0222.469] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d40f8 | out: hHeap=0x780000) returned 1 [0222.469] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d0c90 | out: hHeap=0x780000) returned 1 [0222.469] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7f6e70 | out: hHeap=0x780000) returned 1 [0222.469] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d24c0 | out: hHeap=0x780000) returned 1 [0222.469] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d5118 | out: hHeap=0x780000) returned 1 [0222.469] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d0888 | out: hHeap=0x780000) returned 1 [0222.470] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d34e0 | out: hHeap=0x780000) returned 1 [0222.470] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d5d30 | out: hHeap=0x780000) returned 1 [0222.470] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d5928 | out: hHeap=0x780000) returned 1 [0222.470] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7ce440 | out: hHeap=0x780000) returned 1 [0222.470] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d2cd0 | out: hHeap=0x780000) returned 1 [0222.471] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7f77a8 | out: hHeap=0x780000) returned 1 [0222.471] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x848108 | out: hHeap=0x780000) returned 1 [0222.474] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7cec50 | out: hHeap=0x780000) returned 1 [0222.474] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d38e8 | out: hHeap=0x780000) returned 1 [0222.474] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7cf868 | out: hHeap=0x780000) returned 1 [0222.475] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d20b8 | out: hHeap=0x780000) returned 1 [0222.475] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d30d8 | out: hHeap=0x780000) returned 1 [0222.476] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d28c8 | out: hHeap=0x780000) returned 1 [0222.476] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d3cf0 | out: hHeap=0x780000) returned 1 [0222.476] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d1cb0 | out: hHeap=0x780000) returned 1 [0222.476] CloseHandle (hObject=0x314) returned 1 [0222.477] ReleaseSemaphore (in: hSemaphore=0x84, lReleaseCount=64, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0222.477] CloseHandle (hObject=0x84) returned 1 [0222.477] CloseHandle (hObject=0x310) returned 1 [0222.477] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7f6b30 | out: hHeap=0x780000) returned 1 [0222.479] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7eeb20 | out: hHeap=0x780000) returned 1 [0222.481] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7e6b10 | out: hHeap=0x780000) returned 1 [0222.502] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d8438 | out: hHeap=0x780000) returned 1 [0222.505] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d6420 | out: hHeap=0x780000) returned 1 [0222.507] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c2068 | out: hHeap=0x780000) returned 1 [0222.508] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c54d0 | out: hHeap=0x780000) returned 1 [0222.509] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c2878 | out: hHeap=0x780000) returned 1 [0222.509] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c50c8 | out: hHeap=0x780000) returned 1 [0222.510] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c4cc0 | out: hHeap=0x780000) returned 1 [0222.510] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c40a8 | out: hHeap=0x780000) returned 1 [0222.511] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c2c80 | out: hHeap=0x780000) returned 1 [0222.511] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c1c60 | out: hHeap=0x780000) returned 1 [0222.511] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7cd1a8 | out: hHeap=0x780000) returned 1 [0222.512] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7d0078 | out: hHeap=0x780000) returned 1 [0222.512] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c44b0 | out: hHeap=0x780000) returned 1 [0222.513] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c3ca0 | out: hHeap=0x780000) returned 1 [0222.513] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c48b8 | out: hHeap=0x780000) returned 1 [0222.514] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c3898 | out: hHeap=0x780000) returned 1 [0222.515] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c3490 | out: hHeap=0x780000) returned 1 [0222.515] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c3088 | out: hHeap=0x780000) returned 1 [0222.516] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c2470 | out: hHeap=0x780000) returned 1 [0222.516] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7cdae0 | out: hHeap=0x780000) returned 1 [0222.516] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x848c68 | out: hHeap=0x780000) returned 1 [0222.517] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x8497c8 | out: hHeap=0x780000) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0222.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0222.521] ExpandEnvironmentStringsW (in: lpSrc="1.bat", lpDst=0x164c80, nSize=0x1000 | out: lpDst="1.bat") returned 0x6 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0222.521] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x164c80, nSize=0x1000 | out: lpDst="1") returned 0x2 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0222.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0222.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0222.523] ExpandEnvironmentStringsW (in: lpSrc="1.bat", lpDst=0x164c80, nSize=0x1000 | out: lpDst="1.bat") returned 0x6 [0222.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0222.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0222.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0222.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0222.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0222.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0222.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0222.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=".bat", cchCount1=-1, lpString2=".inf", cchCount2=-1) returned 1 [0222.523] GetFileAttributesW (lpFileName="1.bat" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\1.bat")) returned 0x20 [0222.523] GetFullPathNameW (in: lpFileName="1.bat", nBufferLength=0x800, lpBuffer=0x164c24, lpFilePart=0x165c24 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat", lpFilePart=0x165c24*="1.bat") returned 0x32 [0222.523] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0222.524] GetProcAddress (hModule=0x76090000, lpProcName="ShellExecuteExW") returned 0x7618df80 [0222.524] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x165bd0 | out: lpflOldProtect=0x165bd0*=0x4) returned 1 [0222.525] ShellExecuteExW (in: pExecInfo=0x165c4c*(cbSize=0x3c, fMask=0x1c0, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x165c4c*(cbSize=0x3c, fMask=0x1c0, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x508)) returned 1 [0224.267] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0224.268] GetProcAddress (hModule=0x769d0000, lpProcName="IsWindowVisible") returned 0x76a02580 [0224.268] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x165bd0 | out: lpflOldProtect=0x165bd0*=0x4) returned 1 [0224.268] IsWindowVisible (hWnd=0x701f4) returned 0 [0224.268] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0224.269] GetProcAddress (hModule=0x769d0000, lpProcName="WaitForInputIdle") returned 0x76a5dec0 [0224.269] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x165bcc | out: lpflOldProtect=0x165bcc*=0x4) returned 1 [0224.270] WaitForInputIdle (hProcess=0x508, dwMilliseconds=0x7d0) returned 0xffffffff [0224.270] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0224.330] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0224.330] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0224.330] TranslateMessage (lpMsg=0x165c14) returned 0 [0224.330] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0224.330] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0224.356] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0224.356] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0224.390] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0224.390] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0224.426] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0224.426] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0224.468] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0224.468] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0224.495] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0224.495] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0224.543] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0224.543] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0224.562] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0224.562] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0224.578] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0224.578] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0224.640] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0224.640] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0224.702] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0224.702] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0224.780] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0224.780] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0224.781] TranslateMessage (lpMsg=0x165c14) returned 0 [0224.781] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0224.781] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0224.867] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0224.867] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0225.096] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0225.096] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0225.272] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0225.273] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0225.273] TranslateMessage (lpMsg=0x165c14) returned 0 [0225.273] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0225.273] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0225.533] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0225.533] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0225.890] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0225.890] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0225.890] TranslateMessage (lpMsg=0x165c14) returned 0 [0225.890] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0225.890] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0225.952] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0225.952] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.017] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0226.017] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.063] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0226.063] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.105] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0226.105] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.243] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0226.243] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.444] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0226.444] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0226.444] TranslateMessage (lpMsg=0x165c14) returned 0 [0226.444] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0226.444] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.530] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0226.530] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.612] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0226.612] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.662] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0226.662] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.817] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0226.817] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.850] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0226.850] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0226.850] TranslateMessage (lpMsg=0x165c14) returned 0 [0226.850] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0226.850] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.890] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0226.890] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.919] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0226.919] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.929] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0226.929] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.950] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0226.950] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0226.967] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0226.967] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0227.141] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0227.141] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0227.220] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0227.220] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0227.461] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0227.461] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0227.461] TranslateMessage (lpMsg=0x165c14) returned 0 [0227.461] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0227.461] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0227.688] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0227.688] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0227.834] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0227.834] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0227.973] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0227.973] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0227.973] TranslateMessage (lpMsg=0x165c14) returned 0 [0227.973] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0227.973] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0228.096] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0228.096] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0228.518] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0228.518] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0228.518] TranslateMessage (lpMsg=0x165c14) returned 0 [0228.518] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0228.518] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0228.627] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0228.627] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0228.753] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0228.753] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0228.843] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0228.843] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0228.912] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0228.912] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0228.943] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0228.943] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0229.112] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0229.308] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0229.308] TranslateMessage (lpMsg=0x165c14) returned 0 [0229.308] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0229.309] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x102 [0229.405] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0229.405] WaitForSingleObject (hHandle=0x508, dwMilliseconds=0xa) returned 0x0 [0229.405] CloseHandle (hObject=0x508) returned 1 [0229.405] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=".bat", cchCount1=-1, lpString2=".exe", cchCount2=-1) returned 1 [0229.405] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0229.405] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0229.405] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0229.405] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0229.405] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0229.405] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0229.405] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0229.405] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0229.405] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x164c80, nSize=0x1000 | out: lpDst="1") returned 0x2 [0229.405] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0229.406] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0229.406] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0229.406] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0229.406] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0229.406] GetDlgItem (hDlg=0x701f4, nIDDlgItem=1) returned 0x20246 [0229.406] EnableWindow (hWnd=0x20246, bEnable=1) returned 0 [0229.406] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0229.407] GetProcAddress (hModule=0x769d0000, lpProcName="EndDialog") returned 0x769f7b20 [0229.407] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x1824e0 | out: lpflOldProtect=0x1824e0*=0x4) returned 1 [0229.407] EndDialog (hDlg=0x701f4, nResult=0x1) returned 1 [0229.739] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x795c20 | out: hHeap=0x780000) returned 1 [0229.739] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x795d70 | out: hHeap=0x780000) returned 1 [0229.739] Sleep (dwMilliseconds=0x1b58) [0237.012] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="RarSFX0", cchCount1=6, lpString2="RarSFX", cchCount2=6) returned 2 [0237.013] SetCurrentDirectoryW (lpPathName="C:\\Users\\OqXZRaykm\\Desktop" (normalized: "c:\\users\\oqxzraykm\\desktop")) returned 1 [0237.014] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0237.015] GetProcAddress (hModule=0x76090000, lpProcName="SHFileOperationW") returned 0x762aaa60 [0237.015] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19eda0 | out: lpflOldProtect=0x19eda0*=0x4) returned 1 [0237.016] SHFileOperationW (in: lpFileOp=0x19fe14*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0", pTo=0x0, fFlags=0x14, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="诀⑴褠⑔襔⑜詐ὰ蠀⑄謾쇃ᣨ䲉堤肊烰\x1f䒈㼤똏諃ὰ蠀⑄譀쇆ࣨ똏諀ὰ蠀⑄譁쇁შ똏諀ὰ蠀⑄譂쇂ᣨ肊烰\x1f䒈䌤똏쇂࣪肊烰\x1f䒈䐤쎋༈삶訐ὰ蠀⑄譅쇆შ똏쇀ᣮ肊烰\x1f䒈䘤솋記ὰ蠀⑄ཇ솶肊烰\x1f䒈䠤똏诂ᡕ吳㰤肊烰\x1f䒈䤤똏諃ὰ蠀⑄詊ὰ蠀⑄譋ᱵ嶋謠⑅䐳䠤琳䀤尳䐤綀\x01䒉․ᑴ吳尤琳怤尳搤䐳栤䒉․䒋〤\x8b䒉尤䒋␤䢋觼⑌譠褈⑌譤ш삃褐⑌譨⑌褨⑄褤咋․冉謄⑔褴ﱱᦉ솃茐ǯ䲉⠤粉琤蔏﯑￿孞ၪ䒍堤p⑴ⰼ\x01쒃弌荝峄ೂ儀톋譖⑴圐粋ᠤ䊍褘⑄༈刐蔈瓶譤⑌謐菁Ⴡ䲉ဤ䪋༄᠐솋̄⑄䤈ဏ昈藋绉謙쇁Ӡ䐃ࠤဏ䤀䂍曰㠏죞즅窀\x01ဏᡂས\죟Ѵས쫯잋⠏菓Ⴧᄏ茈Ǯ鱵ཟ刑师쉙 䲊ࠤ툲즄᭴䒊Ф詓ǁɴ퀲쀂\秛㐂퀛痩寫슊ࣂ茀⃬坕S襇⑬褔⑼㤈ѽ踏\x93") | out: lpFileOp=0x19fe14*(hwnd=0x0, wFunc=0x3, pFrom="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0", pTo=0x0, fFlags=0x14, fAnyOperationsAborted=0, hNameMappings=0x0, lpszProgressTitle="诀⑴褠⑔襔⑜詐ὰ蠀⑄謾쇃ᣨ䲉堤肊烰\x1f䒈㼤똏諃ὰ蠀⑄譀쇆ࣨ똏諀ὰ蠀⑄譁쇁შ똏諀ὰ蠀⑄譂쇂ᣨ肊烰\x1f䒈䌤똏쇂࣪肊烰\x1f䒈䐤쎋༈삶訐ὰ蠀⑄譅쇆შ똏쇀ᣮ肊烰\x1f䒈䘤솋記ὰ蠀⑄ཇ솶肊烰\x1f䒈䠤똏诂ᡕ吳㰤肊烰\x1f䒈䤤똏諃ὰ蠀⑄詊ὰ蠀⑄譋ᱵ嶋謠⑅䐳䠤琳䀤尳䐤綀\x01䒉․ᑴ吳尤琳怤尳搤䐳栤䒉․䒋〤\x8b䒉尤䒋␤䢋觼⑌譠褈⑌譤ш삃褐⑌譨⑌褨⑄褤咋․冉謄⑔褴ﱱᦉ솃茐ǯ䲉⠤粉琤蔏﯑￿孞ၪ䒍堤p⑴ⰼ\x01쒃弌荝峄ೂ儀톋譖⑴圐粋ᠤ䊍褘⑄༈刐蔈瓶譤⑌謐菁Ⴡ䲉ဤ䪋༄᠐솋̄⑄䤈ဏ昈藋绉謙쇁Ӡ䐃ࠤဏ䤀䂍曰㠏죞즅窀\x01ဏᡂས\죟Ѵས쫯잋⠏菓Ⴧᄏ茈Ǯ鱵ཟ刑师쉙 䲊ࠤ툲즄᭴䒊Ф詓ǁɴ퀲쀂\秛㐂퀛痩寫슊ࣂ茀⃬坕S襇⑬褔⑼㤈ѽ踏\x93")) returned 32 [0255.182] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7be8e8 | out: hHeap=0x780000) returned 1 [0255.182] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0255.247] GetProcAddress (hModule=0x767c0000, lpProcName="DeleteObject") returned 0x767c57d0 [0255.248] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fdd0 | out: lpflOldProtect=0x19fdd0*=0x4) returned 1 [0255.248] DeleteObject (ho=0x11029d) returned 0 [0255.248] DeleteObject (ho=0x2b0505ad) returned 1 [0255.249] IUnknown:AddRef (This=0x77a1fec4) returned 0x1 [0255.249] GdiplusShutdown (token=0x19fe6c) [0255.278] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0x213d24 | out: lpflOldProtect=0x213d24*=0x2) returned 1 [0255.278] GetProcAddress (hModule=0x77290000, lpProcName="OleUninitialize") returned 0x772b7200 [0255.279] VirtualProtect (in: lpAddress=0x215000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fdb8 | out: lpflOldProtect=0x19fdb8*=0x4) returned 1 [0255.279] OleUninitialize () [0255.286] GetModuleHandleW (lpModuleName=0x0) returned 0x1b0000 [0255.287] GetModuleHandleW (lpModuleName=0x0) returned 0x1b0000 [0255.288] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x794e38 | out: hHeap=0x780000) returned 1 [0255.288] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x794a30 | out: hHeap=0x780000) returned 1 [0255.289] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7c7670 | out: hHeap=0x780000) returned 1 [0255.289] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x799e00 | out: hHeap=0x780000) returned 1 [0255.290] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x794628 | out: hHeap=0x780000) returned 1 [0255.290] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x780f30 | out: hHeap=0x780000) returned 1 [0255.291] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x780d40 | out: hHeap=0x780000) returned 1 [0255.291] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x788b48 | out: hHeap=0x780000) returned 1 [0255.296] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x793e20 | out: hHeap=0x780000) returned 1 [0255.296] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x758f0000 [0255.297] GetProcAddress (hModule=0x758f0000, lpProcName="GetCurrentPackageId") returned 0x758f3dd0 [0255.297] GetCurrentPackageId () returned 0x3d54 [0255.297] GetModuleHandleExW (in: dwFlags=0x0, lpModuleName="mscoree.dll", phModule=0x19fed0 | out: phModule=0x19fed0) returned 0 [0255.297] ExitProcess (uExitCode=0x0) [0255.298] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x790200 | out: hHeap=0x780000) returned 1 Thread: id = 80 os_tid = 0x16a8 Thread: id = 81 os_tid = 0x16f4 Thread: id = 90 os_tid = 0x1710 Thread: id = 91 os_tid = 0x171c Thread: id = 92 os_tid = 0x1728 Thread: id = 93 os_tid = 0x1748 Process: id = "5" image_name = "securityhealthservice.exe" filename = "c:\\windows\\system32\\securityhealthservice.exe" page_root = "0x3fd24000" os_pid = "0xea0" os_integrity_level = "0x4000" os_privileges = "0x20900080" monitor_reason = "rpc_server" parent_id = "3" os_parent_pid = "0x264" cmd_line = "C:\\Windows\\system32\\SecurityHealthService.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "S-1-5-80-259296475-4084429506-1152984619-38739575-565535606" [0xe], "NT AUTHORITY\\Logon Session 00000000:0011eb28" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1320 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1321 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1322 start_va = 0x30000 end_va = 0x4cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1323 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1324 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1325 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1326 start_va = 0xf0000 end_va = 0x1b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1327 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1328 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1329 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1330 start_va = 0x1f0000 end_va = 0x1f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1331 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1332 start_va = 0x400000 end_va = 0x406fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1333 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1334 start_va = 0x430000 end_va = 0x430fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 1335 start_va = 0x460000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1336 start_va = 0x560000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1337 start_va = 0x5e0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 1338 start_va = 0x7e0000 end_va = 0x960fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007e0000" filename = "" Region: id = 1339 start_va = 0x970000 end_va = 0xa30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000970000" filename = "" Region: id = 1340 start_va = 0xa40000 end_va = 0xabffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 1341 start_va = 0xac0000 end_va = 0xb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 1342 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 1343 start_va = 0xb90000 end_va = 0xc0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 1344 start_va = 0xc10000 end_va = 0xc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c10000" filename = "" Region: id = 1345 start_va = 0xc90000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c90000" filename = "" Region: id = 1346 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1347 start_va = 0x7ff4fde90000 end_va = 0x7ff4fdf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff4fde90000" filename = "" Region: id = 1348 start_va = 0x7ff4fdf90000 end_va = 0x7ff5fdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdf90000" filename = "" Region: id = 1349 start_va = 0x7ff5fdfb0000 end_va = 0x7ff5fffb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fdfb0000" filename = "" Region: id = 1350 start_va = 0x7ff5fffc0000 end_va = 0x7ff5fffc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffc0000" filename = "" Region: id = 1351 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 1352 start_va = 0x7ff70bcf0000 end_va = 0x7ff70bdddfff monitored = 0 entry_point = 0x7ff70bd98ec0 region_type = mapped_file name = "securityhealthservice.exe" filename = "\\Windows\\System32\\SecurityHealthService.exe" (normalized: "c:\\windows\\system32\\securityhealthservice.exe") Region: id = 1353 start_va = 0x7fffab170000 end_va = 0x7fffab258fff monitored = 0 entry_point = 0x7fffab1fbe70 region_type = mapped_file name = "mpclient.dll" filename = "\\Program Files\\Windows Defender\\MpClient.dll" (normalized: "c:\\program files\\windows defender\\mpclient.dll") Region: id = 1354 start_va = 0x7fffadef0000 end_va = 0x7fffadf0dfff monitored = 0 entry_point = 0x7fffadef1fa0 region_type = mapped_file name = "securityhealthproxystub.dll" filename = "\\Windows\\System32\\SecurityHealthProxyStub.dll" (normalized: "c:\\windows\\system32\\securityhealthproxystub.dll") Region: id = 1355 start_va = 0x7fffb4400000 end_va = 0x7fffb4409fff monitored = 0 entry_point = 0x7fffb4401390 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1356 start_va = 0x7fffb4ef0000 end_va = 0x7fffb502bfff monitored = 0 entry_point = 0x7fffb4efadf0 region_type = mapped_file name = "drvstore.dll" filename = "\\Windows\\System32\\drvstore.dll" (normalized: "c:\\windows\\system32\\drvstore.dll") Region: id = 1357 start_va = 0x7fffc35f0000 end_va = 0x7fffc3682fff monitored = 0 entry_point = 0x7fffc35f9e10 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1358 start_va = 0x7fffc6740000 end_va = 0x7fffc6753fff monitored = 0 entry_point = 0x7fffc67428c0 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1359 start_va = 0x7fffc8120000 end_va = 0x7fffc8132fff monitored = 0 entry_point = 0x7fffc8123f60 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1360 start_va = 0x7fffc8f30000 end_va = 0x7fffc8f5efff monitored = 0 entry_point = 0x7fffc8f372e0 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1361 start_va = 0x7fffc8f60000 end_va = 0x7fffc8ff2fff monitored = 0 entry_point = 0x7fffc8f68f80 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1362 start_va = 0x7fffc92d0000 end_va = 0x7fffc9359fff monitored = 0 entry_point = 0x7fffc9315870 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1363 start_va = 0x7fffc9590000 end_va = 0x7fffc95cafff monitored = 0 entry_point = 0x7fffc959a620 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1364 start_va = 0x7fffc95e0000 end_va = 0x7fffc96a9fff monitored = 0 entry_point = 0x7fffc960bc80 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1365 start_va = 0x7fffc9b80000 end_va = 0x7fffc9baafff monitored = 0 entry_point = 0x7fffc9b82db0 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll") Region: id = 1366 start_va = 0x7fffc9f10000 end_va = 0x7fffc9f21fff monitored = 0 entry_point = 0x7fffc9f13e30 region_type = mapped_file name = "umpdc.dll" filename = "\\Windows\\System32\\umpdc.dll" (normalized: "c:\\windows\\system32\\umpdc.dll") Region: id = 1367 start_va = 0x7fffc9f30000 end_va = 0x7fffc9f7afff monitored = 0 entry_point = 0x7fffc9f33480 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1368 start_va = 0x7fffca030000 end_va = 0x7fffca05dfff monitored = 0 entry_point = 0x7fffca034f10 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1369 start_va = 0x7fffca220000 end_va = 0x7fffca26cfff monitored = 0 entry_point = 0x7fffca233280 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1370 start_va = 0x7fffca270000 end_va = 0x7fffca36ffff monitored = 0 entry_point = 0x7fffca285ac0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1371 start_va = 0x7fffca370000 end_va = 0x7fffca479fff monitored = 0 entry_point = 0x7fffca3a1300 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll") Region: id = 1372 start_va = 0x7fffca480000 end_va = 0x7fffca4fefff monitored = 0 entry_point = 0x7fffca4b73e0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1373 start_va = 0x7fffca560000 end_va = 0x7fffca5fcfff monitored = 0 entry_point = 0x7fffca575390 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 1374 start_va = 0x7fffca600000 end_va = 0x7fffca75cfff monitored = 0 entry_point = 0x7fffca64efa0 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1375 start_va = 0x7fffca760000 end_va = 0x7fffca781fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll") Region: id = 1376 start_va = 0x7fffca790000 end_va = 0x7fffcaa56fff monitored = 0 entry_point = 0x7fffca7a1bd0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1377 start_va = 0x7fffcaa60000 end_va = 0x7fffcaa86fff monitored = 0 entry_point = 0x7fffcaa68690 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1378 start_va = 0x7fffcad80000 end_va = 0x7fffcae2dfff monitored = 0 entry_point = 0x7fffcadbb940 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1379 start_va = 0x7fffcae30000 end_va = 0x7fffcb296fff monitored = 0 entry_point = 0x7fffcae53230 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1380 start_va = 0x7fffcb2a0000 end_va = 0x7fffcb33afff monitored = 0 entry_point = 0x7fffcb2bc3e0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1381 start_va = 0x7fffcb350000 end_va = 0x7fffcb424fff monitored = 0 entry_point = 0x7fffcb36d190 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1382 start_va = 0x7fffcb440000 end_va = 0x7fffcb4fcfff monitored = 0 entry_point = 0x7fffcb457070 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1383 start_va = 0x7fffcb560000 end_va = 0x7fffcb5fdfff monitored = 0 entry_point = 0x7fffcb567850 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1384 start_va = 0x7fffcb600000 end_va = 0x7fffcb6a9fff monitored = 0 entry_point = 0x7fffcb615470 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1385 start_va = 0x7fffcb790000 end_va = 0x7fffcb798fff monitored = 0 entry_point = 0x7fffcb792020 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1386 start_va = 0x7fffcb7a0000 end_va = 0x7fffcb93ffff monitored = 0 entry_point = 0x7fffcb7b7a10 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1387 start_va = 0x7fffcbae0000 end_va = 0x7fffcbb87fff monitored = 0 entry_point = 0x7fffcbafd990 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1388 start_va = 0x7fffcbb90000 end_va = 0x7fffcbee3fff monitored = 0 entry_point = 0x7fffcbc81d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1389 start_va = 0x7fffcbef0000 end_va = 0x7fffcc018fff monitored = 0 entry_point = 0x7fffcbf16140 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1390 start_va = 0x7fffcc830000 end_va = 0x7fffcc952fff monitored = 0 entry_point = 0x7fffcc88da30 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1391 start_va = 0x7fffcc960000 end_va = 0x7fffcc989fff monitored = 0 entry_point = 0x7fffcc9648d0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1392 start_va = 0x7fffcca30000 end_va = 0x7fffccc23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1404 start_va = 0x7fffc9000000 end_va = 0x7fffc9032fff monitored = 0 entry_point = 0x7fffc9006930 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1408 start_va = 0x420000 end_va = 0x423fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmplics.dll" filename = "\\Program Files\\Windows Defender\\MsMpLics.dll" (normalized: "c:\\program files\\windows defender\\msmplics.dll") Region: id = 1409 start_va = 0x7fffc8ac0000 end_va = 0x7fffc8ae2fff monitored = 0 entry_point = 0x7fffc8ac3700 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1410 start_va = 0xd10000 end_va = 0xd8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 1411 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1412 start_va = 0x440000 end_va = 0x440fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1431 start_va = 0xd90000 end_va = 0x10c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Thread: id = 82 os_tid = 0x16f0 Thread: id = 83 os_tid = 0x1054 Thread: id = 84 os_tid = 0x16d0 Thread: id = 85 os_tid = 0xf90 Thread: id = 86 os_tid = 0xf94 Thread: id = 87 os_tid = 0xecc Thread: id = 88 os_tid = 0x16f8 Thread: id = 89 os_tid = 0x1704 Process: id = "6" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x47fcb000" os_pid = "0x1758" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "4" os_parent_pid = "0x808" cmd_line = "C:\\Windows\\system32\\cmd.exe /c \"\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat\" \"" cur_dir = "C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001bd08" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1475 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1476 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1477 start_va = 0x40000 end_va = 0x5cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1478 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1479 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1480 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1481 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1482 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1483 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1484 start_va = 0xe60000 end_va = 0xeb8fff monitored = 1 entry_point = 0xe76b40 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe") Region: id = 1485 start_va = 0x77d40000 end_va = 0x77ee1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1486 start_va = 0x7ffa0000 end_va = 0x7ffa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffa0000" filename = "" Region: id = 1487 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1488 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1489 start_va = 0x7fff0000 end_va = 0xffffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1490 start_va = 0x7fffcca30000 end_va = 0x7fffccc23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1494 start_va = 0x7ff90000 end_va = 0x7ff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff90000" filename = "" Region: id = 1495 start_va = 0x7ff70000 end_va = 0x7ff80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff70000" filename = "" Region: id = 1496 start_va = 0x1d0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1497 start_va = 0x7fffcc7d0000 end_va = 0x7fffcc828fff monitored = 0 entry_point = 0x7fffcc7e8ff0 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1498 start_va = 0x7fffcba50000 end_va = 0x7fffcbad2fff monitored = 0 entry_point = 0x7fffcba5fb00 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1499 start_va = 0x77d30000 end_va = 0x77d39fff monitored = 0 entry_point = 0x77d312e0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1500 start_va = 0x7ff60000 end_va = 0x7ff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff60000" filename = "" Region: id = 1501 start_va = 0x7ff50000 end_va = 0x7ff58fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff50000" filename = "" Region: id = 1502 start_va = 0x400000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1503 start_va = 0x75ce0000 end_va = 0x75dcffff monitored = 0 entry_point = 0x75cff5a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1504 start_va = 0x77580000 end_va = 0x77792fff monitored = 0 entry_point = 0x77694030 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1505 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1506 start_va = 0x7fe50000 end_va = 0x7ff4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fe50000" filename = "" Region: id = 1507 start_va = 0x400000 end_va = 0x4c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1508 start_va = 0x560000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1603 start_va = 0x77ad0000 end_va = 0x77b8efff monitored = 0 entry_point = 0x77b05ac0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1604 start_va = 0x4d0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1605 start_va = 0x660000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 1606 start_va = 0x777e0000 end_va = 0x77a5ffff monitored = 0 entry_point = 0x7791a960 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1607 start_va = 0x77380000 end_va = 0x7749ffff monitored = 0 entry_point = 0x773ab170 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 1608 start_va = 0x75c20000 end_va = 0x75cd9fff monitored = 0 entry_point = 0x75c5a2c0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1609 start_va = 0x760000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1610 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 1611 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1612 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1613 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1614 start_va = 0x1e0000 end_va = 0x1e3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1621 start_va = 0x860000 end_va = 0x95ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 1622 start_va = 0x510000 end_va = 0x513fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1624 start_va = 0x700f0000 end_va = 0x700f9fff monitored = 0 entry_point = 0x700f1d30 region_type = mapped_file name = "cmdext.dll" filename = "\\Windows\\SysWOW64\\cmdext.dll" (normalized: "c:\\windows\\syswow64\\cmdext.dll") Region: id = 1625 start_va = 0x75ff0000 end_va = 0x76068fff monitored = 0 entry_point = 0x76001a00 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1626 start_va = 0x76c20000 end_va = 0x76c94fff monitored = 0 entry_point = 0x76c3f710 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1627 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1641 start_va = 0x75b80000 end_va = 0x75c1efff monitored = 0 entry_point = 0x75bb85c0 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1642 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 94 os_tid = 0x176c [0226.811] GetProcAddress (hModule=0x75ce0000, lpProcName="SetConsoleInputExeNameW") returned 0x77728800 [0226.811] ??_V@YAXPAX@Z () returned 0x1 [0226.812] GetProcessHeap () returned 0x560000 [0226.812] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x400a) returned 0x571b90 [0226.812] GetProcessHeap () returned 0x560000 [0226.813] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x571b90) returned 1 [0226.815] _wcsicmp (_String1="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat\"", _String2=")") returned -7 [0226.815] _wcsicmp (_String1="FOR", _String2="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat\"") returned 68 [0226.815] _wcsicmp (_String1="FOR/?", _String2="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat\"") returned 68 [0226.815] _wcsicmp (_String1="IF", _String2="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat\"") returned 71 [0226.815] _wcsicmp (_String1="IF/?", _String2="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat\"") returned 71 [0226.815] _wcsicmp (_String1="REM", _String2="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat\"") returned 80 [0226.815] _wcsicmp (_String1="REM/?", _String2="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat\"") returned 80 [0226.815] GetProcessHeap () returned 0x560000 [0226.815] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x58) returned 0x564050 [0226.815] GetProcessHeap () returned 0x560000 [0226.815] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x72) returned 0x5641f0 [0226.816] GetProcessHeap () returned 0x560000 [0226.816] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0xc) returned 0x56e5a8 [0226.816] GetConsoleTitleW (in: lpConsoleTitle=0x19fc70, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0226.826] malloc (_Size=0xffce) returned 0x8727a8 [0226.827] malloc (_Size=0xffce) returned 0x882780 [0226.828] GetFileAttributesW (lpFileName="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat\"" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\\"c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\1.bat\"")) returned 0xffffffff [0226.829] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0226.829] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0226.829] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0226.829] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0226.829] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0226.829] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0226.829] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0226.829] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0226.829] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0226.829] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0226.829] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0226.829] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0226.829] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0226.829] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0226.829] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0226.829] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0226.829] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0226.829] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0226.829] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0226.829] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0226.829] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0226.829] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0226.829] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0226.829] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0226.829] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0226.830] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0226.830] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0226.830] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0226.830] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0226.830] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0226.830] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0226.830] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0226.830] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0226.830] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0226.830] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0226.830] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0226.830] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0226.830] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0226.830] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0226.830] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0226.830] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0226.830] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0226.830] _wcsicmp (_String1="\"C", _String2="DIR") returned -66 [0226.830] _wcsicmp (_String1="\"C", _String2="ERASE") returned -67 [0226.830] _wcsicmp (_String1="\"C", _String2="DEL") returned -66 [0226.830] _wcsicmp (_String1="\"C", _String2="TYPE") returned -82 [0226.830] _wcsicmp (_String1="\"C", _String2="COPY") returned -65 [0226.830] _wcsicmp (_String1="\"C", _String2="CD") returned -65 [0226.830] _wcsicmp (_String1="\"C", _String2="CHDIR") returned -65 [0226.831] _wcsicmp (_String1="\"C", _String2="RENAME") returned -80 [0226.831] _wcsicmp (_String1="\"C", _String2="REN") returned -80 [0226.831] _wcsicmp (_String1="\"C", _String2="ECHO") returned -67 [0226.831] _wcsicmp (_String1="\"C", _String2="SET") returned -81 [0226.831] _wcsicmp (_String1="\"C", _String2="PAUSE") returned -78 [0226.831] _wcsicmp (_String1="\"C", _String2="DATE") returned -66 [0226.831] _wcsicmp (_String1="\"C", _String2="TIME") returned -82 [0226.831] _wcsicmp (_String1="\"C", _String2="PROMPT") returned -78 [0226.831] _wcsicmp (_String1="\"C", _String2="MD") returned -75 [0226.831] _wcsicmp (_String1="\"C", _String2="MKDIR") returned -75 [0226.831] _wcsicmp (_String1="\"C", _String2="RD") returned -80 [0226.831] _wcsicmp (_String1="\"C", _String2="RMDIR") returned -80 [0226.831] _wcsicmp (_String1="\"C", _String2="PATH") returned -78 [0226.831] _wcsicmp (_String1="\"C", _String2="GOTO") returned -69 [0226.831] _wcsicmp (_String1="\"C", _String2="SHIFT") returned -81 [0226.831] _wcsicmp (_String1="\"C", _String2="CLS") returned -65 [0226.831] _wcsicmp (_String1="\"C", _String2="CALL") returned -65 [0226.831] _wcsicmp (_String1="\"C", _String2="VERIFY") returned -84 [0226.831] _wcsicmp (_String1="\"C", _String2="VER") returned -84 [0226.831] _wcsicmp (_String1="\"C", _String2="VOL") returned -84 [0226.831] _wcsicmp (_String1="\"C", _String2="EXIT") returned -67 [0226.831] _wcsicmp (_String1="\"C", _String2="SETLOCAL") returned -81 [0226.831] _wcsicmp (_String1="\"C", _String2="ENDLOCAL") returned -67 [0226.831] _wcsicmp (_String1="\"C", _String2="TITLE") returned -82 [0226.831] _wcsicmp (_String1="\"C", _String2="START") returned -81 [0226.831] _wcsicmp (_String1="\"C", _String2="DPATH") returned -66 [0226.831] _wcsicmp (_String1="\"C", _String2="KEYS") returned -73 [0226.832] _wcsicmp (_String1="\"C", _String2="MOVE") returned -75 [0226.832] _wcsicmp (_String1="\"C", _String2="PUSHD") returned -78 [0226.832] _wcsicmp (_String1="\"C", _String2="POPD") returned -78 [0226.832] _wcsicmp (_String1="\"C", _String2="ASSOC") returned -63 [0226.832] _wcsicmp (_String1="\"C", _String2="FTYPE") returned -68 [0226.832] _wcsicmp (_String1="\"C", _String2="BREAK") returned -64 [0226.832] _wcsicmp (_String1="\"C", _String2="COLOR") returned -65 [0226.832] _wcsicmp (_String1="\"C", _String2="MKLINK") returned -75 [0226.832] _wcsicmp (_String1="\"C", _String2="FOR") returned -68 [0226.832] _wcsicmp (_String1="\"C", _String2="IF") returned -71 [0226.832] _wcsicmp (_String1="\"C", _String2="REM") returned -80 [0226.832] ??_V@YAXPAX@Z () returned 0x1 [0226.832] GetProcessHeap () returned 0x560000 [0226.832] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0xffd6) returned 0x57dbc8 [0226.834] GetProcessHeap () returned 0x560000 [0226.834] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x76) returned 0x56bf38 [0226.834] _wcsnicmp (_String1="C:\\U", _String2="cmd ", _MaxCount=0x4) returned -51 [0226.834] malloc (_Size=0xffce) returned 0x882780 [0226.834] GetProcessHeap () returned 0x560000 [0226.834] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x1ffa4) returned 0x58dba8 [0226.837] SetErrorMode (uMode=0x0) returned 0x0 [0226.837] SetErrorMode (uMode=0x1) returned 0x0 [0226.837] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\.", nBufferLength=0xffce, lpBuffer=0x58dbb0, lpFilePart=0x19f54c | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0", lpFilePart=0x19f54c*="RarSFX0") returned 0x2c [0226.837] SetErrorMode (uMode=0x0) returned 0x1 [0226.837] GetProcessHeap () returned 0x560000 [0226.837] RtlReAllocateHeap (Heap=0x560000, Flags=0x0, Ptr=0x58dba8, Size=0x6e) returned 0x58dba8 [0226.837] GetProcessHeap () returned 0x560000 [0226.837] RtlSizeHeap (HeapHandle=0x560000, Flags=0x0, MemoryPointer=0x58dba8) returned 0x6e [0226.837] NeedCurrentDirectoryForExePathW (ExeName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\.") returned 1 [0226.837] GetProcessHeap () returned 0x560000 [0226.838] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x68) returned 0x56bfb8 [0226.838] GetProcessHeap () returned 0x560000 [0226.838] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0xc4) returned 0x56e740 [0226.838] GetProcessHeap () returned 0x560000 [0226.838] RtlReAllocateHeap (Heap=0x560000, Flags=0x0, Ptr=0x56e740, Size=0x68) returned 0x56e740 [0226.838] GetProcessHeap () returned 0x560000 [0226.838] RtlSizeHeap (HeapHandle=0x560000, Flags=0x0, MemoryPointer=0x56e740) returned 0x68 [0226.838] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xe8d590, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0226.838] GetProcessHeap () returned 0x560000 [0226.838] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0xe0) returned 0x56e7b0 [0226.843] GetProcessHeap () returned 0x560000 [0226.843] RtlReAllocateHeap (Heap=0x560000, Flags=0x0, Ptr=0x56e7b0, Size=0x76) returned 0x56e7b0 [0226.843] GetProcessHeap () returned 0x560000 [0226.843] RtlSizeHeap (HeapHandle=0x560000, Flags=0x0, MemoryPointer=0x56e7b0) returned 0x76 [0226.843] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0226.843] FindFirstFileExW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\1.bat"), fInfoLevelId=0x1, lpFindFileData=0x19f2f8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19f2f8) returned 0x564270 [0226.843] GetProcessHeap () returned 0x560000 [0226.843] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x0, Size=0x14) returned 0x564368 [0226.843] FindClose (in: hFindFile=0x564270 | out: hFindFile=0x564270) returned 1 [0226.844] _wcsicmp (_String1=".bat", _String2=".CMD") returned -1 [0226.844] _wcsicmp (_String1=".bat", _String2=".BAT") returned 0 [0226.844] ??_V@YAXPAX@Z () returned 0x1 [0226.844] GetConsoleTitleW (in: lpConsoleTitle=0x19f7e4, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0226.850] GetProcessHeap () returned 0x560000 [0226.850] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x11c) returned 0x56e830 [0226.850] malloc (_Size=0xffce) returned 0x882780 [0226.850] ApiSetQueryApiSetPresence () returned 0x0 [0226.851] ResolveDelayLoadedAPI () returned 0x700f18f0 [0226.863] SaferWorker () returned 0x0 [0226.886] SetErrorMode (uMode=0x0) returned 0x0 [0226.886] SetErrorMode (uMode=0x1) returned 0x0 [0226.886] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat", nBufferLength=0x7fe7, lpBuffer=0x57dbd0, lpFilePart=0x19f46c | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat", lpFilePart=0x19f46c*="1.bat") returned 0x32 [0226.886] SetErrorMode (uMode=0x0) returned 0x1 [0226.886] malloc (_Size=0x4000) returned 0x892758 [0226.886] GetProcessHeap () returned 0x560000 [0226.886] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x72) returned 0x573020 [0226.886] wcsspn (_String=" ", _Control=" \x09") returned 0x1 [0226.886] GetProcessHeap () returned 0x560000 [0226.886] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0xa) returned 0x572560 [0226.886] GetProcessHeap () returned 0x560000 [0226.886] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0xc) returned 0x5724d0 [0226.886] GetProcessHeap () returned 0x560000 [0226.886] RtlReAllocateHeap (Heap=0x560000, Flags=0x0, Ptr=0x5724d0, Size=0xc) returned 0x572638 [0226.886] GetProcessHeap () returned 0x560000 [0226.887] RtlSizeHeap (HeapHandle=0x560000, Flags=0x0, MemoryPointer=0x572638) returned 0xc [0226.887] ??_V@YAXPAX@Z () returned 0x1 [0226.887] CmdBatNotificationStub () returned 0x1 [0226.887] CreateFileW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\1.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19f2e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0226.887] _open_osfhandle (_OSFileHandle=0x140, _Flags=8) returned 3 [0226.887] _get_osfhandle (_FileHandle=3) returned 0x140 [0226.887] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0226.887] _get_osfhandle (_FileHandle=3) returned 0x140 [0226.887] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0226.887] ReadFile (in: hFile=0x140, lpBuffer=0xe997f0, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f2ac, lpOverlapped=0x0 | out: lpBuffer=0xe997f0*, lpNumberOfBytesRead=0x19f2ac*=0x23, lpOverlapped=0x0) returned 1 [0226.888] SetFilePointer (in: hFile=0x140, lDistanceToMove=11, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xb [0226.888] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr="@echo off\r\n", cbMultiByte=11, lpWideCharStr=0xe9ba30, cchWideChar=8191 | out: lpWideCharStr="@echo off\r\n") returned 11 [0226.908] _get_osfhandle (_FileHandle=3) returned 0x140 [0226.908] GetFileType (hFile=0x140) returned 0x1 [0226.908] _get_osfhandle (_FileHandle=3) returned 0x140 [0226.908] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xb [0226.908] GetProcessHeap () returned 0x560000 [0226.908] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x400a) returned 0x58dc20 [0226.909] GetProcessHeap () returned 0x560000 [0226.910] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x58dc20) returned 1 [0226.910] GetProcessHeap () returned 0x560000 [0226.910] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x58) returned 0x5738b0 [0226.911] _wcsicmp (_String1="echo", _String2=")") returned 60 [0226.911] _wcsicmp (_String1="FOR", _String2="echo") returned 1 [0226.911] _wcsicmp (_String1="FOR/?", _String2="echo") returned 1 [0226.911] _wcsicmp (_String1="IF", _String2="echo") returned 4 [0226.911] _wcsicmp (_String1="IF/?", _String2="echo") returned 4 [0226.911] _wcsicmp (_String1="REM", _String2="echo") returned 13 [0226.911] _wcsicmp (_String1="REM/?", _String2="echo") returned 13 [0226.911] GetProcessHeap () returned 0x560000 [0226.911] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x58) returned 0x573910 [0226.911] GetProcessHeap () returned 0x560000 [0226.911] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x12) returned 0x5642a8 [0226.912] GetProcessHeap () returned 0x560000 [0226.912] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x12) returned 0x561840 [0226.914] _tell (_FileHandle=3) returned 11 [0226.914] _close (_FileHandle=3) returned 0 [0226.915] malloc (_Size=0xffce) returned 0x892758 [0226.916] _wcsicmp (_String1="echo", _String2="DIR") returned 1 [0226.916] _wcsicmp (_String1="echo", _String2="ERASE") returned -15 [0226.916] _wcsicmp (_String1="echo", _String2="DEL") returned 1 [0226.916] _wcsicmp (_String1="echo", _String2="TYPE") returned -15 [0226.916] _wcsicmp (_String1="echo", _String2="COPY") returned 2 [0226.916] _wcsicmp (_String1="echo", _String2="CD") returned 2 [0226.916] _wcsicmp (_String1="echo", _String2="CHDIR") returned 2 [0226.916] _wcsicmp (_String1="echo", _String2="RENAME") returned -13 [0226.916] _wcsicmp (_String1="echo", _String2="REN") returned -13 [0226.916] _wcsicmp (_String1="echo", _String2="ECHO") returned 0 [0226.916] GetConsoleTitleW (in: lpConsoleTitle=0x19f0a8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0226.920] malloc (_Size=0xffce) returned 0x8a2730 [0226.922] malloc (_Size=0xffce) returned 0x8b2708 [0226.923] _wcsicmp (_String1="echo", _String2="DIR") returned 1 [0226.923] _wcsicmp (_String1="echo", _String2="ERASE") returned -15 [0226.923] _wcsicmp (_String1="echo", _String2="DEL") returned 1 [0226.923] _wcsicmp (_String1="echo", _String2="TYPE") returned -15 [0226.923] _wcsicmp (_String1="echo", _String2="COPY") returned 2 [0226.923] _wcsicmp (_String1="echo", _String2="CD") returned 2 [0226.923] _wcsicmp (_String1="echo", _String2="CHDIR") returned 2 [0226.923] _wcsicmp (_String1="echo", _String2="RENAME") returned -13 [0226.923] _wcsicmp (_String1="echo", _String2="REN") returned -13 [0226.923] _wcsicmp (_String1="echo", _String2="ECHO") returned 0 [0226.923] ??_V@YAXPAX@Z () returned 0x1 [0226.924] GetProcessHeap () returned 0x560000 [0226.924] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x1c) returned 0x5707e0 [0226.925] GetProcessHeap () returned 0x560000 [0226.925] RtlReAllocateHeap (Heap=0x560000, Flags=0x0, Ptr=0x5707e0, Size=0x12) returned 0x573bb8 [0226.925] GetProcessHeap () returned 0x560000 [0226.925] RtlSizeHeap (HeapHandle=0x560000, Flags=0x0, MemoryPointer=0x573bb8) returned 0x12 [0226.925] GetProcessHeap () returned 0x560000 [0226.925] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x1c) returned 0x570a38 [0226.925] _wcsnicmp (_String1="off", _String2="off", _MaxCount=0x3) returned 0 [0226.925] ??_V@YAXPAX@Z () returned 0x1 [0226.927] _get_osfhandle (_FileHandle=1) returned 0x98 [0226.927] SetConsoleMode (hConsoleHandle=0x98, dwMode=0x7) returned 1 [0226.929] _get_osfhandle (_FileHandle=1) returned 0x98 [0226.929] GetConsoleMode (in: hConsoleHandle=0x98, lpMode=0xe915ac | out: lpMode=0xe915ac) returned 1 [0226.930] _get_osfhandle (_FileHandle=0) returned 0x94 [0226.930] GetConsoleMode (in: hConsoleHandle=0x94, lpMode=0xe915b0 | out: lpMode=0xe915b0) returned 1 [0226.932] SetConsoleInputExeNameW () returned 0x1 [0226.932] GetConsoleOutputCP () returned 0x1b5 [0226.933] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe9b9f0 | out: lpCPInfo=0xe9b9f0) returned 1 [0226.933] SetThreadUILanguage (LangId=0x0) returned 0x300409 [0226.935] ??_V@YAXPAX@Z () returned 0x1 [0226.938] CreateFileW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\1.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19f2e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x140 [0226.938] _open_osfhandle (_OSFileHandle=0x140, _Flags=8) returned 3 [0226.938] _get_osfhandle (_FileHandle=3) returned 0x140 [0226.938] SetFilePointer (in: hFile=0x140, lDistanceToMove=11, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0xb [0226.938] GetProcessHeap () returned 0x560000 [0226.938] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x570a38) returned 1 [0226.938] GetProcessHeap () returned 0x560000 [0226.938] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x573bb8) returned 1 [0226.938] GetProcessHeap () returned 0x560000 [0226.938] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x561840) returned 1 [0226.938] GetProcessHeap () returned 0x560000 [0226.938] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x5642a8) returned 1 [0226.939] GetProcessHeap () returned 0x560000 [0226.939] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x573910) returned 1 [0226.939] GetProcessHeap () returned 0x560000 [0226.940] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x5738b0) returned 1 [0226.940] _get_osfhandle (_FileHandle=3) returned 0x140 [0226.940] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0xb [0226.940] ReadFile (in: hFile=0x140, lpBuffer=0xe997f0, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f2ac, lpOverlapped=0x0 | out: lpBuffer=0xe997f0*, lpNumberOfBytesRead=0x19f2ac*=0x18, lpOverlapped=0x0) returned 1 [0226.940] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr="start work.exe -priverdDe -priverdD", cbMultiByte=24, lpWideCharStr=0xe9ba30, cchWideChar=8191 | out: lpWideCharStr="start work.exe -priverdD") returned 24 [0226.941] GetProcessHeap () returned 0x560000 [0226.941] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x400a) returned 0x58dc20 [0226.941] GetProcessHeap () returned 0x560000 [0226.942] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x58dc20) returned 1 [0226.943] _wcsicmp (_String1="start", _String2=")") returned 74 [0226.943] _wcsicmp (_String1="FOR", _String2="start") returned -13 [0226.943] _wcsicmp (_String1="FOR/?", _String2="start") returned -13 [0226.943] _wcsicmp (_String1="IF", _String2="start") returned -10 [0226.943] _wcsicmp (_String1="IF/?", _String2="start") returned -10 [0226.943] _wcsicmp (_String1="REM", _String2="start") returned -1 [0226.943] _wcsicmp (_String1="REM/?", _String2="start") returned -1 [0226.943] GetProcessHeap () returned 0x560000 [0226.943] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x58) returned 0x5738b0 [0226.943] GetProcessHeap () returned 0x560000 [0226.943] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x14) returned 0x573c98 [0226.943] _get_osfhandle (_FileHandle=3) returned 0x140 [0226.943] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x23 [0226.944] ReadFile (in: hFile=0x140, lpBuffer=0xe997f0, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f1d4, lpOverlapped=0x0 | out: lpBuffer=0xe997f0*, lpNumberOfBytesRead=0x19f1d4*=0x0, lpOverlapped=0x0) returned 1 [0226.944] GetLastError () returned 0x0 [0226.944] _get_osfhandle (_FileHandle=3) returned 0x140 [0226.944] GetFileType (hFile=0x140) returned 0x1 [0226.944] _get_osfhandle (_FileHandle=3) returned 0x140 [0226.944] SetFilePointer (in: hFile=0x140, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x23 [0226.944] GetProcessHeap () returned 0x560000 [0226.944] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x400a) returned 0x58dc20 [0226.944] GetProcessHeap () returned 0x560000 [0226.945] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x58dc20) returned 1 [0226.945] GetProcessHeap () returned 0x560000 [0226.945] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x30) returned 0x573260 [0226.945] _tell (_FileHandle=3) returned 35 [0226.945] _close (_FileHandle=3) returned 0 [0226.946] malloc (_Size=0xffce) returned 0x892758 [0226.947] _wcsicmp (_String1="start", _String2="DIR") returned 15 [0226.947] _wcsicmp (_String1="start", _String2="ERASE") returned 14 [0226.947] _wcsicmp (_String1="start", _String2="DEL") returned 15 [0226.947] _wcsicmp (_String1="start", _String2="TYPE") returned -1 [0226.947] _wcsicmp (_String1="start", _String2="COPY") returned 16 [0226.947] _wcsicmp (_String1="start", _String2="CD") returned 16 [0226.947] _wcsicmp (_String1="start", _String2="CHDIR") returned 16 [0226.947] _wcsicmp (_String1="start", _String2="RENAME") returned 1 [0226.947] _wcsicmp (_String1="start", _String2="REN") returned 1 [0226.947] _wcsicmp (_String1="start", _String2="ECHO") returned 14 [0226.948] _wcsicmp (_String1="start", _String2="SET") returned 15 [0226.948] _wcsicmp (_String1="start", _String2="PAUSE") returned 3 [0226.948] _wcsicmp (_String1="start", _String2="DATE") returned 15 [0226.948] _wcsicmp (_String1="start", _String2="TIME") returned -1 [0226.948] _wcsicmp (_String1="start", _String2="PROMPT") returned 3 [0226.948] _wcsicmp (_String1="start", _String2="MD") returned 6 [0226.948] _wcsicmp (_String1="start", _String2="MKDIR") returned 6 [0226.948] _wcsicmp (_String1="start", _String2="RD") returned 1 [0226.948] _wcsicmp (_String1="start", _String2="RMDIR") returned 1 [0226.948] _wcsicmp (_String1="start", _String2="PATH") returned 3 [0226.948] _wcsicmp (_String1="start", _String2="GOTO") returned 12 [0226.948] _wcsicmp (_String1="start", _String2="SHIFT") returned 12 [0226.948] _wcsicmp (_String1="start", _String2="CLS") returned 16 [0226.948] _wcsicmp (_String1="start", _String2="CALL") returned 16 [0226.948] _wcsicmp (_String1="start", _String2="VERIFY") returned -3 [0226.948] _wcsicmp (_String1="start", _String2="VER") returned -3 [0226.948] _wcsicmp (_String1="start", _String2="VOL") returned -3 [0226.948] _wcsicmp (_String1="start", _String2="EXIT") returned 14 [0226.948] _wcsicmp (_String1="start", _String2="SETLOCAL") returned 15 [0226.948] _wcsicmp (_String1="start", _String2="ENDLOCAL") returned 14 [0226.948] _wcsicmp (_String1="start", _String2="TITLE") returned -1 [0226.948] _wcsicmp (_String1="start", _String2="START") returned 0 [0226.948] GetConsoleTitleW (in: lpConsoleTitle=0x19f0a8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0226.950] malloc (_Size=0xffce) returned 0x8a2730 [0226.950] malloc (_Size=0xffce) returned 0x8b2708 [0226.968] _wcsicmp (_String1="start", _String2="DIR") returned 15 [0226.968] _wcsicmp (_String1="start", _String2="ERASE") returned 14 [0226.968] _wcsicmp (_String1="start", _String2="DEL") returned 15 [0226.968] _wcsicmp (_String1="start", _String2="TYPE") returned -1 [0226.968] _wcsicmp (_String1="start", _String2="COPY") returned 16 [0226.968] _wcsicmp (_String1="start", _String2="CD") returned 16 [0226.968] _wcsicmp (_String1="start", _String2="CHDIR") returned 16 [0226.968] _wcsicmp (_String1="start", _String2="RENAME") returned 1 [0226.968] _wcsicmp (_String1="start", _String2="REN") returned 1 [0226.968] _wcsicmp (_String1="start", _String2="ECHO") returned 14 [0226.968] _wcsicmp (_String1="start", _String2="SET") returned 15 [0226.968] _wcsicmp (_String1="start", _String2="PAUSE") returned 3 [0226.968] _wcsicmp (_String1="start", _String2="DATE") returned 15 [0226.968] _wcsicmp (_String1="start", _String2="TIME") returned -1 [0226.968] _wcsicmp (_String1="start", _String2="PROMPT") returned 3 [0226.969] _wcsicmp (_String1="start", _String2="MD") returned 6 [0226.969] _wcsicmp (_String1="start", _String2="MKDIR") returned 6 [0226.969] _wcsicmp (_String1="start", _String2="RD") returned 1 [0226.969] _wcsicmp (_String1="start", _String2="RMDIR") returned 1 [0226.969] _wcsicmp (_String1="start", _String2="PATH") returned 3 [0226.969] _wcsicmp (_String1="start", _String2="GOTO") returned 12 [0226.969] _wcsicmp (_String1="start", _String2="SHIFT") returned 12 [0226.969] _wcsicmp (_String1="start", _String2="CLS") returned 16 [0226.969] _wcsicmp (_String1="start", _String2="CALL") returned 16 [0226.969] _wcsicmp (_String1="start", _String2="VERIFY") returned -3 [0226.969] _wcsicmp (_String1="start", _String2="VER") returned -3 [0226.969] _wcsicmp (_String1="start", _String2="VOL") returned -3 [0226.969] _wcsicmp (_String1="start", _String2="EXIT") returned 14 [0226.969] _wcsicmp (_String1="start", _String2="SETLOCAL") returned 15 [0226.969] _wcsicmp (_String1="start", _String2="ENDLOCAL") returned 14 [0226.969] _wcsicmp (_String1="start", _String2="TITLE") returned -1 [0226.969] _wcsicmp (_String1="start", _String2="START") returned 0 [0226.969] ??_V@YAXPAX@Z () returned 0x1 [0226.970] GetProcessHeap () returned 0x560000 [0226.970] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x58) returned 0x573910 [0226.971] GetProcessHeap () returned 0x560000 [0226.971] RtlReAllocateHeap (Heap=0x560000, Flags=0x0, Ptr=0x573910, Size=0x30) returned 0x573910 [0226.971] GetProcessHeap () returned 0x560000 [0226.971] RtlSizeHeap (HeapHandle=0x560000, Flags=0x0, MemoryPointer=0x573910) returned 0x30 [0226.971] GetProcessHeap () returned 0x560000 [0226.971] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x3c) returned 0x571cd8 [0226.971] GetStdHandle (nStdHandle=0xfffffff6) returned 0x94 [0226.972] GetStdHandle (nStdHandle=0xfffffff5) returned 0x98 [0226.972] GetStdHandle (nStdHandle=0xfffffff4) returned 0x9c [0226.972] malloc (_Size=0xffce) returned 0x8b2708 [0226.973] malloc (_Size=0x4000) returned 0x8c26e0 [0226.973] malloc (_Size=0x4000) returned 0x8c66e8 [0226.973] malloc (_Size=0x4000) returned 0x8ca6f0 [0226.973] malloc (_Size=0x4000) returned 0x857fe8 [0226.973] malloc (_Size=0x4000) returned 0x8ce6f8 [0226.974] malloc (_Size=0x4000) returned 0x8d2700 [0226.974] malloc (_Size=0x4000) returned 0x8d6708 [0226.974] _wcsicmp (_String1="work.exe", _String2="DIR") returned 19 [0226.974] _wcsicmp (_String1="work.exe", _String2="ERASE") returned 18 [0226.974] _wcsicmp (_String1="work.exe", _String2="DEL") returned 19 [0226.974] _wcsicmp (_String1="work.exe", _String2="TYPE") returned 3 [0226.974] _wcsicmp (_String1="work.exe", _String2="COPY") returned 20 [0226.974] _wcsicmp (_String1="work.exe", _String2="CD") returned 20 [0226.974] _wcsicmp (_String1="work.exe", _String2="CHDIR") returned 20 [0226.974] _wcsicmp (_String1="work.exe", _String2="RENAME") returned 5 [0226.975] _wcsicmp (_String1="work.exe", _String2="REN") returned 5 [0226.975] _wcsicmp (_String1="work.exe", _String2="ECHO") returned 18 [0226.975] _wcsicmp (_String1="work.exe", _String2="SET") returned 4 [0226.975] _wcsicmp (_String1="work.exe", _String2="PAUSE") returned 7 [0226.975] _wcsicmp (_String1="work.exe", _String2="DATE") returned 19 [0226.975] _wcsicmp (_String1="work.exe", _String2="TIME") returned 3 [0226.975] _wcsicmp (_String1="work.exe", _String2="PROMPT") returned 7 [0226.975] _wcsicmp (_String1="work.exe", _String2="MD") returned 10 [0226.975] _wcsicmp (_String1="work.exe", _String2="MKDIR") returned 10 [0226.975] _wcsicmp (_String1="work.exe", _String2="RD") returned 5 [0226.975] _wcsicmp (_String1="work.exe", _String2="RMDIR") returned 5 [0226.975] _wcsicmp (_String1="work.exe", _String2="PATH") returned 7 [0226.975] _wcsicmp (_String1="work.exe", _String2="GOTO") returned 16 [0226.975] _wcsicmp (_String1="work.exe", _String2="SHIFT") returned 4 [0226.975] _wcsicmp (_String1="work.exe", _String2="CLS") returned 20 [0226.975] _wcsicmp (_String1="work.exe", _String2="CALL") returned 20 [0226.975] _wcsicmp (_String1="work.exe", _String2="VERIFY") returned 1 [0226.975] _wcsicmp (_String1="work.exe", _String2="VER") returned 1 [0226.975] _wcsicmp (_String1="work.exe", _String2="VOL") returned 1 [0226.975] _wcsicmp (_String1="work.exe", _String2="EXIT") returned 18 [0226.975] _wcsicmp (_String1="work.exe", _String2="SETLOCAL") returned 4 [0226.975] _wcsicmp (_String1="work.exe", _String2="ENDLOCAL") returned 18 [0226.975] _wcsicmp (_String1="work.exe", _String2="TITLE") returned 3 [0226.975] _wcsicmp (_String1="work.exe", _String2="START") returned 4 [0226.975] _wcsicmp (_String1="work.exe", _String2="DPATH") returned 19 [0226.975] _wcsicmp (_String1="work.exe", _String2="KEYS") returned 12 [0226.975] _wcsicmp (_String1="work.exe", _String2="MOVE") returned 10 [0226.976] _wcsicmp (_String1="work.exe", _String2="PUSHD") returned 7 [0226.976] _wcsicmp (_String1="work.exe", _String2="POPD") returned 7 [0226.976] _wcsicmp (_String1="work.exe", _String2="ASSOC") returned 22 [0226.976] _wcsicmp (_String1="work.exe", _String2="FTYPE") returned 17 [0226.976] _wcsicmp (_String1="work.exe", _String2="BREAK") returned 21 [0226.976] _wcsicmp (_String1="work.exe", _String2="COLOR") returned 20 [0226.976] _wcsicmp (_String1="work.exe", _String2="MKLINK") returned 10 [0226.976] _wcsicmp (_String1="work.exe", _String2="FOR") returned 17 [0226.976] _wcsicmp (_String1="work.exe", _String2="IF") returned 14 [0226.976] _wcsicmp (_String1="work.exe", _String2="REM") returned 5 [0226.976] _wcsnicmp (_String1="work", _String2="cmd ", _MaxCount=0x4) returned 20 [0226.976] malloc (_Size=0xffce) returned 0x8da710 [0226.977] GetProcessHeap () returned 0x560000 [0226.977] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x1ffa4) returned 0x58dc20 [0226.980] SetErrorMode (uMode=0x0) returned 0x0 [0226.980] SetErrorMode (uMode=0x1) returned 0x0 [0226.980] GetFullPathNameW (in: lpFileName=".", nBufferLength=0xffce, lpBuffer=0x58dc28, lpFilePart=0x19e62c | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0", lpFilePart=0x19e62c*="RarSFX0") returned 0x2c [0226.980] SetErrorMode (uMode=0x0) returned 0x1 [0226.980] GetProcessHeap () returned 0x560000 [0226.980] RtlReAllocateHeap (Heap=0x560000, Flags=0x0, Ptr=0x58dc20, Size=0x74) returned 0x58dc20 [0226.980] GetProcessHeap () returned 0x560000 [0226.980] RtlSizeHeap (HeapHandle=0x560000, Flags=0x0, MemoryPointer=0x58dc20) returned 0x74 [0226.980] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0xe8d590, nSize=0x2000 | out: lpBuffer="") returned 0xf0 [0226.980] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0226.982] GetProcessHeap () returned 0x560000 [0226.982] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x248) returned 0x573d78 [0226.982] GetProcessHeap () returned 0x560000 [0226.982] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x488) returned 0x573fc8 [0227.083] GetProcessHeap () returned 0x560000 [0227.083] RtlReAllocateHeap (Heap=0x560000, Flags=0x0, Ptr=0x573fc8, Size=0x24a) returned 0x573fc8 [0227.083] GetProcessHeap () returned 0x560000 [0227.083] RtlSizeHeap (HeapHandle=0x560000, Flags=0x0, MemoryPointer=0x573fc8) returned 0x24a [0227.083] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xe8d590, nSize=0x2000 | out: lpBuffer="") returned 0x35 [0227.083] GetProcessHeap () returned 0x560000 [0227.083] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0xe0) returned 0x574220 [0227.083] GetProcessHeap () returned 0x560000 [0227.084] RtlReAllocateHeap (Heap=0x560000, Flags=0x0, Ptr=0x574220, Size=0x76) returned 0x574220 [0227.084] GetProcessHeap () returned 0x560000 [0227.084] RtlSizeHeap (HeapHandle=0x560000, Flags=0x0, MemoryPointer=0x574220) returned 0x76 [0227.084] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0227.084] FindFirstFileExW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\work.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\work.exe"), fInfoLevelId=0x1, lpFindFileData=0x19e3d8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x19e3d8) returned 0x572f08 [0227.085] GetProcessHeap () returned 0x560000 [0227.085] RtlReAllocateHeap (Heap=0x560000, Flags=0x0, Ptr=0x564368, Size=0x4) returned 0x564368 [0227.085] FindClose (in: hFindFile=0x572f08 | out: hFindFile=0x572f08) returned 1 [0227.085] _wcsicmp (_String1=".exe", _String2=".CMD") returned 2 [0227.085] _wcsicmp (_String1=".exe", _String2=".BAT") returned 3 [0227.085] ??_V@YAXPAX@Z () returned 0x1 [0227.086] GetStartupInfoW (in: lpStartupInfo=0x19e970 | out: lpStartupInfo=0x19e970*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0227.086] InitializeProcThreadAttributeList (in: lpAttributeList=0x0, dwAttributeCount=0x2, dwFlags=0x0, lpSize=0x19e910 | out: lpAttributeList=0x0, lpSize=0x19e910) returned 0 [0227.086] GetLastError () returned 0x7a [0227.086] GetProcessHeap () returned 0x560000 [0227.086] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x2c) returned 0x573148 [0227.086] InitializeProcThreadAttributeList (in: lpAttributeList=0x573148, dwAttributeCount=0x2, dwFlags=0x0, lpSize=0x19e910 | out: lpAttributeList=0x573148, lpSize=0x19e910) returned 1 [0227.086] UpdateProcThreadAttribute (in: lpAttributeList=0x573148, dwFlags=0x0, Attribute=0x60001, lpValue=0x19e914, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x573148, lpPreviousValue=0x0) returned 1 [0227.086] CreateProcessW (in: lpApplicationName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\work.exe", lpCommandLine="work.exe -priverdD", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80410, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19e928*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x94, hStdOutput=0x98, hStdError=0x9c), lpProcessInformation=0x19e918 | out: lpCommandLine="work.exe -priverdD", lpProcessInformation=0x19e918*(hProcess=0x144, hThread=0x13c, dwProcessId=0xd60, dwThreadId=0x11b0)) returned 1 [0227.384] DeleteProcThreadAttributeList (in: lpAttributeList=0x573148 | out: lpAttributeList=0x573148) [0227.384] GetProcessHeap () returned 0x560000 [0227.384] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x573148) returned 1 [0227.384] GetLastError () returned 0x0 [0227.384] CloseHandle (hObject=0x13c) returned 1 [0227.385] CloseHandle (hObject=0x144) returned 1 [0227.385] ??_V@YAXPAX@Z () returned 0x1 [0227.385] ??_V@YAXPAX@Z () returned 0x1 [0227.385] ??_V@YAXPAX@Z () returned 0x1 [0227.386] ??_V@YAXPAX@Z () returned 0x1 [0227.386] ??_V@YAXPAX@Z () returned 0x1 [0227.387] ??_V@YAXPAX@Z () returned 0x1 [0227.387] ??_V@YAXPAX@Z () returned 0x1 [0227.388] ??_V@YAXPAX@Z () returned 0x1 [0227.390] ??_V@YAXPAX@Z () returned 0x1 [0227.391] _get_osfhandle (_FileHandle=1) returned 0x98 [0227.391] SetConsoleMode (hConsoleHandle=0x98, dwMode=0x7) returned 1 [0227.496] _get_osfhandle (_FileHandle=1) returned 0x98 [0227.496] GetConsoleMode (in: hConsoleHandle=0x98, lpMode=0xe915ac | out: lpMode=0xe915ac) returned 1 [0227.727] _get_osfhandle (_FileHandle=0) returned 0x94 [0227.727] GetConsoleMode (in: hConsoleHandle=0x94, lpMode=0xe915b0 | out: lpMode=0xe915b0) returned 1 [0227.878] SetConsoleInputExeNameW () returned 0x1 [0227.878] GetConsoleOutputCP () returned 0x1b5 [0227.999] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe9b9f0 | out: lpCPInfo=0xe9b9f0) returned 1 [0228.000] SetThreadUILanguage (LangId=0x0) returned 0x300409 [0228.097] ??_V@YAXPAX@Z () returned 0x1 [0228.099] CreateFileW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\1.bat" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\1.bat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x19f2e8, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0228.099] _open_osfhandle (_OSFileHandle=0x144, _Flags=8) returned 3 [0228.099] _get_osfhandle (_FileHandle=3) returned 0x144 [0228.099] SetFilePointer (in: hFile=0x144, lDistanceToMove=35, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x23 [0228.099] GetProcessHeap () returned 0x560000 [0228.100] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x574220) returned 1 [0228.100] GetProcessHeap () returned 0x560000 [0228.101] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x573fc8) returned 1 [0228.101] GetProcessHeap () returned 0x560000 [0228.102] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x573d78) returned 1 [0228.102] GetProcessHeap () returned 0x560000 [0228.103] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x58dc20) returned 1 [0228.103] GetProcessHeap () returned 0x560000 [0228.104] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x571cd8) returned 1 [0228.104] GetProcessHeap () returned 0x560000 [0228.104] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x573910) returned 1 [0228.104] GetProcessHeap () returned 0x560000 [0228.105] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x573260) returned 1 [0228.105] GetProcessHeap () returned 0x560000 [0228.105] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x573c98) returned 1 [0228.105] GetProcessHeap () returned 0x560000 [0228.105] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x5738b0) returned 1 [0228.106] _get_osfhandle (_FileHandle=3) returned 0x144 [0228.106] SetFilePointer (in: hFile=0x144, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x23 [0228.106] ReadFile (in: hFile=0x144, lpBuffer=0xe997f0, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f2ac, lpOverlapped=0x0 | out: lpBuffer=0xe997f0*, lpNumberOfBytesRead=0x19f2ac*=0x0, lpOverlapped=0x0) returned 1 [0228.106] GetLastError () returned 0x0 [0228.106] _get_osfhandle (_FileHandle=3) returned 0x144 [0228.106] GetFileType (hFile=0x144) returned 0x1 [0228.107] _get_osfhandle (_FileHandle=3) returned 0x144 [0228.107] SetFilePointer (in: hFile=0x144, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x23 [0228.107] GetProcessHeap () returned 0x560000 [0228.107] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x400a) returned 0x58dc20 [0228.107] GetProcessHeap () returned 0x560000 [0228.108] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x58dc20) returned 1 [0228.108] _get_osfhandle (_FileHandle=3) returned 0x144 [0228.108] SetFilePointer (in: hFile=0x144, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x23 [0228.108] ReadFile (in: hFile=0x144, lpBuffer=0xe997f0, nNumberOfBytesToRead=0x1fff, lpNumberOfBytesRead=0x19f2ac, lpOverlapped=0x0 | out: lpBuffer=0xe997f0*, lpNumberOfBytesRead=0x19f2ac*=0x0, lpOverlapped=0x0) returned 1 [0228.108] GetLastError () returned 0x0 [0228.109] _get_osfhandle (_FileHandle=3) returned 0x144 [0228.109] GetFileType (hFile=0x144) returned 0x1 [0228.109] _get_osfhandle (_FileHandle=3) returned 0x144 [0228.109] SetFilePointer (in: hFile=0x144, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x23 [0228.109] GetProcessHeap () returned 0x560000 [0228.109] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x400a) returned 0x58dc20 [0228.109] GetProcessHeap () returned 0x560000 [0228.110] RtlFreeHeap (HeapHandle=0x560000, Flags=0x0, BaseAddress=0x58dc20) returned 1 [0228.110] longjmp () [0228.110] _tell (_FileHandle=3) returned 35 [0228.110] _close (_FileHandle=3) returned 0 [0228.518] CmdBatNotificationStub () returned 0x1 [0228.518] ??_V@YAXPAX@Z () returned 0x1 [0228.520] ??_V@YAXPAX@Z () returned 0x1 [0228.520] _get_osfhandle (_FileHandle=1) returned 0x98 [0228.520] SetConsoleMode (hConsoleHandle=0x98, dwMode=0x7) returned 1 [0228.626] _get_osfhandle (_FileHandle=1) returned 0x98 [0228.627] GetConsoleMode (in: hConsoleHandle=0x98, lpMode=0xe915ac | out: lpMode=0xe915ac) returned 1 [0228.752] _get_osfhandle (_FileHandle=0) returned 0x94 [0228.752] GetConsoleMode (in: hConsoleHandle=0x94, lpMode=0xe915b0 | out: lpMode=0xe915b0) returned 1 [0228.842] SetConsoleInputExeNameW () returned 0x1 [0228.842] GetConsoleOutputCP () returned 0x1b5 [0228.912] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe9b9f0 | out: lpCPInfo=0xe9b9f0) returned 1 [0228.912] SetThreadUILanguage (LangId=0x0) returned 0x300409 [0228.919] exit (_Code=0) [0228.919] ??_V@YAXPAX@Z () returned 0x1 Thread: id = 102 os_tid = 0x1410 Process: id = "7" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x507d9000" os_pid = "0x1774" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x1758" cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\Windows" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001bd08" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1509 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1510 start_va = 0x30000 end_va = 0x4cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1511 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1512 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1513 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1514 start_va = 0x7ff5fffc0000 end_va = 0x7ff5fffc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffc0000" filename = "" Region: id = 1515 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 1516 start_va = 0x7ff722270000 end_va = 0x7ff722344fff monitored = 0 entry_point = 0x7ff72228e520 region_type = mapped_file name = "conhost.exe" filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe") Region: id = 1517 start_va = 0x7fffcca30000 end_va = 0x7fffccc23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1518 start_va = 0x7ff5fdfb0000 end_va = 0x7ff5fffb0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5fdfb0000" filename = "" Region: id = 1519 start_va = 0x7ff4fdf90000 end_va = 0x7ff5fdfaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff4fdf90000" filename = "" Region: id = 1520 start_va = 0x400000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1521 start_va = 0x7fffcb440000 end_va = 0x7fffcb4fcfff monitored = 0 entry_point = 0x7fffcb457070 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1522 start_va = 0x7fffca790000 end_va = 0x7fffcaa56fff monitored = 0 entry_point = 0x7fffca7a1bd0 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1523 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1524 start_va = 0x7ff4fde90000 end_va = 0x7ff4fdf8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff4fde90000" filename = "" Region: id = 1525 start_va = 0xd0000 end_va = 0x198fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1526 start_va = 0x7fffca560000 end_va = 0x7fffca5fcfff monitored = 0 entry_point = 0x7fffca575390 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 1527 start_va = 0x7fffca270000 end_va = 0x7fffca36ffff monitored = 0 entry_point = 0x7fffca285ac0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1528 start_va = 0x400000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1529 start_va = 0x520000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1530 start_va = 0x7fffcad80000 end_va = 0x7fffcae2dfff monitored = 0 entry_point = 0x7fffcadbb940 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1531 start_va = 0x7fffcb560000 end_va = 0x7fffcb5fdfff monitored = 0 entry_point = 0x7fffcb567850 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1532 start_va = 0x7fffcbb90000 end_va = 0x7fffcbee3fff monitored = 0 entry_point = 0x7fffcbc81d00 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1533 start_va = 0x7fffcc830000 end_va = 0x7fffcc952fff monitored = 0 entry_point = 0x7fffcc88da30 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1534 start_va = 0x7fffcb600000 end_va = 0x7fffcb6a9fff monitored = 0 entry_point = 0x7fffcb615470 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1535 start_va = 0x7fffcb2a0000 end_va = 0x7fffcb33afff monitored = 0 entry_point = 0x7fffcb2bc3e0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1536 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1537 start_va = 0x620000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 1538 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 1539 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1540 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 1541 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1542 start_va = 0x480000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1543 start_va = 0x7fffcb7a0000 end_va = 0x7fffcb93ffff monitored = 0 entry_point = 0x7fffcb7b7a10 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1544 start_va = 0x7fffca760000 end_va = 0x7fffca781fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\system32\\win32u.dll") Region: id = 1545 start_va = 0x7fffcc960000 end_va = 0x7fffcc989fff monitored = 0 entry_point = 0x7fffcc9648d0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1546 start_va = 0x7fffca370000 end_va = 0x7fffca479fff monitored = 0 entry_point = 0x7fffca3a1300 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\system32\\gdi32full.dll") Region: id = 1547 start_va = 0x1e0000 end_va = 0x1e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1548 start_va = 0x620000 end_va = 0x64dfff monitored = 0 entry_point = 0x6214d0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1549 start_va = 0x6d0000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 1550 start_va = 0x6e0000 end_va = 0x8dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 1551 start_va = 0x7fffcb940000 end_va = 0x7fffcb96ffff monitored = 0 entry_point = 0x7fffcb9414d0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 1552 start_va = 0x8e0000 end_va = 0xa60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 1553 start_va = 0xa70000 end_va = 0x1e70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 1554 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "conhost.exe.mui" filename = "\\Windows\\System32\\en-US\\Conhost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\conhost.exe.mui") Region: id = 1555 start_va = 0x7fffcc090000 end_va = 0x7fffcc7c0fff monitored = 0 entry_point = 0x7fffcc19e6e0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1556 start_va = 0x7fffc7c60000 end_va = 0x7fffc7cfefff monitored = 0 entry_point = 0x7fffc7c89120 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 1557 start_va = 0x1e80000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 1558 start_va = 0x2000000 end_va = 0x2337fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1559 start_va = 0x620000 end_va = 0x686fff monitored = 1 entry_point = 0x638f60 region_type = mapped_file name = "cmd.exe" filename = "\\Windows\\System32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe") Region: id = 1560 start_va = 0x690000 end_va = 0x6b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cmd.exe.mui" filename = "\\Windows\\System32\\en-US\\cmd.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\cmd.exe.mui") Region: id = 1561 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1562 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1563 start_va = 0x1e80000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 1564 start_va = 0x1ff0000 end_va = 0x1ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ff0000" filename = "" Region: id = 1565 start_va = 0x2340000 end_va = 0x253ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 1566 start_va = 0x2540000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002540000" filename = "" Region: id = 1567 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1568 start_va = 0x620000 end_va = 0x69ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000620000" filename = "" Region: id = 1569 start_va = 0x6a0000 end_va = 0x6a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 1570 start_va = 0x7fffcaa90000 end_va = 0x7fffcaba4fff monitored = 0 entry_point = 0x7fffcaaceb60 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 1571 start_va = 0x7fffcb350000 end_va = 0x7fffcb424fff monitored = 0 entry_point = 0x7fffcb36d190 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1572 start_va = 0x2940000 end_va = 0x2a67fff monitored = 0 entry_point = 0x2966140 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1573 start_va = 0x6b0000 end_va = 0x6b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 1574 start_va = 0x2940000 end_va = 0x2a21fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002940000" filename = "" Region: id = 1575 start_va = 0x6b0000 end_va = 0x6b3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006b0000" filename = "" Region: id = 1577 start_va = 0x2a30000 end_va = 0x2c28fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002a30000" filename = "" Region: id = 1578 start_va = 0x6c0000 end_va = 0x6c4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1579 start_va = 0x1f80000 end_va = 0x1f86fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 1580 start_va = 0x1f90000 end_va = 0x1f90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001f90000" filename = "" Region: id = 1581 start_va = 0x2c30000 end_va = 0x3121fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002c30000" filename = "" Region: id = 1582 start_va = 0x3130000 end_va = 0x438ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1583 start_va = 0x7fffc0700000 end_va = 0x7fffc07adfff monitored = 0 entry_point = 0x7fffc074b570 region_type = mapped_file name = "textshaping.dll" filename = "\\Windows\\System32\\TextShaping.dll" (normalized: "c:\\windows\\system32\\textshaping.dll") Region: id = 1584 start_va = 0x1fa0000 end_va = 0x1fa1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fa0000" filename = "" Region: id = 1585 start_va = 0x7fffb7b90000 end_va = 0x7fffb7e29fff monitored = 0 entry_point = 0x7fffb7c296c0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_b555e41d4684ddec\\comctl32.dll") Region: id = 1586 start_va = 0x1fb0000 end_va = 0x1fb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1587 start_va = 0x1fc0000 end_va = 0x1fc1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fc0000" filename = "" Region: id = 1588 start_va = 0x7fffc8010000 end_va = 0x7fffc803dfff monitored = 0 entry_point = 0x7fffc80142d0 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll") Region: id = 1589 start_va = 0x4390000 end_va = 0x44d4fff monitored = 0 entry_point = 0x43ea9b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 1590 start_va = 0x7fffc8120000 end_va = 0x7fffc8132fff monitored = 0 entry_point = 0x7fffc8123f60 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1591 start_va = 0x7fffca480000 end_va = 0x7fffca4fefff monitored = 0 entry_point = 0x7fffca4b73e0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1592 start_va = 0x1fb0000 end_va = 0x1fb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fb0000" filename = "" Region: id = 1593 start_va = 0x7fffc2e90000 end_va = 0x7fffc2f8bfff monitored = 0 entry_point = 0x7fffc2ecae50 region_type = mapped_file name = "textinputframework.dll" filename = "\\Windows\\System32\\TextInputFramework.dll" (normalized: "c:\\windows\\system32\\textinputframework.dll") Region: id = 1594 start_va = 0x7fffc7600000 end_va = 0x7fffc7959fff monitored = 0 entry_point = 0x7fffc7682d50 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll") Region: id = 1595 start_va = 0x7fffc7960000 end_va = 0x7fffc7a51fff monitored = 0 entry_point = 0x7fffc79b70f0 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll") Region: id = 1596 start_va = 0x7fffcc020000 end_va = 0x7fffcc08afff monitored = 0 entry_point = 0x7fffcc034300 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1597 start_va = 0x7fffc9000000 end_va = 0x7fffc9032fff monitored = 0 entry_point = 0x7fffc9006930 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1598 start_va = 0x7fffc6f30000 end_va = 0x7fffc7085fff monitored = 0 entry_point = 0x7fffc6f5b240 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1599 start_va = 0x4390000 end_va = 0x448ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004390000" filename = "" Region: id = 1600 start_va = 0x1fb0000 end_va = 0x1fb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fb0000" filename = "" Region: id = 1601 start_va = 0x7fffcbae0000 end_va = 0x7fffcbb87fff monitored = 0 entry_point = 0x7fffcbafd990 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1602 start_va = 0x1fd0000 end_va = 0x1fd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001fd0000" filename = "" Region: id = 1668 start_va = 0x4490000 end_va = 0x450ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004490000" filename = "" Thread: id = 95 os_tid = 0x1780 Thread: id = 96 os_tid = 0x178c Thread: id = 97 os_tid = 0x1790 Thread: id = 98 os_tid = 0x179c Thread: id = 99 os_tid = 0x17b0 Thread: id = 104 os_tid = 0x17ec Process: id = "8" image_name = "work.exe" filename = "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\work.exe" page_root = "0x37dad000" os_pid = "0xd60" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x1758" cmd_line = "work.exe -priverdD" cur_dir = "C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001bd08" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1628 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1629 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1630 start_va = 0x40000 end_va = 0x5cfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1631 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1632 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1633 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1634 start_va = 0xea0000 end_va = 0xf17fff monitored = 1 entry_point = 0xec0790 region_type = mapped_file name = "work.exe" filename = "\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\work.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\work.exe") Region: id = 1635 start_va = 0x77d40000 end_va = 0x77ee1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1636 start_va = 0x7ffa0000 end_va = 0x7ffa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffa0000" filename = "" Region: id = 1637 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1638 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1639 start_va = 0x7fff0000 end_va = 0xffffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1640 start_va = 0x7fffcca30000 end_va = 0x7fffccc23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1643 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1644 start_va = 0x1b0000 end_va = 0x1b2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1645 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1646 start_va = 0x7ff90000 end_va = 0x7ff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff90000" filename = "" Region: id = 1647 start_va = 0x7ff70000 end_va = 0x7ff80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff70000" filename = "" Region: id = 1648 start_va = 0x400000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1649 start_va = 0x7fffcc7d0000 end_va = 0x7fffcc828fff monitored = 0 entry_point = 0x7fffcc7e8ff0 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1650 start_va = 0x7fffcba50000 end_va = 0x7fffcbad2fff monitored = 0 entry_point = 0x7fffcba5fb00 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1651 start_va = 0x77d30000 end_va = 0x77d39fff monitored = 0 entry_point = 0x77d312e0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1652 start_va = 0x7ff60000 end_va = 0x7ff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff60000" filename = "" Region: id = 1653 start_va = 0x7ff50000 end_va = 0x7ff58fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ff50000" filename = "" Region: id = 1654 start_va = 0x400000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1655 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 1656 start_va = 0x75ce0000 end_va = 0x75dcffff monitored = 0 entry_point = 0x75cff5a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1657 start_va = 0x77580000 end_va = 0x77792fff monitored = 0 entry_point = 0x77694030 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1658 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1659 start_va = 0x7fe50000 end_va = 0x7ff4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007fe50000" filename = "" Region: id = 1660 start_va = 0x520000 end_va = 0x5e8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1661 start_va = 0x76ca0000 end_va = 0x76d3afff monitored = 0 entry_point = 0x76cd5a20 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1662 start_va = 0x76740000 end_va = 0x767bafff monitored = 0 entry_point = 0x76757800 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\SysWOW64\\msvcp_win.dll" (normalized: "c:\\windows\\syswow64\\msvcp_win.dll") Region: id = 1663 start_va = 0x77380000 end_va = 0x7749ffff monitored = 0 entry_point = 0x773ab170 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 1664 start_va = 0x5f0000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1665 start_va = 0x630000 end_va = 0x72ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 1666 start_va = 0x777e0000 end_va = 0x77a5ffff monitored = 0 entry_point = 0x7791a960 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1667 start_va = 0x75c20000 end_va = 0x75cd9fff monitored = 0 entry_point = 0x75c5a2c0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1669 start_va = 0x69640000 end_va = 0x697a6fff monitored = 0 entry_point = 0x696b7d30 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.207_none_429bd5ce8a90e9c8\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.207_none_429bd5ce8a90e9c8\\gdiplus.dll") Region: id = 1670 start_va = 0x77ad0000 end_va = 0x77b8efff monitored = 0 entry_point = 0x77b05ac0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1671 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1672 start_va = 0x769d0000 end_va = 0x76b63fff monitored = 0 entry_point = 0x76a09860 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1673 start_va = 0x77ab0000 end_va = 0x77ac7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\SysWOW64\\win32u.dll" (normalized: "c:\\windows\\syswow64\\win32u.dll") Region: id = 1674 start_va = 0x767c0000 end_va = 0x767e2fff monitored = 0 entry_point = 0x767c73c0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1675 start_va = 0x774a0000 end_va = 0x7757afff monitored = 0 entry_point = 0x774ffc10 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\SysWOW64\\gdi32full.dll" (normalized: "c:\\windows\\syswow64\\gdi32full.dll") Region: id = 1676 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1677 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 1678 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1679 start_va = 0x730000 end_va = 0x811fff monitored = 0 entry_point = 0x75c600 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1680 start_va = 0x730000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1681 start_va = 0x1f0000 end_va = 0x1f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1682 start_va = 0x730000 end_va = 0x752fff monitored = 0 entry_point = 0x734410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1683 start_va = 0x830000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 1684 start_va = 0x840000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 1685 start_va = 0x75ec0000 end_va = 0x75ee4fff monitored = 0 entry_point = 0x75ec4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1686 start_va = 0xa40000 end_va = 0xbc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a40000" filename = "" Region: id = 1687 start_va = 0xf20000 end_va = 0x2320fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000f20000" filename = "" Region: id = 1688 start_va = 0x752b0000 end_va = 0x752b7fff monitored = 0 entry_point = 0x752b1800 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1689 start_va = 0x2330000 end_va = 0x2667fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1690 start_va = 0x69630000 end_va = 0x6963efff monitored = 0 entry_point = 0x69635d70 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\SysWOW64\\sfc_os.dll" (normalized: "c:\\windows\\syswow64\\sfc_os.dll") Region: id = 1691 start_va = 0x73c00000 end_va = 0x73c20fff monitored = 0 entry_point = 0x73c0ca40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1692 start_va = 0x716e0000 end_va = 0x7170efff monitored = 0 entry_point = 0x716ebb00 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1693 start_va = 0x76070000 end_va = 0x76088fff monitored = 0 entry_point = 0x760793e0 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1694 start_va = 0x74e80000 end_va = 0x74ef3fff monitored = 0 entry_point = 0x74eb7550 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1695 start_va = 0x730000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000730000" filename = "" Region: id = 1696 start_va = 0x711a0000 end_va = 0x711c3fff monitored = 0 entry_point = 0x711a53d0 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1698 start_va = 0x73b90000 end_va = 0x73b99fff monitored = 0 entry_point = 0x73b92a60 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1699 start_va = 0x695b0000 end_va = 0x69629fff monitored = 0 entry_point = 0x69616d10 region_type = mapped_file name = "riched20.dll" filename = "\\Windows\\SysWOW64\\riched20.dll" (normalized: "c:\\windows\\syswow64\\riched20.dll") Region: id = 1700 start_va = 0x75ff0000 end_va = 0x76068fff monitored = 0 entry_point = 0x76001a00 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1701 start_va = 0x76c20000 end_va = 0x76c94fff monitored = 0 entry_point = 0x76c3f710 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1702 start_va = 0x69590000 end_va = 0x695a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1703 start_va = 0x69550000 end_va = 0x69580fff monitored = 0 entry_point = 0x69560ef0 region_type = mapped_file name = "msls31.dll" filename = "\\Windows\\SysWOW64\\msls31.dll" (normalized: "c:\\windows\\syswow64\\msls31.dll") Region: id = 1704 start_va = 0x77290000 end_va = 0x77372fff monitored = 0 entry_point = 0x772bc600 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1705 start_va = 0x758f0000 end_va = 0x758fefff monitored = 0 entry_point = 0x758f4830 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1706 start_va = 0x77230000 end_va = 0x7728bfff monitored = 0 entry_point = 0x77260900 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1707 start_va = 0x74f60000 end_va = 0x7516ffff monitored = 0 entry_point = 0x74fe4d70 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1_none_fd031af45b0106f2\\comctl32.dll") Region: id = 1708 start_va = 0x500000 end_va = 0x500fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1709 start_va = 0x730000 end_va = 0x731fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000730000" filename = "" Region: id = 1710 start_va = 0x810000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 1711 start_va = 0xbd0000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 1712 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 1713 start_va = 0x740000 end_va = 0x740fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000740000" filename = "" Region: id = 1714 start_va = 0x750000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1715 start_va = 0xbd0000 end_va = 0xccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bd0000" filename = "" Region: id = 1716 start_va = 0xd00000 end_va = 0xd0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 1717 start_va = 0x76090000 end_va = 0x76636fff monitored = 0 entry_point = 0x76209e50 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1718 start_va = 0x77b90000 end_va = 0x77c8efff monitored = 0 entry_point = 0x77be54d0 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1719 start_va = 0x71720000 end_va = 0x71727fff monitored = 0 entry_point = 0x71721dc0 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 1720 start_va = 0x75dd0000 end_va = 0x75ea1fff monitored = 0 entry_point = 0x75e1d9d0 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1721 start_va = 0x790000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1722 start_va = 0x76bd0000 end_va = 0x76c14fff monitored = 0 entry_point = 0x76be7870 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1723 start_va = 0x76640000 end_va = 0x766c6fff monitored = 0 entry_point = 0x76682d70 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1724 start_va = 0x70270000 end_va = 0x703dffff monitored = 0 entry_point = 0x702f1390 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 1725 start_va = 0xcd0000 end_va = 0xcebfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 1726 start_va = 0xd10000 end_va = 0xd2bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d10000" filename = "" Region: id = 1727 start_va = 0xd30000 end_va = 0xd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 1728 start_va = 0xd30000 end_va = 0xd3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d30000" filename = "" Region: id = 1729 start_va = 0xd40000 end_va = 0xd4ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d40000" filename = "" Region: id = 1730 start_va = 0xd50000 end_va = 0xd5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d50000" filename = "" Region: id = 1731 start_va = 0x820000 end_va = 0x820fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 1732 start_va = 0xcf0000 end_va = 0xcf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cf0000" filename = "" Region: id = 1733 start_va = 0xd60000 end_va = 0xe41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d60000" filename = "" Region: id = 1734 start_va = 0xcf0000 end_va = 0xcf3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cf0000" filename = "" Region: id = 1735 start_va = 0xd10000 end_va = 0xd14fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1736 start_va = 0xd20000 end_va = 0xd23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 1737 start_va = 0x2670000 end_va = 0x2770fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 1738 start_va = 0x2670000 end_va = 0x2b61fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002670000" filename = "" Region: id = 1739 start_va = 0xe50000 end_va = 0xe6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e50000" filename = "" Region: id = 1740 start_va = 0xe70000 end_va = 0xe70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e70000" filename = "" Region: id = 1741 start_va = 0x77c90000 end_va = 0x77d0dfff monitored = 0 entry_point = 0x77cfbd50 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1742 start_va = 0xe80000 end_va = 0xe80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e80000" filename = "" Region: id = 1743 start_va = 0xe90000 end_va = 0xe91fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e90000" filename = "" Region: id = 1744 start_va = 0x701e0000 end_va = 0x70261fff monitored = 0 entry_point = 0x701fb5b0 region_type = mapped_file name = "tiptsf.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\ink\\tiptsf.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tiptsf.dll") Region: id = 1745 start_va = 0x2b70000 end_va = 0x2b76fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b70000" filename = "" Region: id = 1746 start_va = 0x2b80000 end_va = 0x3ddffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 1747 start_va = 0x70140000 end_va = 0x701d4fff monitored = 0 entry_point = 0x701cfe80 region_type = mapped_file name = "textshaping.dll" filename = "\\Windows\\SysWOW64\\TextShaping.dll" (normalized: "c:\\windows\\syswow64\\textshaping.dll") Region: id = 1748 start_va = 0x3de0000 end_va = 0x3feafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003de0000" filename = "" Region: id = 1749 start_va = 0x3de0000 end_va = 0x3eeefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003de0000" filename = "" Region: id = 1751 start_va = 0x3de0000 end_va = 0x3de0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003de0000" filename = "" Region: id = 1752 start_va = 0x70810000 end_va = 0x708c8fff monitored = 0 entry_point = 0x7084fcd0 region_type = mapped_file name = "textinputframework.dll" filename = "\\Windows\\SysWOW64\\TextInputFramework.dll" (normalized: "c:\\windows\\syswow64\\textinputframework.dll") Region: id = 1753 start_va = 0x70590000 end_va = 0x7080dfff monitored = 0 entry_point = 0x705ee8f0 region_type = mapped_file name = "coreuicomponents.dll" filename = "\\Windows\\SysWOW64\\CoreUIComponents.dll" (normalized: "c:\\windows\\syswow64\\coreuicomponents.dll") Region: id = 1754 start_va = 0x704f0000 end_va = 0x7058afff monitored = 0 entry_point = 0x70550d90 region_type = mapped_file name = "coremessaging.dll" filename = "\\Windows\\SysWOW64\\CoreMessaging.dll" (normalized: "c:\\windows\\syswow64\\coremessaging.dll") Region: id = 1755 start_va = 0x766d0000 end_va = 0x76732fff monitored = 0 entry_point = 0x766d4b40 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1756 start_va = 0x704c0000 end_va = 0x704e8fff monitored = 0 entry_point = 0x704c7e90 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 1757 start_va = 0x71ce0000 end_va = 0x71dbcfff monitored = 0 entry_point = 0x71d57530 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 1758 start_va = 0x3de0000 end_va = 0x3de3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003de0000" filename = "" Region: id = 1759 start_va = 0x3df0000 end_va = 0x3e00fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 1760 start_va = 0x3e10000 end_va = 0x401cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e10000" filename = "" Region: id = 1761 start_va = 0x3e10000 end_va = 0x3f16fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e10000" filename = "" Region: id = 1762 start_va = 0x3e10000 end_va = 0x3f14fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e10000" filename = "" Region: id = 1763 start_va = 0x3e10000 end_va = 0x3e10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003e10000" filename = "" Region: id = 1764 start_va = 0x733d0000 end_va = 0x739d2fff monitored = 0 entry_point = 0x735aae30 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1765 start_va = 0x733a0000 end_va = 0x733c2fff monitored = 0 entry_point = 0x733a8580 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\SysWOW64\\wldp.dll" (normalized: "c:\\windows\\syswow64\\wldp.dll") Region: id = 1766 start_va = 0x71e80000 end_va = 0x71f41fff monitored = 0 entry_point = 0x71ee09b0 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 1767 start_va = 0x3e20000 end_va = 0x3e23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1768 start_va = 0x3e30000 end_va = 0x3e78fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000001.db") Region: id = 1769 start_va = 0x3e80000 end_va = 0x3e83fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1770 start_va = 0x3e90000 end_va = 0x3f2bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1771 start_va = 0x3f30000 end_va = 0x3f3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1772 start_va = 0x3f40000 end_va = 0x3f43fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1773 start_va = 0x3f50000 end_va = 0x3f63fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000006.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000006.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000006.db") Region: id = 1774 start_va = 0x3f40000 end_va = 0x3f40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003f40000" filename = "" Region: id = 1775 start_va = 0x72f20000 end_va = 0x72f37fff monitored = 0 entry_point = 0x72f2a250 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1776 start_va = 0x3f70000 end_va = 0x3faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f70000" filename = "" Region: id = 1777 start_va = 0x3fb0000 end_va = 0x40affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003fb0000" filename = "" Region: id = 1778 start_va = 0x777a0000 end_va = 0x777dafff monitored = 0 entry_point = 0x777ad450 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1779 start_va = 0x71e60000 end_va = 0x71e7afff monitored = 0 entry_point = 0x71e647c0 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 1780 start_va = 0x40b0000 end_va = 0x40effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040b0000" filename = "" Region: id = 1781 start_va = 0x40f0000 end_va = 0x41effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000040f0000" filename = "" Region: id = 1782 start_va = 0x41f0000 end_va = 0x422ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041f0000" filename = "" Region: id = 1783 start_va = 0x4230000 end_va = 0x432ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004230000" filename = "" Region: id = 1784 start_va = 0x4330000 end_va = 0x436ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004330000" filename = "" Region: id = 1785 start_va = 0x4370000 end_va = 0x446ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004370000" filename = "" Region: id = 1786 start_va = 0x4470000 end_va = 0x4471fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004470000" filename = "" Region: id = 1788 start_va = 0x4480000 end_va = 0x4480fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004480000" filename = "" Region: id = 1789 start_va = 0x4490000 end_va = 0x4490fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004490000" filename = "" Region: id = 1790 start_va = 0x71dc0000 end_va = 0x71e52fff monitored = 0 entry_point = 0x71e3cac0 region_type = mapped_file name = "windows.staterepositoryps.dll" filename = "\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll" (normalized: "c:\\windows\\syswow64\\windows.staterepositoryps.dll") Region: id = 1791 start_va = 0x739e0000 end_va = 0x73b87fff monitored = 0 entry_point = 0x73a61b70 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 1792 start_va = 0x75950000 end_va = 0x75b79fff monitored = 0 entry_point = 0x75b094e0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 1793 start_va = 0x4470000 end_va = 0x4470fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004470000" filename = "" Region: id = 1794 start_va = 0x71c70000 end_va = 0x71cdffff monitored = 0 entry_point = 0x71cc7c50 region_type = mapped_file name = "appresolver.dll" filename = "\\Windows\\SysWOW64\\AppResolver.dll" (normalized: "c:\\windows\\syswow64\\appresolver.dll") Region: id = 1795 start_va = 0x71c20000 end_va = 0x71c67fff monitored = 0 entry_point = 0x71c3ea70 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\SysWOW64\\BCP47Langs.dll" (normalized: "c:\\windows\\syswow64\\bcp47langs.dll") Region: id = 1796 start_va = 0x71c00000 end_va = 0x71c1efff monitored = 0 entry_point = 0x71c02200 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 1797 start_va = 0x75280000 end_va = 0x752a4fff monitored = 0 entry_point = 0x75288820 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1798 start_va = 0x71be0000 end_va = 0x71bfbfff monitored = 0 entry_point = 0x71be7970 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\SysWOW64\\sppc.dll" (normalized: "c:\\windows\\syswow64\\sppc.dll") Region: id = 1799 start_va = 0x44a0000 end_va = 0x44a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.3.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db") Region: id = 1800 start_va = 0x44b0000 end_va = 0x44c1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001b.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000001b.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.3.ver0x000000000000001b.db") Region: id = 1801 start_va = 0x44d0000 end_va = 0x44d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.3.db" filename = "\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.3.db" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\caches\\cversions.3.db") Region: id = 1802 start_va = 0x71ba0000 end_va = 0x71bdcfff monitored = 0 entry_point = 0x71bd0280 region_type = mapped_file name = "onecorecommonproxystub.dll" filename = "\\Windows\\SysWOW64\\OneCoreCommonProxyStub.dll" (normalized: "c:\\windows\\syswow64\\onecorecommonproxystub.dll") Region: id = 1803 start_va = 0x71800000 end_va = 0x71b9cfff monitored = 0 entry_point = 0x71b179e0 region_type = mapped_file name = "onecoreuapcommonproxystub.dll" filename = "\\Windows\\SysWOW64\\OneCoreUAPCommonProxyStub.dll" (normalized: "c:\\windows\\syswow64\\onecoreuapcommonproxystub.dll") Region: id = 1804 start_va = 0x75b80000 end_va = 0x75c1efff monitored = 0 entry_point = 0x75bb85c0 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1805 start_va = 0x7fa70000 end_va = 0x7fe4cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1822 start_va = 0x70120000 end_va = 0x70130fff monitored = 0 entry_point = 0x701258f0 region_type = mapped_file name = "pcacli.dll" filename = "\\Windows\\SysWOW64\\pcacli.dll" (normalized: "c:\\windows\\syswow64\\pcacli.dll") Region: id = 1823 start_va = 0x70100000 end_va = 0x70118fff monitored = 0 entry_point = 0x70103540 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Thread: id = 106 os_tid = 0x11b0 [0228.412] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0228.413] LoadLibraryExW (lpLibFileName="?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÄAw Ðþ\x19", cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0228.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÄAw Ðþ\x19", cbMultiByte=256, lpWideCharStr=0x19f518, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0228.683] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x19f794 | out: lpCharType=0x19f794) returned 1 [0228.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÄAw Ðþ\x19", cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0228.683] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÄAw Ðþ\x19", cbMultiByte=256, lpWideCharStr=0x19f4c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0228.683] LoadLibraryExW (lpLibFileName="?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0228.684] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpDestStr=0x19f2b8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0228.684] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchWideChar=256, lpMultiByteStr=0x19fc94, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÄAw Ðþ\x19", lpUsedDefaultChar=0x0) returned 256 [0228.684] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÄAw Ðþ\x19", cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0228.684] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÄAw Ðþ\x19", cbMultiByte=256, lpWideCharStr=0x19f4e8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ") returned 256 [0228.684] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x0, cchDest=0, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=0x0) returned 256 [0228.684] LCMapStringEx (in: lpLocaleName=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿȈ", cchSrc=256, lpDestStr=0x19f2d8, cchDest=256, lpVersionInformation=0x0, lpReserved=0x0, lParam=0x0 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ") returned 256 [0228.684] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸȈ", cchWideChar=256, lpMultiByteStr=0x19fb94, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÄAw Ðþ\x19", lpUsedDefaultChar=0x0) returned 256 [0228.685] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x80) returned 0x408e60 [0228.685] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xf04160, nSize=0x104 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\work.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\work.exe")) returned 0x35 [0228.685] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1f) returned 0x405558 [0228.685] RtlInitializeSListHead (in: ListHead=0xf03d68 | out: ListHead=0xf03d68) [0228.685] GetLastError () returned 0x0 [0228.685] SetLastError (dwErrCode=0x0) [0228.685] GetEnvironmentStringsW () returned 0x412750* [0228.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=C:=C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0", cchWideChar=1778, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1778 [0228.685] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x6f2) returned 0x413540 [0228.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=C:=C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0", cchWideChar=1778, lpMultiByteStr=0x413540, cbMultiByte=1778, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=C:=C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0", lpUsedDefaultChar=0x0) returned 1778 [0228.685] FreeEnvironmentStringsW (penv=0x412750) returned 1 [0228.685] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0xb0) returned 0x404848 [0228.685] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1f) returned 0x405580 [0228.685] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x2b) returned 0x40c828 [0228.685] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x2c) returned 0x40c860 [0228.685] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x37) returned 0x4045e8 [0228.685] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x3c) returned 0x412b68 [0228.685] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x31) returned 0x404b10 [0228.685] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x18) returned 0x404900 [0228.685] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x24) returned 0x404628 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x32) returned 0x405300 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0xd) returned 0x408548 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1a) returned 0x404b50 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x2e) returned 0x40cb38 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x19) returned 0x405340 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x17) returned 0x4004c8 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x25) returned 0x4004e8 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0xe) returned 0x408518 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0xf6) returned 0x404388 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x3e) returned 0x412bf8 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1b) returned 0x404488 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1d) returned 0x400518 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x48) returned 0x405398 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x12) returned 0x4131e0 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x18) returned 0x4132c0 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1b) returned 0x4053e8 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x24) returned 0x413f08 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x29) returned 0x40c908 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1e) returned 0x414368 [0228.686] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0xc) returned 0x408650 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x6b) returned 0x404950 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x17) returned 0x412fc0 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x38) returned 0x404688 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x36) returned 0x4046c8 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x8) returned 0x40bf30 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x21) returned 0x413f38 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0xf) returned 0x408668 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x16) returned 0x413300 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x2a) returned 0x40c7f0 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x29) returned 0x40cb70 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x16) returned 0x4130c0 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x25) returned 0x413c68 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x13) returned 0x412fa0 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x1f) returned 0x4140e8 [0228.687] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x12) returned 0x413240 [0228.688] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x413540 | out: hHeap=0x400000) returned 1 [0228.690] QueryPerformanceFrequency (in: lpFrequency=0x19ff10 | out: lpFrequency=0x19ff10*=100000000) returned 1 [0228.690] QueryPerformanceCounter (in: lpPerformanceCount=0x19ff08 | out: lpPerformanceCount=0x19ff08*=2719644301743) returned 1 [0228.690] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x8, Size=0x800) returned 0x413360 [0228.690] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0228.690] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xec0bb0) returned 0x0 [0228.691] GetCPInfo (in: CodePage=0x0, lpCPInfo=0x19fefc | out: lpCPInfo=0x19fefc) returned 1 [0228.698] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x414898 [0228.701] GetCurrentProcess () returned 0xffffffff [0228.701] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x19fed0, lpSystemAffinityMask=0x19fecc | out: lpProcessAffinityMask=0x19fed0, lpSystemAffinityMask=0x19fecc) returned 1 [0228.701] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x414ca0 [0228.701] GetCurrentProcess () returned 0xffffffff [0228.701] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x19fed0, lpSystemAffinityMask=0x19fecc | out: lpProcessAffinityMask=0x19fed0, lpSystemAffinityMask=0x19fecc) returned 1 [0228.702] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x4150a8 [0228.702] GetStartupInfoW (in: lpStartupInfo=0x19fef0 | out: lpStartupInfo=0x19fef0*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\work.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0228.704] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0228.704] GetProcAddress (hModule=0x75ce0000, lpProcName="SetDllDirectoryW") returned 0x75d01f50 [0228.707] SetDllDirectoryW (lpPathName="") returned 1 [0228.707] GetProcAddress (hModule=0x75ce0000, lpProcName="SetDefaultDllDirectories") returned 0x7772f4f0 [0228.707] SetDefaultDllDirectories (DirectoryFlags=0x800) returned 1 [0228.707] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x194d6c, nSize=0x800 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\work.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\work.exe")) returned 0x35 [0228.707] GetVersionExW (in: lpVersionInformation=0x19493c*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xeb1be5, dwMinorVersion=0x402e90, dwBuildNumber=0x9, dwPlatformId=0x0, szCSDVersion="睲㈰@䴈í붘@") | out: lpVersionInformation=0x19493c*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x4a61, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0228.707] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0228.708] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\version.dll") returned 0x752b0000 [0228.711] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="version.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0228.716] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0228.716] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\DXGIDebug.dll") returned 0x0 [0228.716] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\DXGIDebug.dll" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\dxgidebug.dll")) returned 0xffffffff [0228.716] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0228.716] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\sfc_os.dll") returned 0x69630000 [0228.721] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="sfc_os.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0228.721] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0228.721] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\SSPICLI.DLL") returned 0x73c00000 [0228.725] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="SSPICLI.DLL", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0228.725] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0228.726] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\rsaenh.dll") returned 0x716e0000 [0228.734] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="rsaenh.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0228.734] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0228.734] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\UXTheme.dll") returned 0x74e80000 [0228.743] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="UXTheme.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 3 [0228.743] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0228.743] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\dwmapi.dll") returned 0x711a0000 [0228.749] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="dwmapi.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 1 [0228.749] GetSystemDirectoryW (in: lpBuffer=0x193a4c, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0228.749] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\cryptbase.dll") returned 0x73b90000 [0228.808] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="cryptbase.dll", cchCount1=-1, lpString2="DXGIDebug.dll", cchCount2=-1) returned 1 [0228.808] GetCurrentDirectoryW (in: nBufferLength=0x800, lpBuffer=0xef1890 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0") returned 0x2c [0228.808] GetSystemDirectoryW (in: lpBuffer=0x19ee04, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0228.808] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\riched20.dll") returned 0x695b0000 [0228.831] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75ce0000 [0228.831] GetProcAddress (hModule=0x75ce0000, lpProcName="AcquireSRWLockExclusive") returned 0x77d8a150 [0228.831] GetProcAddress (hModule=0x75ce0000, lpProcName="ReleaseSRWLockExclusive") returned 0x77d8a2f0 [0228.831] VirtualQuery (in: lpAddress=0xf05000, lpBuffer=0x19fd64, dwLength=0x1c | out: lpBuffer=0x19fd64*(BaseAddress=0xf05000, AllocationBase=0xea0000, AllocationProtect=0x80, RegionSize=0x13000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0228.831] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0228.832] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x77290000 [0228.839] GetProcAddress (hModule=0x77290000, lpProcName="OleInitialize") returned 0x772b3740 [0228.840] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fda4 | out: lpflOldProtect=0x19fda4*=0x4) returned 1 [0228.840] OleInitialize (pvReserved=0x0) returned 0x0 [0228.950] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0228.951] LoadLibraryExA (lpLibFileName="COMCTL32.dll", hFile=0x0, dwFlags=0x0) returned 0x74f60000 [0228.965] GetProcAddress (hModule=0x74f60000, lpProcName="InitCommonControlsEx") returned 0x74fb2c50 [0228.965] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fda4 | out: lpflOldProtect=0x19fda4*=0x4) returned 1 [0228.965] InitCommonControlsEx (picce=0x19fe28) returned 1 [0228.969] GdiplusStartup (in: token=0x19fe30, input=0x19fe18, output=0x0 | out: token=0x19fe30, output=0x0) returned 0x0 [0228.976] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0228.976] LoadLibraryExA (lpLibFileName="SHELL32.dll", hFile=0x0, dwFlags=0x0) returned 0x76090000 [0228.985] GetProcAddress (hModule=0x76090000, lpProcName="SHGetMalloc") returned 0x76205f60 [0228.986] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fda4 | out: lpflOldProtect=0x19fda4*=0x4) returned 1 [0228.986] SHGetMalloc (in: ppMalloc=0xeea460 | out: ppMalloc=0xeea460*=0x77a1fec4) returned 0x0 [0228.989] GetCommandLineW () returned="work.exe -priverdD" [0228.989] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0228.990] LoadLibraryExA (lpLibFileName="USER32.dll", hFile=0x0, dwFlags=0x0) returned 0x769d0000 [0228.990] GetProcAddress (hModule=0x769d0000, lpProcName="CharUpperW") returned 0x76a0c8c0 [0228.990] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19ddb4 | out: lpflOldProtect=0x19ddb4*=0x4) returned 1 [0228.990] GetSystemDirectoryW (in: lpBuffer=0x19cdc8, uSize=0x800 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0228.991] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\Crypt32.dll") returned 0x77b90000 [0228.997] GetProcAddress (hModule=0x77b90000, lpProcName="CryptProtectMemory") returned 0x71721d60 [0229.120] GetProcAddress (hModule=0x77b90000, lpProcName="CryptUnprotectMemory") returned 0x71721d90 [0229.120] CryptProtectMemory (in: pDataIn=0x414898, cbDataIn=0x400, dwFlags=0x0 | out: pDataIn=0x414898) returned 1 [0229.121] SetEnvironmentVariableW (lpName="sfxcmd", lpValue="work.exe -priverdD") returned 1 [0229.121] SetEnvironmentVariableW (lpName="sfxpar", lpValue="-priverdD") returned 1 [0229.121] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xf00cc0, nSize=0x800 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\work.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\work.exe")) returned 0x35 [0229.121] SetEnvironmentVariableW (lpName="sfxname", lpValue="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\work.exe") returned 1 [0229.121] GetLocalTime (in: lpSystemTime=0x19fe4c | out: lpSystemTime=0x19fe4c*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0xb, wMinute=0x28, wSecond=0xc, wMilliseconds=0x3b3)) [0229.121] GetLastError () returned 0x0 [0229.121] SetLastError (dwErrCode=0x0) [0229.121] SetEnvironmentVariableW (lpName="sfxstime", lpValue="2024-04-06-11-40-12-947") returned 1 [0229.122] GetModuleHandleW (lpModuleName=0x0) returned 0xea0000 [0229.122] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.122] GetProcAddress (hModule=0x769d0000, lpProcName="LoadIconW") returned 0x76a0d0d0 [0229.122] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fdcc | out: lpflOldProtect=0x19fdcc*=0x4) returned 1 [0229.123] LoadIconW (hInstance=0xea0000, lpIconName=0x64) returned 0x4037b [0229.312] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.312] GetProcAddress (hModule=0x769d0000, lpProcName="LoadBitmapW") returned 0x769f8430 [0229.312] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fda4 | out: lpflOldProtect=0x19fda4*=0x4) returned 1 [0229.312] LoadBitmapW (hInstance=0xea0000, lpBitmapName=0x65) returned 0x0 [0229.312] FindResourceW (hModule=0xea0000, lpName=0x65, lpType="PNG") returned 0xf06400 [0229.312] SizeofResource (hModule=0xea0000, hResInfo=0xf06400) returned 0xb45 [0229.313] LoadResource (hModule=0xea0000, hResInfo=0xf06400) returned 0xf06644 [0229.313] LockResource (hResData=0xf06644) returned 0xf06644 [0229.313] GlobalLock (hMem=0x790004) returned 0x423bd0 [0229.313] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.320] GetProcAddress (hModule=0x77290000, lpProcName="CreateStreamOnHGlobal") returned 0x7786c4d0 [0229.320] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fd80 | out: lpflOldProtect=0x19fd80*=0x4) returned 1 [0229.321] CreateStreamOnHGlobal (in: hGlobal=0x790004, fDeleteOnRelease=0, ppstm=0x19fe04 | out: ppstm=0x19fe04*=0x421f38) returned 0x0 [0229.321] GdipAlloc (size=0x10) returned 0xd012b0 [0229.321] GdipCreateBitmapFromStream (stream=0x421f38, bitmap=0x19fdcc) returned 0x0 [0229.350] IUnknown:Release (This=0x421f38) returned 0x2 [0229.350] GdipCreateHBITMAPFromBitmap (bitmap=0xd012c8, hbmReturn=0x19fe08, background=0xffffff) returned 0x0 [0229.360] GdipDisposeImage (image=0xd012c8) returned 0x0 [0229.414] GdipFree (ptr=0xd012b0) [0229.414] GlobalUnlock (hMem=0x790004) returned 0 [0229.415] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.415] LoadLibraryExA (lpLibFileName="GDI32.dll", hFile=0x0, dwFlags=0x0) returned 0x767c0000 [0229.416] GetProcAddress (hModule=0x767c0000, lpProcName="GetObjectW") returned 0x767c6ca0 [0229.458] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fda0 | out: lpflOldProtect=0x19fda0*=0x4) returned 1 [0229.458] GetObjectW (in: h=0x6f0508b1, c=24, pv=0x19fe1c | out: pv=0x19fe1c) returned 24 [0229.458] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.459] GetProcAddress (hModule=0x769d0000, lpProcName="GetDC") returned 0x76a0b780 [0229.459] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fd94 | out: lpflOldProtect=0x19fd94*=0x4) returned 1 [0229.459] GetDC (hWnd=0x0) returned 0x120108c2 [0229.466] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.467] GetProcAddress (hModule=0x767c0000, lpProcName="GetDeviceCaps") returned 0x767c5f10 [0229.467] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fd90 | out: lpflOldProtect=0x19fd90*=0x4) returned 1 [0229.468] GetDeviceCaps (hdc=0x120108c2, index=88) returned 96 [0229.468] GetDeviceCaps (hdc=0x120108c2, index=90) returned 96 [0229.468] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.469] GetProcAddress (hModule=0x769d0000, lpProcName="ReleaseDC") returned 0x76a0b120 [0229.469] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fd90 | out: lpflOldProtect=0x19fd90*=0x4) returned 1 [0229.469] ReleaseDC (hWnd=0x0, hDC=0x120108c2) returned 1 [0229.472] CreateFileW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\work.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\work.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x248 [0229.472] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x80) returned 0x422930 [0229.472] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x80) returned 0x423bd0 [0229.472] RtlReAllocateHeap (Heap=0x400000, Flags=0x0, Ptr=0x422930, Size=0x120) returned 0x423c58 [0229.472] RtlReAllocateHeap (Heap=0x400000, Flags=0x0, Ptr=0x423bd0, Size=0x120) returned 0x423d80 [0229.473] RtlReAllocateHeap (Heap=0x400000, Flags=0x0, Ptr=0x423c58, Size=0x1e8) returned 0x423ea8 [0229.473] RtlReAllocateHeap (Heap=0x400000, Flags=0x0, Ptr=0x423d80, Size=0x1e8) returned 0x424098 [0229.473] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x0 [0229.473] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.474] SetFilePointer (in: hFile=0x248, lDistanceToMove=8176, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x1ff0 [0229.474] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x1ff0 [0229.474] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.474] SetFilePointer (in: hFile=0x248, lDistanceToMove=16352, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x3fe0 [0229.474] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x3fe0 [0229.474] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.474] SetFilePointer (in: hFile=0x248, lDistanceToMove=24528, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x5fd0 [0229.474] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x5fd0 [0229.474] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.474] SetFilePointer (in: hFile=0x248, lDistanceToMove=32704, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x7fc0 [0229.474] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x7fc0 [0229.475] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.475] SetFilePointer (in: hFile=0x248, lDistanceToMove=40880, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x9fb0 [0229.475] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x9fb0 [0229.475] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.475] SetFilePointer (in: hFile=0x248, lDistanceToMove=49056, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0xbfa0 [0229.475] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0xbfa0 [0229.475] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.475] SetFilePointer (in: hFile=0x248, lDistanceToMove=57232, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0xdf90 [0229.475] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0xdf90 [0229.475] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.475] SetFilePointer (in: hFile=0x248, lDistanceToMove=65408, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0xff80 [0229.475] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0xff80 [0229.476] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.476] SetFilePointer (in: hFile=0x248, lDistanceToMove=73584, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x11f70 [0229.476] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x11f70 [0229.476] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.476] SetFilePointer (in: hFile=0x248, lDistanceToMove=81760, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x13f60 [0229.476] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x13f60 [0229.476] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.476] SetFilePointer (in: hFile=0x248, lDistanceToMove=89936, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x15f50 [0229.476] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x15f50 [0229.476] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.476] SetFilePointer (in: hFile=0x248, lDistanceToMove=98112, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x17f40 [0229.476] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x17f40 [0229.477] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.477] SetFilePointer (in: hFile=0x248, lDistanceToMove=106288, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x19f30 [0229.477] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x19f30 [0229.477] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.477] SetFilePointer (in: hFile=0x248, lDistanceToMove=114464, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x1bf20 [0229.477] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x1bf20 [0229.477] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.477] SetFilePointer (in: hFile=0x248, lDistanceToMove=122640, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x1df10 [0229.477] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x1df10 [0229.477] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.477] SetFilePointer (in: hFile=0x248, lDistanceToMove=130816, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x1ff00 [0229.477] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x1ff00 [0229.478] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.478] SetFilePointer (in: hFile=0x248, lDistanceToMove=138992, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x21ef0 [0229.478] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x21ef0 [0229.478] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.478] SetFilePointer (in: hFile=0x248, lDistanceToMove=147168, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x23ee0 [0229.478] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x23ee0 [0229.478] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.478] SetFilePointer (in: hFile=0x248, lDistanceToMove=155344, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x25ed0 [0229.478] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x25ed0 [0229.478] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.478] SetFilePointer (in: hFile=0x248, lDistanceToMove=163520, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x27ec0 [0229.479] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x27ec0 [0229.479] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.479] SetFilePointer (in: hFile=0x248, lDistanceToMove=171696, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x29eb0 [0229.479] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x29eb0 [0229.479] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.479] SetFilePointer (in: hFile=0x248, lDistanceToMove=179872, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x2bea0 [0229.479] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x2bea0 [0229.479] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.479] SetFilePointer (in: hFile=0x248, lDistanceToMove=188048, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x2de90 [0229.479] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x2de90 [0229.479] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.479] SetFilePointer (in: hFile=0x248, lDistanceToMove=196224, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x2fe80 [0229.480] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x2fe80 [0229.480] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.480] SetFilePointer (in: hFile=0x248, lDistanceToMove=204400, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x31e70 [0229.480] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x31e70 [0229.480] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.480] SetFilePointer (in: hFile=0x248, lDistanceToMove=212576, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x33e60 [0229.480] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x33e60 [0229.480] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.480] SetFilePointer (in: hFile=0x248, lDistanceToMove=220752, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x35e50 [0229.480] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x35e50 [0229.480] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.480] SetFilePointer (in: hFile=0x248, lDistanceToMove=228928, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x37e40 [0229.481] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x37e40 [0229.481] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.481] SetFilePointer (in: hFile=0x248, lDistanceToMove=237104, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x39e30 [0229.481] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x39e30 [0229.481] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.481] SetFilePointer (in: hFile=0x248, lDistanceToMove=245280, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x3be20 [0229.481] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x3be20 [0229.481] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.481] SetFilePointer (in: hFile=0x248, lDistanceToMove=253456, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x3de10 [0229.481] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x3de10 [0229.481] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.481] SetFilePointer (in: hFile=0x248, lDistanceToMove=261632, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x3fe00 [0229.482] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x3fe00 [0229.482] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.482] SetFilePointer (in: hFile=0x248, lDistanceToMove=269808, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x41df0 [0229.482] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x41df0 [0229.483] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.483] SetFilePointer (in: hFile=0x248, lDistanceToMove=277984, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x43de0 [0229.483] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x43de0 [0229.483] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.483] SetFilePointer (in: hFile=0x248, lDistanceToMove=286160, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x45dd0 [0229.483] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x45dd0 [0229.483] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.483] SetFilePointer (in: hFile=0x248, lDistanceToMove=294336, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x47dc0 [0229.483] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x47dc0 [0229.483] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.483] SetFilePointer (in: hFile=0x248, lDistanceToMove=302512, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x49db0 [0229.483] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x49db0 [0229.484] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.484] SetFilePointer (in: hFile=0x248, lDistanceToMove=310688, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x4bda0 [0229.484] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x4bda0 [0229.484] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.484] SetFilePointer (in: hFile=0x248, lDistanceToMove=318864, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x4dd90 [0229.484] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x4dd90 [0229.484] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.484] SetFilePointer (in: hFile=0x248, lDistanceToMove=327040, lpDistanceToMoveHigh=0x19ab80*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x19ab80*=0) returned 0x4fd80 [0229.484] SetFilePointer (in: hFile=0x248, lDistanceToMove=0, lpDistanceToMoveHigh=0x19bba4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x19bba4*=0) returned 0x4fd80 [0229.484] ReadFile (in: hFile=0x248, lpBuffer=0x19dbfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x19bb70, lpOverlapped=0x0 | out: lpBuffer=0x19dbfc*, lpNumberOfBytesRead=0x19bb70*=0x2000, lpOverlapped=0x0) returned 1 [0229.484] CloseHandle (hObject=0x248) returned 1 [0229.485] GetModuleHandleW (lpModuleName=0x0) returned 0xea0000 [0229.485] FindResourceW (hModule=0xea0000, lpName="RTL", lpType=0x5) returned 0x0 [0229.485] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xc) returned 0x415e28 [0229.485] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xc) returned 0x415fc0 [0229.485] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.485] GetProcAddress (hModule=0x769d0000, lpProcName="DialogBoxParamW") returned 0x76a2b380 [0229.486] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19fdc0 | out: lpflOldProtect=0x19fdc0*=0x4) returned 1 [0229.486] DialogBoxParamW (hInstance=0xea0000, lpTemplateName="STARTDLG", hWndParent=0x0, lpDialogFunc=0xebc9d0, dwInitParam=0x0) [0229.685] GetLastError () returned 0x0 [0229.685] SetLastError (dwErrCode=0x0) [0229.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="$STARTDLG:", cchWideChar=-1, lpMultiByteStr=0x1907dc, cbMultiByte=80, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$STARTDLG:", lpUsedDefaultChar=0x0) returned 11 [0229.685] GetLastError () returned 0x0 [0229.685] SetLastError (dwErrCode=0x0) [0229.686] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="$STARTDLG:SIZE", cchWideChar=-1, lpMultiByteStr=0x1902fc, cbMultiByte=80, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$STARTDLG:SIZE", lpUsedDefaultChar=0x0) returned 15 [0229.686] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.686] GetProcAddress (hModule=0x769d0000, lpProcName="GetWindowRect") returned 0x76a01b80 [0229.687] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19070c | out: lpflOldProtect=0x19070c*=0x4) returned 1 [0229.687] GetWindowRect (in: hWnd=0xb0064, lpRect=0x1907a8 | out: lpRect=0x1907a8) returned 1 [0229.687] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.687] GetProcAddress (hModule=0x769d0000, lpProcName="GetClientRect") returned 0x76a01e00 [0229.688] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19070c | out: lpflOldProtect=0x19070c*=0x4) returned 1 [0229.688] GetClientRect (in: hWnd=0xb0064, lpRect=0x1907cc | out: lpRect=0x1907cc) returned 1 [0229.688] GetLastError () returned 0x0 [0229.688] SetLastError (dwErrCode=0x0) [0229.688] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="$STARTDLG:CAPTION", cchWideChar=-1, lpMultiByteStr=0x190714, cbMultiByte=80, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$STARTDLG:CAPTION", lpUsedDefaultChar=0x0) returned 18 [0229.688] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.688] GetProcAddress (hModule=0x769d0000, lpProcName="GetSystemMetrics") returned 0x76a01aa0 [0229.692] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x190710 | out: lpflOldProtect=0x190710*=0x4) returned 1 [0229.692] GetSystemMetrics (nIndex=8) returned 3 [0229.692] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.693] GetProcAddress (hModule=0x769d0000, lpProcName="GetWindow") returned 0x76a08b50 [0229.693] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x19070c | out: lpflOldProtect=0x19070c*=0x4) returned 1 [0229.693] GetWindow (hWnd=0xb0064, uCmd=0x5) returned 0xa007a [0229.693] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.694] GetProcAddress (hModule=0x769d0000, lpProcName="SendMessageW") returned 0x76a02680 [0229.694] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x191088 | out: lpflOldProtect=0x191088*=0x4) returned 1 [0229.694] SendMessageW (hWnd=0xb0064, Msg=0x80, wParam=0x1, lParam=0x4037b) returned 0x0 [0229.699] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.699] GetProcAddress (hModule=0x769d0000, lpProcName="SendDlgItemMessageW") returned 0x76a078d0 [0229.699] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x191084 | out: lpflOldProtect=0x191084*=0x4) returned 1 [0229.699] SendDlgItemMessageW (hDlg=0xb0064, nIDDlgItem=108, Msg=0x172, wParam=0x0, lParam=0x6f0508b1) returned 0x0 [0229.703] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.704] GetProcAddress (hModule=0x769d0000, lpProcName="GetDlgItem") returned 0x76a05e40 [0229.704] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x191090 | out: lpflOldProtect=0x191090*=0x4) returned 1 [0229.705] GetDlgItem (hDlg=0xb0064, nIDDlgItem=104) returned 0x30286 [0229.705] SendMessageW (hWnd=0x30286, Msg=0x435, wParam=0x0, lParam=0x400000) returned 0x0 [0229.705] GetCurrentDirectoryW (in: nBufferLength=0x800, lpBuffer=0x19e544 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0") returned 0x2c [0229.705] GetDlgItem (hDlg=0xb0064, nIDDlgItem=102) returned 0x40254 [0229.705] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.705] GetProcAddress (hModule=0x769d0000, lpProcName="SetWindowTextW") returned 0x76a073a0 [0229.705] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x191090 | out: lpflOldProtect=0x191090*=0x4) returned 1 [0229.706] SetWindowTextW (hWnd=0x40254, lpString="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0") returned 1 [0229.706] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.706] GetProcAddress (hModule=0x769d0000, lpProcName="GetClassNameW") returned 0x76a0bdf0 [0229.706] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x190fdc | out: lpflOldProtect=0x190fdc*=0x4) returned 1 [0229.707] GetClassNameW (in: hWnd=0x40254, lpClassName=0x191054, nMaxCount=80 | out: lpClassName="ComboBox") returned 8 [0229.707] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="ComboBox", cchCount1=-1, lpString2="EDIT", cchCount2=-1) returned 1 [0229.707] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.707] GetProcAddress (hModule=0x769d0000, lpProcName="FindWindowExW") returned 0x769f7eb0 [0229.707] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x190fd4 | out: lpflOldProtect=0x190fd4*=0x4) returned 1 [0229.708] FindWindowExW (hWndParent=0x40254, hWndChildAfter=0x0, lpszClass="EDIT", lpszWindow=0x0) returned 0x30266 [0229.708] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0229.708] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x76bd0000 [0229.708] GetProcAddress (hModule=0x76bd0000, lpProcName="SHAutoComplete") returned 0x76bf54a0 [0229.708] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x190fe0 | out: lpflOldProtect=0x190fe0*=0x4) returned 1 [0229.709] SHAutoComplete (hwndEdit=0x30266, dwFlags=0x10) returned 0x0 [0230.329] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x43b628 [0230.329] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x43ba30 [0230.329] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x43be38 [0230.329] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x43c240 [0230.329] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x43c648 [0230.332] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x43ca50 [0230.332] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x43ce58 [0230.332] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x43d260 [0230.333] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x930) returned 0x43d668 [0230.333] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x43dfa0 [0230.333] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x43e3a8 [0230.333] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x43e7b0 [0230.333] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x445398 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x444378 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x4457a0 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x443358 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x441f30 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x930) returned 0x445f10 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x443760 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x444780 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x442338 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x443b68 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x442740 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x444b88 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x442b48 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x444f90 [0230.334] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xb3f0) returned 0x446848 [0230.335] GetCurrentProcess () returned 0xffffffff [0230.335] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x189c90, lpSystemAffinityMask=0x189c8c | out: lpProcessAffinityMask=0x189c90, lpSystemAffinityMask=0x189c8c) returned 1 [0230.335] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x442f50 [0230.335] GetCurrentProcess () returned 0xffffffff [0230.335] GetProcessAffinityMask (in: hProcess=0xffffffff, lpProcessAffinityMask=0x189c90, lpSystemAffinityMask=0x189c8c | out: lpProcessAffinityMask=0x189c90, lpSystemAffinityMask=0x189c8c) returned 1 [0230.335] CreateFileW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\work.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\work.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x2c0 [0230.336] ReadFile (in: hFile=0x2c0, lpBuffer=0x18b7c8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x189c9c, lpOverlapped=0x0 | out: lpBuffer=0x18b7c8*, lpNumberOfBytesRead=0x189c9c*=0x7, lpOverlapped=0x0) returned 1 [0230.336] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x200000) returned 0x3de9020 [0230.337] SetFilePointer (in: hFile=0x2c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189cd0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189cd0*=0) returned 0x7 [0230.338] ReadFile (in: hFile=0x2c0, lpBuffer=0x3de9020, nNumberOfBytesToRead=0x1ffff0, lpNumberOfBytesRead=0x189c9c, lpOverlapped=0x0 | out: lpBuffer=0x3de9020*, lpNumberOfBytesRead=0x189c9c*=0x16bba8, lpOverlapped=0x0) returned 1 [0230.391] SetFilePointer (in: hFile=0x2c0, lDistanceToMove=327168, lpDistanceToMoveHigh=0x188cac*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x188cac*=0) returned 0x4fe00 [0230.392] ReadFile (in: hFile=0x2c0, lpBuffer=0x18b7c8, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x189c9c, lpOverlapped=0x0 | out: lpBuffer=0x18b7c8*, lpNumberOfBytesRead=0x189c9c*=0x7, lpOverlapped=0x0) returned 1 [0230.411] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x3de9020 | out: hHeap=0x400000) returned 1 [0230.445] ReadFile (in: hFile=0x2c0, lpBuffer=0x18b7cf, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x189c9c, lpOverlapped=0x0 | out: lpBuffer=0x18b7cf*, lpNumberOfBytesRead=0x189c9c*=0x1, lpOverlapped=0x0) returned 1 [0230.446] SetFilePointer (in: hFile=0x2c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189cc4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189cc4*=0) returned 0x4fe08 [0230.446] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x20) returned 0x421f60 [0230.446] ReadFile (in: hFile=0x2c0, lpBuffer=0x421f60, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x187b88, lpOverlapped=0x0 | out: lpBuffer=0x421f60*, lpNumberOfBytesRead=0x187b88*=0x7, lpOverlapped=0x0) returned 1 [0230.446] ReadFile (in: hFile=0x2c0, lpBuffer=0x421f67, nNumberOfBytesToRead=0xa, lpNumberOfBytesRead=0x187b88, lpOverlapped=0x0 | out: lpBuffer=0x421f67*, lpNumberOfBytesRead=0x187b88*=0xa, lpOverlapped=0x0) returned 1 [0230.447] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x421f60 | out: hHeap=0x400000) returned 1 [0230.447] SetFilePointer (in: hFile=0x2c0, lDistanceToMove=327193, lpDistanceToMoveHigh=0x188ca0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x188ca0*=0) returned 0x4fe19 [0230.447] SetFilePointer (in: hFile=0x2c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189cd0*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189cd0*=0) returned 0x4fe19 [0230.447] SetFilePointer (in: hFile=0x2c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189cc4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189cc4*=0) returned 0x4fe19 [0230.447] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x20) returned 0x421f60 [0230.447] ReadFile (in: hFile=0x2c0, lpBuffer=0x421f60, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x187b88, lpOverlapped=0x0 | out: lpBuffer=0x421f60*, lpNumberOfBytesRead=0x187b88*=0x7, lpOverlapped=0x0) returned 1 [0230.447] ReadFile (in: hFile=0x2c0, lpBuffer=0x421f67, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x187b88, lpOverlapped=0x0 | out: lpBuffer=0x421f67*, lpNumberOfBytesRead=0x187b88*=0x11, lpOverlapped=0x0) returned 1 [0230.448] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x421f60 | out: hHeap=0x400000) returned 1 [0230.448] SetFilePointer (in: hFile=0x2c0, lDistanceToMove=327370, lpDistanceToMoveHigh=0x188ca0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x188ca0*=0) returned 0x4feca [0230.448] SetFilePointer (in: hFile=0x2c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189cc4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189cc4*=0) returned 0x4feca [0230.448] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x20) returned 0x421f60 [0230.448] ReadFile (in: hFile=0x2c0, lpBuffer=0x421f60, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x187b88, lpOverlapped=0x0 | out: lpBuffer=0x421f60*, lpNumberOfBytesRead=0x187b88*=0x7, lpOverlapped=0x0) returned 1 [0230.448] RtlReAllocateHeap (Heap=0x400000, Flags=0x0, Ptr=0x421f60, Size=0x60) returned 0x43ebb8 [0230.448] ReadFile (in: hFile=0x2c0, lpBuffer=0x43ebbf, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x187b88, lpOverlapped=0x0 | out: lpBuffer=0x43ebbf*, lpNumberOfBytesRead=0x187b88*=0x59, lpOverlapped=0x0) returned 1 [0230.449] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43ebb8 | out: hHeap=0x400000) returned 1 [0230.449] SetFilePointer (in: hFile=0x2c0, lDistanceToMove=327193, lpDistanceToMoveHigh=0x188cac*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x188cac*=0) returned 0x4fe19 [0230.449] SetFilePointer (in: hFile=0x2c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189d10*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189d10*=0) returned 0x4fe19 [0230.449] SetFilePointer (in: hFile=0x2c0, lDistanceToMove=327193, lpDistanceToMoveHigh=0x188cd8*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x188cd8*=0) returned 0x4fe19 [0230.449] SetFilePointer (in: hFile=0x2c0, lDistanceToMove=0, lpDistanceToMoveHigh=0x189cdc*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x189cdc*=0) returned 0x4fe19 [0230.450] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x20) returned 0x421f60 [0230.450] ReadFile (in: hFile=0x2c0, lpBuffer=0x421f60, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x187ba0, lpOverlapped=0x0 | out: lpBuffer=0x421f60*, lpNumberOfBytesRead=0x187ba0*=0x7, lpOverlapped=0x0) returned 1 [0230.450] ReadFile (in: hFile=0x2c0, lpBuffer=0x421f67, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x187ba0, lpOverlapped=0x0 | out: lpBuffer=0x421f67*, lpNumberOfBytesRead=0x187ba0*=0x11, lpOverlapped=0x0) returned 1 [0230.450] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x421f60 | out: hHeap=0x400000) returned 1 [0230.452] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x8004) returned 0x451c40 [0230.453] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x8004) returned 0x459c50 [0230.454] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x40000) returned 0x461c60 [0230.460] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x99) returned 0x43ebb8 [0230.460] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xb54) returned 0x4a1c68 [0230.460] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x100000) returned 0x3ded020 [0230.461] ReadFile (in: hFile=0x2c0, lpBuffer=0x3ded020, nNumberOfBytesToRead=0x99, lpNumberOfBytesRead=0x17b534, lpOverlapped=0x0 | out: lpBuffer=0x3ded020*, lpNumberOfBytesRead=0x17b534*=0x99, lpOverlapped=0x0) returned 1 [0230.461] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.461] GetProcAddress (hModule=0x769d0000, lpProcName="PeekMessageW") returned 0x76a082a0 [0230.461] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x17b4c4 | out: lpflOldProtect=0x17b4c4*=0x4) returned 1 [0230.462] PeekMessageW (in: lpMsg=0x17b544, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x17b544) returned 1 [0230.462] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.462] GetProcAddress (hModule=0x769d0000, lpProcName="GetMessageW") returned 0x76a08230 [0230.462] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x17b4c8 | out: lpflOldProtect=0x17b4c8*=0x4) returned 1 [0230.463] GetMessageW (in: lpMsg=0x17b544, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x17b544) returned 1 [0230.463] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.463] GetProcAddress (hModule=0x769d0000, lpProcName="IsDialogMessageW") returned 0x76a06890 [0230.464] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x17b4d0 | out: lpflOldProtect=0x17b4d0*=0x4) returned 1 [0230.464] IsDialogMessageW (hDlg=0xb0064, lpMsg=0x17b544) returned 1 [0230.466] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0230.467] PeekMessageW (in: lpMsg=0x17b554, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x17b554) returned 1 [0230.467] GetMessageW (in: lpMsg=0x17b554, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x17b554) returned 1 [0230.467] IsDialogMessageW (hDlg=0xb0064, lpMsg=0x17b554) returned 0 [0230.467] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.468] GetProcAddress (hModule=0x769d0000, lpProcName="TranslateMessage") returned 0x76a07060 [0230.468] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x17b4e4 | out: lpflOldProtect=0x17b4e4*=0x4) returned 1 [0230.468] TranslateMessage (lpMsg=0x17b554) returned 0 [0230.468] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.468] GetProcAddress (hModule=0x769d0000, lpProcName="DispatchMessageW") returned 0x76a027f0 [0230.469] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x17b4e4 | out: lpflOldProtect=0x17b4e4*=0x4) returned 1 [0230.469] DispatchMessageW (lpMsg=0x17b554) returned 0x0 [0230.469] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0230.469] PeekMessageW (in: lpMsg=0x17b540, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x17b540) returned 0 [0230.469] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0230.481] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x3ded020 | out: hHeap=0x400000) returned 1 [0230.493] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x461c60 | out: hHeap=0x400000) returned 1 [0230.493] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x459c50 | out: hHeap=0x400000) returned 1 [0230.497] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x451c40 | out: hHeap=0x400000) returned 1 [0230.499] RtlReAllocateHeap (Heap=0x400000, Flags=0x0, Ptr=0x43ebb8, Size=0xdf) returned 0x43ebb8 [0230.499] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x134) returned 0x43eca0 [0230.500] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43ebb8 | out: hHeap=0x400000) returned 1 [0230.500] SetFilePointer (in: hFile=0x2c0, lDistanceToMove=327193, lpDistanceToMoveHigh=0x188cec*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x188cec*=0) returned 0x4fe19 [0230.500] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xcc) returned 0x419678 [0230.500] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43eca0 | out: hHeap=0x400000) returned 1 [0230.501] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x442f50 | out: hHeap=0x400000) returned 1 [0230.501] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x446848 | out: hHeap=0x400000) returned 1 [0230.505] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x441f30 | out: hHeap=0x400000) returned 1 [0230.505] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x443358 | out: hHeap=0x400000) returned 1 [0230.505] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4457a0 | out: hHeap=0x400000) returned 1 [0230.506] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x444378 | out: hHeap=0x400000) returned 1 [0230.506] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x445398 | out: hHeap=0x400000) returned 1 [0230.507] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43e7b0 | out: hHeap=0x400000) returned 1 [0230.507] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43e3a8 | out: hHeap=0x400000) returned 1 [0230.507] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43dfa0 | out: hHeap=0x400000) returned 1 [0230.508] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43d668 | out: hHeap=0x400000) returned 1 [0230.508] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x444f90 | out: hHeap=0x400000) returned 1 [0230.509] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x442b48 | out: hHeap=0x400000) returned 1 [0230.509] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x444b88 | out: hHeap=0x400000) returned 1 [0230.509] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x442740 | out: hHeap=0x400000) returned 1 [0230.510] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x443b68 | out: hHeap=0x400000) returned 1 [0230.510] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x442338 | out: hHeap=0x400000) returned 1 [0230.510] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x444780 | out: hHeap=0x400000) returned 1 [0230.511] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x443760 | out: hHeap=0x400000) returned 1 [0230.511] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x445f10 | out: hHeap=0x400000) returned 1 [0230.513] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4a1c68 | out: hHeap=0x400000) returned 1 [0230.514] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43d260 | out: hHeap=0x400000) returned 1 [0230.514] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43ce58 | out: hHeap=0x400000) returned 1 [0230.515] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43ca50 | out: hHeap=0x400000) returned 1 [0230.515] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43c648 | out: hHeap=0x400000) returned 1 [0230.515] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43c240 | out: hHeap=0x400000) returned 1 [0230.516] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43be38 | out: hHeap=0x400000) returned 1 [0230.516] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43ba30 | out: hHeap=0x400000) returned 1 [0230.517] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43b628 | out: hHeap=0x400000) returned 1 [0230.519] CloseHandle (hObject=0x2c0) returned 1 [0230.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0230.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0230.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0230.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0230.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0230.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0230.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0230.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0230.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0230.520] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0230.521] ExpandEnvironmentStringsW (in: lpSrc="gesf.exe", lpDst=0x173830, nSize=0x1000 | out: lpDst="gesf.exe") returned 0x9 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.521] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0230.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0230.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0230.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0230.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0230.522] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0230.523] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x173830, nSize=0x1000 | out: lpDst="1") returned 0x2 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0230.523] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0230.524] ExpandEnvironmentStringsW (in: lpSrc="gesf.exe", lpDst=0x173830, nSize=0x1000 | out: lpDst="gesf.exe") returned 0x9 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.524] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0230.525] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x173830, nSize=0x1000 | out: lpDst="1") returned 0x2 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0230.525] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0230.526] ExpandEnvironmentStringsW (in: lpSrc="gesf.exe", lpDst=0x173830, nSize=0x1000 | out: lpDst="gesf.exe") returned 0x9 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.526] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0230.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0230.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0230.527] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0230.527] GetTempPathW (in: nBufferLength=0x800, lpBuffer=0x189860 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 0x25 [0230.527] GetLastError () returned 0x0 [0230.527] SetLastError (dwErrCode=0x0) [0230.527] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0")) returned 0x10 [0230.527] GetLastError () returned 0x0 [0230.527] SetLastError (dwErrCode=0x0) [0230.527] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1")) returned 0xffffffff [0230.527] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1")) returned 0xffffffff [0230.527] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.528] GetProcAddress (hModule=0x769d0000, lpProcName="SetDlgItemTextW") returned 0x769f89d0 [0230.528] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x1757d8 | out: lpflOldProtect=0x1757d8*=0x4) returned 1 [0230.528] SetDlgItemTextW (hDlg=0xb0064, nIDDlgItem=102, lpString="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0230.542] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x173830, nSize=0x1000 | out: lpDst="1") returned 0x2 [0230.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.542] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0230.542] GetDlgItem (hDlg=0xb0064, nIDDlgItem=103) returned 0x30250 [0230.542] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.543] GetProcAddress (hModule=0x769d0000, lpProcName="EnableWindow") returned 0x76a0c9d0 [0230.543] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x191080 | out: lpflOldProtect=0x191080*=0x4) returned 1 [0230.543] EnableWindow (hWnd=0x30250, bEnable=0) returned 0 [0230.544] GetDlgItem (hDlg=0xb0064, nIDDlgItem=102) returned 0x40254 [0230.544] EnableWindow (hWnd=0x40254, bEnable=0) returned 0 [0230.546] SendMessageW (hWnd=0xb0064, Msg=0x111, wParam=0x1, lParam=0x0) [0230.547] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.547] GetProcAddress (hModule=0x769d0000, lpProcName="GetDlgItemTextW") returned 0x769f8200 [0230.547] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x1824d8 | out: lpflOldProtect=0x1824d8*=0x4) returned 1 [0230.547] GetDlgItemTextW (in: hDlg=0xb0064, nIDDlgItem=102, lpString=0x18e994, cchMax=2048 | out: lpString="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1") returned 0x2c [0230.548] GetDlgItem (hDlg=0xb0064, nIDDlgItem=104) returned 0x30286 [0230.548] SendMessageW (hWnd=0x30286, Msg=0xb1, wParam=0x0, lParam=0xffffffff) returned 0x0 [0230.605] SendMessageW (hWnd=0x30286, Msg=0xc2, wParam=0x0, lParam=0xed45f4) returned 0x0 [0230.606] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.606] GetProcAddress (hModule=0x769d0000, lpProcName="SetFocus") returned 0x76a0ef80 [0230.606] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x1824e4 | out: lpflOldProtect=0x1824e4*=0x4) returned 1 [0230.606] SetFocus (hWnd=0x30286) returned 0x0 [0230.754] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.755] GetProcAddress (hModule=0x769d0000, lpProcName="LoadStringW") returned 0x76a0b980 [0230.755] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x1824b8 | out: lpflOldProtect=0x1824b8*=0x4) returned 1 [0230.755] LoadStringW (in: hInstance=0xea0000, uID=0xba, lpBuffer=0xee38e8, cchBufferMax=1024 | out: lpBuffer="Извлечение файлов во временную папку") returned 0x24 [0230.755] PeekMessageW (in: lpMsg=0x1824b4, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x1824b4) returned 0 [0230.755] GetDlgItem (hDlg=0xb0064, nIDDlgItem=104) returned 0x30286 [0230.755] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.756] GetProcAddress (hModule=0x769d0000, lpProcName="ShowWindow") returned 0x76a0f1f0 [0230.756] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x182468 | out: lpflOldProtect=0x182468*=0x4) returned 1 [0230.756] ShowWindow (hWnd=0x30286, nCmdShow=5) returned 1 [0230.756] SendMessageW (hWnd=0x30286, Msg=0xb1, wParam=0x0, lParam=0xffffffff) returned 0x0 [0230.757] SendMessageW (hWnd=0x30286, Msg=0xc2, wParam=0x0, lParam=0xed45f4) returned 0x0 [0230.758] SendMessageW (hWnd=0x30286, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x0 [0230.758] SendMessageW (hWnd=0x30286, Msg=0x43a, wParam=0x0, lParam=0x1824e8) returned 0xf800003f [0230.758] SendMessageW (hWnd=0x30286, Msg=0x444, wParam=0x1, lParam=0x1824e8) returned 0x1 [0230.759] SendMessageW (hWnd=0x30286, Msg=0xc2, wParam=0x0, lParam=0xee38e8) returned 0x24 [0230.761] SendMessageW (hWnd=0x30286, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x24 [0230.761] SendMessageW (hWnd=0x30286, Msg=0xc2, wParam=0x0, lParam=0xed549c) returned 0x1 [0230.762] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1")) returned 0xffffffff [0230.762] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1")) returned 0xffffffff [0230.763] GetCurrentProcess () returned 0xffffffff [0230.763] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.763] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ff0000 [0230.764] GetProcAddress (hModule=0x75ff0000, lpProcName="OpenProcessToken") returned 0x7600df20 [0230.764] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x182430 | out: lpflOldProtect=0x182430*=0x4) returned 1 [0230.764] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20008, TokenHandle=0x1824a8 | out: TokenHandle=0x1824a8*=0x318) returned 1 [0230.764] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.765] GetProcAddress (hModule=0x75ff0000, lpProcName="GetTokenInformation") returned 0x7600db80 [0230.765] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x182428 | out: lpflOldProtect=0x182428*=0x4) returned 1 [0230.765] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x1824ac | out: TokenInformation=0x0, ReturnLength=0x1824ac) returned 0 [0230.765] GetLastError () returned 0x7a [0230.765] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x24) returned 0x43e568 [0230.765] GetTokenInformation (in: TokenHandle=0x318, TokenInformationClass=0x1, TokenInformation=0x43e568, TokenInformationLength=0x24, ReturnLength=0x1824ac | out: TokenInformation=0x43e568, ReturnLength=0x1824ac) returned 1 [0230.766] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.766] GetProcAddress (hModule=0x75ff0000, lpProcName="CopySid") returned 0x7600e140 [0230.766] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x18242c | out: lpflOldProtect=0x18242c*=0x4) returned 1 [0230.767] CopySid (in: nDestinationSidLength=0x44, pDestinationSid=0x1824bc, pSourceSid=0x43e570*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xcc)) | out: pDestinationSid=0x1824bc*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0xcc))) returned 1 [0230.767] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43e568 | out: hHeap=0x400000) returned 1 [0230.767] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.768] GetProcAddress (hModule=0x75ff0000, lpProcName="SetEntriesInAclW") returned 0x7600f780 [0230.768] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x18243c | out: lpflOldProtect=0x18243c*=0x4) returned 1 [0230.769] SetEntriesInAclW () returned 0x0 [0230.769] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.770] GetProcAddress (hModule=0x75ff0000, lpProcName="InitializeSecurityDescriptor") returned 0x7600e7e0 [0230.799] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x182444 | out: lpflOldProtect=0x182444*=0x4) returned 1 [0230.800] InitializeSecurityDescriptor (in: pSecurityDescriptor=0x182500, dwRevision=0x1 | out: pSecurityDescriptor=0x182500) returned 1 [0230.800] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.800] GetProcAddress (hModule=0x75ff0000, lpProcName="SetSecurityDescriptorDacl") returned 0x7600e640 [0230.800] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x18243c | out: lpflOldProtect=0x18243c*=0x4) returned 1 [0230.801] SetSecurityDescriptorDacl (in: pSecurityDescriptor=0x182500, bDaclPresent=1, pDacl=0x4239e0, bDaclDefaulted=0 | out: pSecurityDescriptor=0x182500) returned 1 [0230.801] CreateDirectoryW (lpPathName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpSecurityAttributes=0x182534) returned 1 [0230.802] LocalFree (hMem=0x4239e0) returned 0x0 [0230.802] CreateDirectoryW (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0230.802] GetFileAttributesW (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0230.802] GetLastError () returned 0xb7 [0230.802] CreateDirectoryW (lpPathName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm"), lpSecurityAttributes=0x0) returned 0 [0230.802] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm")) returned 0x10 [0230.803] GetLastError () returned 0xb7 [0230.803] CreateDirectoryW (lpPathName="C:\\Users\\OQXZRA~1\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpSecurityAttributes=0x0) returned 0 [0230.803] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata")) returned 0x12 [0230.803] GetLastError () returned 0xb7 [0230.803] CreateDirectoryW (lpPathName="C:\\Users\\OQXZRA~1\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0230.803] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local")) returned 0x10 [0230.803] GetLastError () returned 0xb7 [0230.803] CreateDirectoryW (lpPathName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0230.803] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp")) returned 0x10 [0230.803] GetLastError () returned 0xb7 [0230.803] CreateDirectoryW (lpPathName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpSecurityAttributes=0x0) returned 0 [0230.803] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1")) returned 0x10 [0230.804] GetLastError () returned 0xb7 [0230.804] GetLastError () returned 0xb7 [0230.804] SetCurrentDirectoryW (lpPathName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1")) returned 1 [0230.804] GetTickCount () returned 0x19caf27 [0230.804] GetLastError () returned 0xb7 [0230.804] SetLastError (dwErrCode=0xb7) [0230.804] CreateFileW (lpFileName="__tmp_rar_sfx_access_check_27045671" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\__tmp_rar_sfx_access_check_27045671"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x84 [0230.804] CloseHandle (hObject=0x84) returned 1 [0230.805] DeleteFileW (lpFileName="__tmp_rar_sfx_access_check_27045671" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\__tmp_rar_sfx_access_check_27045671")) returned 1 [0230.805] GetDlgItem (hDlg=0xb0064, nIDDlgItem=103) returned 0x30250 [0230.805] ShowWindow (hWnd=0x30250, nCmdShow=0) returned 1 [0230.806] GetDlgItem (hDlg=0xb0064, nIDDlgItem=102) returned 0x40254 [0230.806] ShowWindow (hWnd=0x40254, nCmdShow=0) returned 1 [0230.806] LoadStringW (in: hInstance=0xea0000, uID=0xe6, lpBuffer=0xee40e8, cchBufferMax=1024 | out: lpBuffer="Приостановить") returned 0xd [0230.806] SetDlgItemTextW (hDlg=0xb0064, nIDDlgItem=1, lpString="Приостановить") returned 1 [0230.807] GetDlgItem (hDlg=0xb0064, nIDDlgItem=105) returned 0x40264 [0230.807] ShowWindow (hWnd=0x40264, nCmdShow=9) returned 0 [0230.807] SetDlgItemTextW (hDlg=0xb0064, nIDDlgItem=101, lpString="") returned 1 [0230.807] GetDlgItem (hDlg=0xb0064, nIDDlgItem=101) returned 0xc01e8 [0230.807] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.808] GetProcAddress (hModule=0x769d0000, lpProcName="GetWindowLongW") returned 0x76a05090 [0230.808] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x1824e0 | out: lpflOldProtect=0x1824e0*=0x4) returned 1 [0230.808] GetWindowLongW (hWnd=0xc01e8, nIndex=-16) returned 1342341120 [0230.808] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0230.808] GetProcAddress (hModule=0x769d0000, lpProcName="SetWindowLongW") returned 0x76a02560 [0230.809] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x1824dc | out: lpflOldProtect=0x1824dc*=0x4) returned 1 [0230.809] SetWindowLongW (hWnd=0xc01e8, nIndex=-16, dwNewLong=1342341248) returned 1342341120 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0230.812] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0230.813] ExpandEnvironmentStringsW (in: lpSrc="gesf.exe", lpDst=0x164c80, nSize=0x1000 | out: lpDst="gesf.exe") returned 0x9 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0230.813] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x164c80, nSize=0x1000 | out: lpDst="1") returned 0x2 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0230.813] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0230.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0230.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0230.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0230.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0230.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0230.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0230.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0230.814] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0230.815] ExpandEnvironmentStringsW (in: lpSrc="gesf.exe", lpDst=0x164c80, nSize=0x1000 | out: lpDst="gesf.exe") returned 0x9 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.815] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0230.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0230.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0230.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0230.816] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x164c80, nSize=0x1000 | out: lpDst="1") returned 0x2 [0230.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0230.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0230.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0230.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0230.816] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x40) returned 0x41a340 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x6c) returned 0x43ecd0 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x930) returned 0x44b650 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x443f70 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x443358 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x443760 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x444b88 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x442338 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x444780 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x442b48 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x443b68 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x930) returned 0x44bf88 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x444f90 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x445398 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x4457a0 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x444378 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x441f30 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x442740 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x442f50 [0230.816] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44d0f8 [0230.817] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x2010) returned 0x4548c8 [0230.817] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xe6d0) returned 0x4568e0 [0230.817] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x8004) returned 0x464fb8 [0230.818] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x8004) returned 0x46cfc8 [0230.819] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x338) returned 0x474fd8 [0230.819] CreateSemaphoreW (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=64, lpName=0x0) returned 0x84 [0230.819] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x320 [0230.819] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\work.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\work.exe"), lpFindFileData=0x17f118 | out: lpFindFileData=0x17f118*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x681db228, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x68299fbb, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x4e64971e, ftLastWriteTime.dwHighDateTime=0x1da852a, nFileSizeHigh=0x0, nFileSizeLow=0x16bbaf, dwReserved0=0x77d87f49, dwReserved1=0x7f, cFileName="work.exe", cAlternateFileName="")) returned 0x44a850 [0230.820] FindClose (in: hFindFile=0x44a850 | out: hFindFile=0x44a850) returned 1 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x4529a8 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44f948 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x453dd0 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44c8e8 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44ed30 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44f138 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x451580 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x450d70 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x930) returned 0x475318 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44f540 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x450560 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44fd50 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x450158 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x4535c0 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x450968 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44e928 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x451178 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x930) returned 0x475c50 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x451988 [0230.820] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x451d90 [0230.821] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x4525a0 [0230.821] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44d500 [0230.821] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x452198 [0230.821] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x452db0 [0230.821] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x4539c8 [0230.821] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44d908 [0230.821] CreateFileW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX0\\work.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx0\\work.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x324 [0230.821] ReadFile (in: hFile=0x324, lpBuffer=0x177a30, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x175f14, lpOverlapped=0x0 | out: lpBuffer=0x177a30*, lpNumberOfBytesRead=0x175f14*=0x7, lpOverlapped=0x0) returned 1 [0230.822] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x200000) returned 0x3e1b020 [0230.823] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f48*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f48*=0) returned 0x7 [0230.823] ReadFile (in: hFile=0x324, lpBuffer=0x3e1b020, nNumberOfBytesToRead=0x1ffff0, lpNumberOfBytesRead=0x175f14, lpOverlapped=0x0 | out: lpBuffer=0x3e1b020*, lpNumberOfBytesRead=0x175f14*=0x16bba8, lpOverlapped=0x0) returned 1 [0230.861] SetFilePointer (in: hFile=0x324, lDistanceToMove=327168, lpDistanceToMoveHigh=0x174f24*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f24*=0) returned 0x4fe00 [0230.862] ReadFile (in: hFile=0x324, lpBuffer=0x177a30, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x175f14, lpOverlapped=0x0 | out: lpBuffer=0x177a30*, lpNumberOfBytesRead=0x175f14*=0x7, lpOverlapped=0x0) returned 1 [0230.872] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x3e1b020 | out: hHeap=0x400000) returned 1 [0230.902] ReadFile (in: hFile=0x324, lpBuffer=0x177a37, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x175f14, lpOverlapped=0x0 | out: lpBuffer=0x177a37*, lpNumberOfBytesRead=0x175f14*=0x1, lpOverlapped=0x0) returned 1 [0230.902] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f3c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f3c*=0) returned 0x4fe08 [0230.902] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x20) returned 0x421a60 [0230.902] ReadFile (in: hFile=0x324, lpBuffer=0x421a60, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e00, lpOverlapped=0x0 | out: lpBuffer=0x421a60*, lpNumberOfBytesRead=0x173e00*=0x7, lpOverlapped=0x0) returned 1 [0230.902] ReadFile (in: hFile=0x324, lpBuffer=0x421a67, nNumberOfBytesToRead=0xa, lpNumberOfBytesRead=0x173e00, lpOverlapped=0x0 | out: lpBuffer=0x421a67*, lpNumberOfBytesRead=0x173e00*=0xa, lpOverlapped=0x0) returned 1 [0230.903] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x421a60 | out: hHeap=0x400000) returned 1 [0230.903] SetFilePointer (in: hFile=0x324, lDistanceToMove=327193, lpDistanceToMoveHigh=0x174f18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f18*=0) returned 0x4fe19 [0230.903] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f48*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f48*=0) returned 0x4fe19 [0230.903] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f3c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f3c*=0) returned 0x4fe19 [0230.903] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x20) returned 0x421a60 [0230.903] ReadFile (in: hFile=0x324, lpBuffer=0x421a60, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e00, lpOverlapped=0x0 | out: lpBuffer=0x421a60*, lpNumberOfBytesRead=0x173e00*=0x7, lpOverlapped=0x0) returned 1 [0230.903] ReadFile (in: hFile=0x324, lpBuffer=0x421a67, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x173e00, lpOverlapped=0x0 | out: lpBuffer=0x421a67*, lpNumberOfBytesRead=0x173e00*=0x11, lpOverlapped=0x0) returned 1 [0230.904] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x421a60 | out: hHeap=0x400000) returned 1 [0230.904] SetFilePointer (in: hFile=0x324, lDistanceToMove=327370, lpDistanceToMoveHigh=0x174f18*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f18*=0) returned 0x4feca [0230.904] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f3c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f3c*=0) returned 0x4feca [0230.904] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x20) returned 0x421d58 [0230.904] ReadFile (in: hFile=0x324, lpBuffer=0x421d58, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e00, lpOverlapped=0x0 | out: lpBuffer=0x421d58*, lpNumberOfBytesRead=0x173e00*=0x7, lpOverlapped=0x0) returned 1 [0230.904] RtlReAllocateHeap (Heap=0x400000, Flags=0x0, Ptr=0x421d58, Size=0x60) returned 0x43ed48 [0230.904] ReadFile (in: hFile=0x324, lpBuffer=0x43ed4f, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x173e00, lpOverlapped=0x0 | out: lpBuffer=0x43ed4f*, lpNumberOfBytesRead=0x173e00*=0x59, lpOverlapped=0x0) returned 1 [0230.905] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43ed48 | out: hHeap=0x400000) returned 1 [0230.905] SetFilePointer (in: hFile=0x324, lDistanceToMove=327193, lpDistanceToMoveHigh=0x174f24*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f24*=0) returned 0x4fe19 [0230.905] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f54*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f54*=0) returned 0x4fe19 [0230.905] SetFilePointer (in: hFile=0x324, lDistanceToMove=327193, lpDistanceToMoveHigh=0x174f1c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f1c*=0) returned 0x4fe19 [0230.905] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f20*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f20*=0) returned 0x4fe19 [0230.905] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x20) returned 0x421ab0 [0230.905] ReadFile (in: hFile=0x324, lpBuffer=0x421ab0, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173de4, lpOverlapped=0x0 | out: lpBuffer=0x421ab0*, lpNumberOfBytesRead=0x173de4*=0x7, lpOverlapped=0x0) returned 1 [0230.905] ReadFile (in: hFile=0x324, lpBuffer=0x421ab7, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x173de4, lpOverlapped=0x0 | out: lpBuffer=0x421ab7*, lpNumberOfBytesRead=0x173de4*=0x11, lpOverlapped=0x0) returned 1 [0230.906] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x421ab0 | out: hHeap=0x400000) returned 1 [0230.906] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x8004) returned 0x476588 [0230.907] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x8004) returned 0x47e598 [0230.924] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x40000) returned 0x4865a8 [0230.930] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x99) returned 0x43ed48 [0230.930] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xb54) returned 0x4c65b0 [0230.930] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x100000) returned 0x3e15020 [0230.932] ReadFile (in: hFile=0x324, lpBuffer=0x3e15020, nNumberOfBytesToRead=0x99, lpNumberOfBytesRead=0x167778, lpOverlapped=0x0 | out: lpBuffer=0x3e15020*, lpNumberOfBytesRead=0x167778*=0x99, lpOverlapped=0x0) returned 1 [0230.932] PeekMessageW (in: lpMsg=0x167788, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x167788) returned 1 [0230.932] GetMessageW (in: lpMsg=0x167788, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x167788) returned 1 [0230.932] IsDialogMessageW (hDlg=0xb0064, lpMsg=0x167788) returned 0 [0230.932] TranslateMessage (lpMsg=0x167788) returned 0 [0230.932] DispatchMessageW (lpMsg=0x167788) returned 0x0 [0230.932] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0230.932] PeekMessageW (in: lpMsg=0x167798, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x167798) returned 1 [0230.933] GetMessageW (in: lpMsg=0x167798, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x167798) returned 1 [0230.933] IsDialogMessageW (hDlg=0xb0064, lpMsg=0x167798) returned 0 [0230.933] TranslateMessage (lpMsg=0x167798) returned 0 [0230.933] DispatchMessageW (lpMsg=0x167798) returned 0x0 [0230.933] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0230.933] PeekMessageW (in: lpMsg=0x167784, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x167784) returned 0 [0230.933] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0230.945] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x3e15020 | out: hHeap=0x400000) returned 1 [0230.949] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4865a8 | out: hHeap=0x400000) returned 1 [0230.950] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x47e598 | out: hHeap=0x400000) returned 1 [0230.950] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x476588 | out: hHeap=0x400000) returned 1 [0230.954] RtlReAllocateHeap (Heap=0x400000, Flags=0x0, Ptr=0x43ed48, Size=0xdf) returned 0x44b218 [0230.955] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x134) returned 0x402f78 [0230.955] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44b218 | out: hHeap=0x400000) returned 1 [0230.955] SetFilePointer (in: hFile=0x324, lDistanceToMove=327193, lpDistanceToMoveHigh=0x174f30*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f30*=0) returned 0x4fe19 [0230.955] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x402f78 | out: hHeap=0x400000) returned 1 [0230.955] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f4c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f4c*=0) returned 0x4fe19 [0230.956] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x174f28*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x174f28*=0) returned 0x16bbaf [0230.956] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f4c*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f4c*=0) returned 0x16bbaf [0230.956] SetFilePointer (in: hFile=0x324, lDistanceToMove=327193, lpDistanceToMoveHigh=0x174f28*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x174f28*=0) returned 0x4fe19 [0230.956] GetSystemTime (in: lpSystemTime=0x175f6c | out: lpSystemTime=0x175f6c*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0x9, wMinute=0x28, wSecond=0xe, wMilliseconds=0x317)) [0230.956] SystemTimeToFileTime (in: lpSystemTime=0x175f6c, lpFileTime=0x175f7c | out: lpFileTime=0x175f7c) returned 1 [0230.956] LoadStringW (in: hInstance=0xea0000, uID=0x8d, lpBuffer=0xee48e8, cchBufferMax=1024 | out: lpBuffer="Извлечение из %s") returned 0x10 [0230.956] GetLastError () returned 0x0 [0230.956] SetLastError (dwErrCode=0x0) [0230.956] PeekMessageW (in: lpMsg=0x174ae8, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x174ae8) returned 0 [0230.956] GetDlgItem (hDlg=0xb0064, nIDDlgItem=104) returned 0x30286 [0230.956] SendMessageW (hWnd=0x30286, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x25 [0230.958] SendMessageW (hWnd=0x30286, Msg=0x43a, wParam=0x0, lParam=0x174b1c) returned 0xf800003f [0230.958] SendMessageW (hWnd=0x30286, Msg=0x444, wParam=0x1, lParam=0x174b1c) returned 0x1 [0230.958] SendMessageW (hWnd=0x30286, Msg=0xc2, wParam=0x0, lParam=0x174b84) returned 0x16 [0230.964] SendMessageW (hWnd=0x30286, Msg=0xb1, wParam=0x5f5e100, lParam=0x5f5e100) returned 0x3b [0230.965] SendMessageW (hWnd=0x30286, Msg=0xc2, wParam=0x0, lParam=0xed549c) returned 0x1 [0230.965] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f88*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f88*=0) returned 0x4fe19 [0230.966] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x20) returned 0x421c18 [0230.966] ReadFile (in: hFile=0x324, lpBuffer=0x421c18, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x421c18*, lpNumberOfBytesRead=0x173e4c*=0x7, lpOverlapped=0x0) returned 1 [0230.966] ReadFile (in: hFile=0x324, lpBuffer=0x421c1f, nNumberOfBytesToRead=0x11, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x421c1f*, lpNumberOfBytesRead=0x173e4c*=0x11, lpOverlapped=0x0) returned 1 [0230.966] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x421c18 | out: hHeap=0x400000) returned 1 [0230.966] SetFilePointer (in: hFile=0x324, lDistanceToMove=327370, lpDistanceToMoveHigh=0x16fe3c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe3c*=0) returned 0x4feca [0230.966] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f88*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f88*=0) returned 0x4feca [0230.966] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x20) returned 0x421a60 [0230.966] ReadFile (in: hFile=0x324, lpBuffer=0x421a60, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x421a60*, lpNumberOfBytesRead=0x173e4c*=0x7, lpOverlapped=0x0) returned 1 [0230.966] RtlReAllocateHeap (Heap=0x400000, Flags=0x0, Ptr=0x421a60, Size=0x60) returned 0x43ed48 [0230.966] ReadFile (in: hFile=0x324, lpBuffer=0x43ed4f, nNumberOfBytesToRead=0x59, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x43ed4f*, lpNumberOfBytesRead=0x173e4c*=0x59, lpOverlapped=0x0) returned 1 [0230.967] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x43ed48 | out: hHeap=0x400000) returned 1 [0230.967] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="*", cchCount1=1, lpString2="gesf.exe", cchCount2=1) returned 1 [0230.967] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="*", cchCount1=-1, lpString2="gesf.exe", cchCount2=-1) returned 1 [0230.967] SetFilePointer (in: hFile=0x324, lDistanceToMove=327466, lpDistanceToMoveHigh=0x16fe48*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe48*=0) returned 0x4ff2a [0230.967] LoadStringW (in: hInstance=0xea0000, uID=0x65, lpBuffer=0xee50e8, cchBufferMax=1024 | out: lpBuffer="Извлечение %s") returned 0xd [0230.967] GetLastError () returned 0x6 [0230.967] SetLastError (dwErrCode=0x6) [0230.967] SetDlgItemTextW (hDlg=0xb0064, nIDDlgItem=101, lpString="Извлечение gesf.exe") returned 1 [0230.967] PeekMessageW (in: lpMsg=0x16fa3c, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x16fa3c) returned 0 [0230.968] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x930) returned 0x4c7110 [0230.968] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44dd10 [0230.968] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x4541d8 [0230.968] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x4531b8 [0230.968] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44ccf0 [0230.968] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44e118 [0230.968] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x44e520 [0230.968] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x4caad0 [0230.969] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x4cb6e8 [0230.969] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x400) returned 0x4cbaf0 [0230.969] CryptUnprotectMemory (in: pDataIn=0x170a28, cbDataIn=0x400, dwFlags=0x0 | out: pDataIn=0x170a28) returned 1 [0230.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="riverdD", cchWideChar=-1, lpMultiByteStr=0x170828, cbMultiByte=512, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="riverdD", lpUsedDefaultChar=0x0) returned 8 [0230.970] CryptUnprotectMemory (in: pDataIn=0x16f774, cbDataIn=0x400, dwFlags=0x0 | out: pDataIn=0x16f774) returned 1 [0230.970] CryptUnprotectMemory (in: pDataIn=0x16f774, cbDataIn=0x400, dwFlags=0x0 | out: pDataIn=0x16f774) returned 1 [0230.970] CryptUnprotectMemory (in: pDataIn=0x16f774, cbDataIn=0x400, dwFlags=0x0 | out: pDataIn=0x16f774) returned 1 [0230.970] CryptUnprotectMemory (in: pDataIn=0x16f774, cbDataIn=0x400, dwFlags=0x0 | out: pDataIn=0x16f774) returned 1 [0231.006] CryptProtectMemory (in: pDataIn=0x44c09c, cbDataIn=0x20, dwFlags=0x0 | out: pDataIn=0x44c09c) returned 1 [0231.007] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4cbaf0 | out: hHeap=0x400000) returned 1 [0231.008] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4cb6e8 | out: hHeap=0x400000) returned 1 [0231.008] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4caad0 | out: hHeap=0x400000) returned 1 [0231.008] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44e520 | out: hHeap=0x400000) returned 1 [0231.009] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44e118 | out: hHeap=0x400000) returned 1 [0231.009] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44ccf0 | out: hHeap=0x400000) returned 1 [0231.009] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4531b8 | out: hHeap=0x400000) returned 1 [0231.009] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4541d8 | out: hHeap=0x400000) returned 1 [0231.009] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44dd10 | out: hHeap=0x400000) returned 1 [0231.010] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4c7110 | out: hHeap=0x400000) returned 1 [0231.010] GetFileAttributesW (lpFileName="gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0xffffffff [0231.010] GetCurrentDirectoryW (in: nBufferLength=0x7ff, lpBuffer=0x16ddf0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1") returned 0x2c [0231.010] GetFileAttributesW (lpFileName="\\\\?\\C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0xffffffff [0231.010] CreateFileW (lpFileName="gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x328 [0231.011] GetFileType (hFile=0x328) returned 0x1 [0231.011] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xb54) returned 0x4cfa50 [0231.011] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0xb54) returned 0x4d05b0 [0231.011] SetFilePointer (in: hFile=0x328, lDistanceToMove=1162240, lpDistanceToMoveHigh=0x16fe48*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe48*=0) returned 0x11bc00 [0231.011] SetEndOfFile (hFile=0x328) returned 1 [0231.019] SetFilePointer (in: hFile=0x328, lDistanceToMove=0, lpDistanceToMoveHigh=0x16fe34*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe34*=0) returned 0x0 [0231.019] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x100000) returned 0x3e13020 [0231.021] ReadFile (in: hFile=0x324, lpBuffer=0x3e13020, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x170dd0, lpOverlapped=0x0 | out: lpBuffer=0x3e13020*, lpNumberOfBytesRead=0x170dd0*=0x100000, lpOverlapped=0x0) returned 1 [0231.053] SendDlgItemMessageW (hDlg=0xb0064, nIDDlgItem=106, Msg=0x402, wParam=0x5c, lParam=0x0) returned 0x0 [0231.054] PeekMessageW (in: lpMsg=0x170d88, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170d88) returned 0 [0231.055] PeekMessageW (in: lpMsg=0x170de0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170de0) returned 0 [0231.055] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0231.055] WriteFile (in: hFile=0x328, lpBuffer=0x3e13020*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x170e0c, lpOverlapped=0x0 | out: lpBuffer=0x3e13020*, lpNumberOfBytesWritten=0x170e0c*=0x100000, lpOverlapped=0x0) returned 1 [0231.084] PeekMessageW (in: lpMsg=0x170df0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170df0) returned 1 [0231.084] GetMessageW (in: lpMsg=0x170df0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x170df0) returned 1 [0231.084] IsDialogMessageW (hDlg=0xb0064, lpMsg=0x170df0) returned 0 [0231.084] TranslateMessage (lpMsg=0x170df0) returned 0 [0231.084] DispatchMessageW (lpMsg=0x170df0) returned 0x0 [0231.085] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0231.085] ReadFile (in: hFile=0x324, lpBuffer=0x3e13020, nNumberOfBytesToRead=0x1bc00, lpNumberOfBytesRead=0x170dcc, lpOverlapped=0x0 | out: lpBuffer=0x3e13020*, lpNumberOfBytesRead=0x170dcc*=0x1bc00, lpOverlapped=0x0) returned 1 [0231.085] SendDlgItemMessageW (hDlg=0xb0064, nIDDlgItem=106, Msg=0x402, wParam=0x64, lParam=0x0) returned 0x5c [0231.085] PeekMessageW (in: lpMsg=0x170d84, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170d84) returned 0 [0231.086] PeekMessageW (in: lpMsg=0x170ddc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170ddc) returned 0 [0231.086] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0231.086] WriteFile (in: hFile=0x328, lpBuffer=0x3e13020*, nNumberOfBytesToWrite=0x1bc00, lpNumberOfBytesWritten=0x170e0c, lpOverlapped=0x0 | out: lpBuffer=0x3e13020*, lpNumberOfBytesWritten=0x170e0c*=0x1bc00, lpOverlapped=0x0) returned 1 [0231.093] PeekMessageW (in: lpMsg=0x170df0, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170df0) returned 0 [0231.093] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0231.094] SendDlgItemMessageW (hDlg=0xb0064, nIDDlgItem=106, Msg=0x402, wParam=0x64, lParam=0x0) returned 0x64 [0231.094] PeekMessageW (in: lpMsg=0x170d84, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170d84) returned 0 [0231.094] PeekMessageW (in: lpMsg=0x170ddc, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x170ddc) returned 0 [0231.094] SetThreadExecutionState (esFlags=0x1) returned 0x80000000 [0231.103] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x3e13020 | out: hHeap=0x400000) returned 1 [0231.115] SetFilePointer (in: hFile=0x324, lDistanceToMove=1489706, lpDistanceToMoveHigh=0x16fe3c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe3c*=0) returned 0x16bb2a [0231.115] SetFileTime (hFile=0x328, lpCreationTime=0x0, lpLastAccessTime=0x0, lpLastWriteTime=0x170e50) returned 1 [0231.115] CloseHandle (hObject=0x328) returned 1 [0231.258] SetFileAttributesW (lpFileName="gesf.exe", dwFileAttributes=0x20) returned 1 [0231.259] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f88*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f88*=0) returned 0x16bb2a [0231.259] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x20) returned 0x421c90 [0231.259] ReadFile (in: hFile=0x324, lpBuffer=0x421c90, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x421c90*, lpNumberOfBytesRead=0x173e4c*=0x7, lpOverlapped=0x0) returned 1 [0231.259] ReadFile (in: hFile=0x324, lpBuffer=0x421c97, nNumberOfBytesToRead=0xc, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x421c97*, lpNumberOfBytesRead=0x173e4c*=0xc, lpOverlapped=0x0) returned 1 [0231.260] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x421c90 | out: hHeap=0x400000) returned 1 [0231.260] SetFilePointer (in: hFile=0x324, lDistanceToMove=1489831, lpDistanceToMoveHigh=0x16fe3c*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x16fe3c*=0) returned 0x16bba7 [0231.260] SetFilePointer (in: hFile=0x324, lDistanceToMove=0, lpDistanceToMoveHigh=0x175f88*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x175f88*=0) returned 0x16bba7 [0231.260] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x20) returned 0x421b28 [0231.260] ReadFile (in: hFile=0x324, lpBuffer=0x421b28, nNumberOfBytesToRead=0x7, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x421b28*, lpNumberOfBytesRead=0x173e4c*=0x7, lpOverlapped=0x0) returned 1 [0231.260] ReadFile (in: hFile=0x324, lpBuffer=0x421b2f, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x173e4c, lpOverlapped=0x0 | out: lpBuffer=0x421b2f*, lpNumberOfBytesRead=0x173e4c*=0x1, lpOverlapped=0x0) returned 1 [0231.261] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x421b28 | out: hHeap=0x400000) returned 1 [0231.261] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x451178 | out: hHeap=0x400000) returned 1 [0231.261] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44e928 | out: hHeap=0x400000) returned 1 [0231.262] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x450968 | out: hHeap=0x400000) returned 1 [0231.262] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4535c0 | out: hHeap=0x400000) returned 1 [0231.263] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x450158 | out: hHeap=0x400000) returned 1 [0231.263] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44fd50 | out: hHeap=0x400000) returned 1 [0231.263] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x450560 | out: hHeap=0x400000) returned 1 [0231.264] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44f540 | out: hHeap=0x400000) returned 1 [0231.264] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x475318 | out: hHeap=0x400000) returned 1 [0231.264] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44d908 | out: hHeap=0x400000) returned 1 [0231.265] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4539c8 | out: hHeap=0x400000) returned 1 [0231.265] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x452db0 | out: hHeap=0x400000) returned 1 [0231.265] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x452198 | out: hHeap=0x400000) returned 1 [0231.266] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44d500 | out: hHeap=0x400000) returned 1 [0231.266] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4525a0 | out: hHeap=0x400000) returned 1 [0231.266] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x451d90 | out: hHeap=0x400000) returned 1 [0231.267] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x451988 | out: hHeap=0x400000) returned 1 [0231.268] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x475c50 | out: hHeap=0x400000) returned 1 [0231.270] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4c65b0 | out: hHeap=0x400000) returned 1 [0231.270] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x450d70 | out: hHeap=0x400000) returned 1 [0231.270] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x451580 | out: hHeap=0x400000) returned 1 [0231.271] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44f138 | out: hHeap=0x400000) returned 1 [0231.271] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44ed30 | out: hHeap=0x400000) returned 1 [0231.272] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44c8e8 | out: hHeap=0x400000) returned 1 [0231.272] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x453dd0 | out: hHeap=0x400000) returned 1 [0231.272] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44f948 | out: hHeap=0x400000) returned 1 [0231.273] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4529a8 | out: hHeap=0x400000) returned 1 [0231.273] CloseHandle (hObject=0x324) returned 1 [0231.273] ReleaseSemaphore (in: hSemaphore=0x84, lReleaseCount=64, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0231.273] CloseHandle (hObject=0x84) returned 1 [0231.273] CloseHandle (hObject=0x320) returned 1 [0231.274] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x474fd8 | out: hHeap=0x400000) returned 1 [0231.274] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x46cfc8 | out: hHeap=0x400000) returned 1 [0231.277] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x464fb8 | out: hHeap=0x400000) returned 1 [0231.282] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4568e0 | out: hHeap=0x400000) returned 1 [0231.286] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4548c8 | out: hHeap=0x400000) returned 1 [0231.288] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x443b68 | out: hHeap=0x400000) returned 1 [0231.288] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x442b48 | out: hHeap=0x400000) returned 1 [0231.289] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x444780 | out: hHeap=0x400000) returned 1 [0231.289] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x442338 | out: hHeap=0x400000) returned 1 [0231.289] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x444b88 | out: hHeap=0x400000) returned 1 [0231.289] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x443760 | out: hHeap=0x400000) returned 1 [0231.290] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x443358 | out: hHeap=0x400000) returned 1 [0231.290] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x443f70 | out: hHeap=0x400000) returned 1 [0231.292] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44b650 | out: hHeap=0x400000) returned 1 [0231.293] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44d0f8 | out: hHeap=0x400000) returned 1 [0231.300] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x442f50 | out: hHeap=0x400000) returned 1 [0231.300] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x442740 | out: hHeap=0x400000) returned 1 [0231.301] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x441f30 | out: hHeap=0x400000) returned 1 [0231.301] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x444378 | out: hHeap=0x400000) returned 1 [0231.302] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4457a0 | out: hHeap=0x400000) returned 1 [0231.303] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x445398 | out: hHeap=0x400000) returned 1 [0231.303] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x444f90 | out: hHeap=0x400000) returned 1 [0231.304] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x44bf88 | out: hHeap=0x400000) returned 1 [0231.305] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4cfa50 | out: hHeap=0x400000) returned 1 [0231.306] HeapFree (in: hHeap=0x400000, dwFlags=0x0, lpMem=0x4d05b0 | out: hHeap=0x400000) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0231.307] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0231.308] ExpandEnvironmentStringsW (in: lpSrc="gesf.exe", lpDst=0x164c80, nSize=0x1000 | out: lpDst="gesf.exe") returned 0x9 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 3 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0231.308] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 3 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="TempMode", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 2 [0231.309] ExpandEnvironmentStringsW (in: lpSrc="1", lpDst=0x164c80, nSize=0x1000 | out: lpDst="1") returned 0x2 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Silent", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 2 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=";Расположенный ниже комментарий содержит команды SFX-сценария", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 1 [0231.309] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="TempMode", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="License", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Presetup", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Shortcut", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SavePath", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="Update", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="", cchCount1=-1, lpString2="SetupCode", cchCount2=-1) returned 1 [0231.310] ExpandEnvironmentStringsW (in: lpSrc="gesf.exe", lpDst=0x164c80, nSize=0x1000 | out: lpDst="gesf.exe") returned 0x9 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Delete", cchCount2=-1) returned 3 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Text", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Title", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Path", cchCount2=-1) returned 3 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Silent", cchCount2=-1) returned 1 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Overwrite", cchCount2=-1) returned 3 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1="Setup", cchCount1=-1, lpString2="Setup", cchCount2=-1) returned 2 [0231.310] CompareStringW (Locale=0x400, dwCmpFlags=0x1001, lpString1=".exe", cchCount1=-1, lpString2=".inf", cchCount2=-1) returned 1 [0231.311] GetFileAttributesW (lpFileName="gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x20 [0231.311] GetFullPathNameW (in: lpFileName="gesf.exe", nBufferLength=0x800, lpBuffer=0x164c24, lpFilePart=0x165c24 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x165c24*="gesf.exe") returned 0x35 [0231.311] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0231.312] GetProcAddress (hModule=0x76090000, lpProcName="ShellExecuteExW") returned 0x7618df80 [0231.312] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x165bd0 | out: lpflOldProtect=0x165bd0*=0x4) returned 1 [0231.312] ShellExecuteExW (in: pExecInfo=0x165c4c*(cbSize=0x3c, fMask=0x1c0, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x165c4c*(cbSize=0x3c, fMask=0x1c0, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x520)) returned 1 [0232.389] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0232.390] GetProcAddress (hModule=0x769d0000, lpProcName="IsWindowVisible") returned 0x76a02580 [0232.390] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x165bd0 | out: lpflOldProtect=0x165bd0*=0x4) returned 1 [0232.390] IsWindowVisible (hWnd=0xb0064) returned 0 [0232.390] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x4, lpflOldProtect=0xf03d24 | out: lpflOldProtect=0xf03d24*=0x2) returned 1 [0232.391] GetProcAddress (hModule=0x769d0000, lpProcName="WaitForInputIdle") returned 0x76a5dec0 [0232.391] VirtualProtect (in: lpAddress=0xf05000, dwSize=0x1a4, flNewProtect=0x2, lpflOldProtect=0x165bcc | out: lpflOldProtect=0x165bcc*=0x4) returned 1 [0232.391] WaitForInputIdle (hProcess=0x520, dwMilliseconds=0x7d0) returned 0x102 [0234.918] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0234.932] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0234.932] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0234.932] TranslateMessage (lpMsg=0x165c14) returned 0 [0234.932] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0234.933] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0234.947] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0234.948] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0234.963] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0234.963] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0234.978] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0234.979] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0234.994] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0234.994] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.010] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.010] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.027] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.027] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.041] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.041] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.057] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.057] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.072] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.072] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.088] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.088] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.105] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.105] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.119] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.119] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.136] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.136] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.151] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.151] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.178] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.178] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.198] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.198] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.220] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.220] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.245] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.245] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.365] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0235.365] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0235.365] TranslateMessage (lpMsg=0x165c14) returned 0 [0235.365] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0235.366] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.369] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.369] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.385] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.385] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.401] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.401] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.416] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.416] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.432] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.432] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.447] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.447] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.464] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.464] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.502] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.502] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.528] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.528] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.541] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.541] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.557] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.557] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.573] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.573] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.613] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.613] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.619] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.619] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0235.647] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0235.647] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0236.223] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0236.223] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0236.223] TranslateMessage (lpMsg=0x165c14) returned 0 [0236.223] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0236.223] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0236.245] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0236.245] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0236.260] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0236.260] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0236.275] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0236.275] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0236.296] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0236.296] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0236.947] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0236.948] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0236.948] TranslateMessage (lpMsg=0x165c14) returned 0 [0236.948] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0236.948] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0236.963] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0236.963] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0236.993] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0236.993] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0237.011] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0237.011] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0237.041] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0237.041] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0237.057] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0237.057] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0237.073] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0237.073] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0237.088] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0237.088] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0237.108] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0237.108] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0237.119] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0237.119] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0237.147] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0237.147] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0237.898] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0237.898] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0237.898] TranslateMessage (lpMsg=0x165c14) returned 0 [0237.898] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0237.898] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0237.912] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0237.912] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0237.944] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0237.944] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0238.707] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0238.707] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0238.707] TranslateMessage (lpMsg=0x165c14) returned 0 [0238.707] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0238.707] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0238.724] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0238.724] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0238.737] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0238.737] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0238.770] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0238.770] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0239.487] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0239.487] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0239.488] TranslateMessage (lpMsg=0x165c14) returned 0 [0239.488] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0239.488] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0239.514] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0239.514] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0240.272] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0240.272] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0240.272] TranslateMessage (lpMsg=0x165c14) returned 0 [0240.273] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0242.249] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0242.274] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0242.274] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0242.275] TranslateMessage (lpMsg=0x165c14) returned 0 [0242.275] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0242.275] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0242.286] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0242.286] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0242.316] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0242.316] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0242.332] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0242.332] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0242.347] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0242.347] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0242.362] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0242.362] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0242.378] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0242.378] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0242.456] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0242.456] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0243.264] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0243.264] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0243.264] TranslateMessage (lpMsg=0x165c14) returned 0 [0243.264] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0244.008] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0244.031] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0244.031] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0244.031] TranslateMessage (lpMsg=0x165c14) returned 0 [0244.031] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0244.032] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0244.034] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0244.035] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0244.054] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0244.054] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0244.083] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0244.083] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0244.099] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0244.099] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0244.118] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0244.118] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0244.150] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0244.150] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0245.653] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0245.653] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0245.653] TranslateMessage (lpMsg=0x165c14) returned 0 [0245.653] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0245.654] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0245.672] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0245.672] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0246.342] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0246.342] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0246.343] TranslateMessage (lpMsg=0x165c14) returned 0 [0246.343] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0246.343] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0246.356] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0246.356] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0246.389] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0246.389] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0246.950] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0246.950] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0246.950] TranslateMessage (lpMsg=0x165c14) returned 0 [0246.950] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0246.950] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0246.966] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0246.966] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0246.994] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0246.994] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0247.763] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0247.763] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0247.763] TranslateMessage (lpMsg=0x165c14) returned 0 [0247.763] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0247.763] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0247.804] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0247.804] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0248.601] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0248.601] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0248.601] TranslateMessage (lpMsg=0x165c14) returned 0 [0248.601] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0248.602] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0248.614] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0248.614] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0248.631] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0248.632] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0248.669] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0248.669] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0249.284] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0249.284] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0249.284] TranslateMessage (lpMsg=0x165c14) returned 0 [0249.284] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0249.285] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0249.300] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0249.300] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0249.317] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0249.317] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0249.370] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0249.370] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0249.370] TranslateMessage (lpMsg=0x165c14) returned 0 [0249.370] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0249.370] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0249.453] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0249.454] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0249.455] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0249.455] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0249.474] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0249.474] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0249.488] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0249.488] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0249.503] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0249.503] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0249.519] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0249.519] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0249.558] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0249.559] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0250.268] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0250.270] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0250.270] TranslateMessage (lpMsg=0x165c14) returned 0 [0250.270] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0250.270] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0250.283] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0250.283] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0250.299] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0250.299] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0250.328] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0250.328] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0250.971] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0250.971] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0250.971] TranslateMessage (lpMsg=0x165c14) returned 0 [0250.971] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0250.971] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0250.986] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0250.986] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0250.987] TranslateMessage (lpMsg=0x165c14) returned 0 [0250.987] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0250.987] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0251.002] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0251.002] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0251.018] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0251.018] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0251.035] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0251.035] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0251.062] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0251.062] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0251.721] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0251.721] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0251.721] TranslateMessage (lpMsg=0x165c14) returned 0 [0251.721] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0251.721] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0251.738] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0251.738] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0252.455] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0252.455] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0252.456] TranslateMessage (lpMsg=0x165c14) returned 0 [0252.456] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0252.456] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0252.479] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0252.479] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0252.496] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0252.496] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.098] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0253.098] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0253.098] TranslateMessage (lpMsg=0x165c14) returned 0 [0253.098] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0253.098] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.115] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.115] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.129] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0253.129] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0253.129] TranslateMessage (lpMsg=0x165c14) returned 0 [0253.129] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0253.130] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.183] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.183] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.192] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.192] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.222] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.222] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.256] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.256] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.270] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.270] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.285] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.285] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.301] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.301] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.317] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.317] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.333] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.333] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.365] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.365] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.390] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.390] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.411] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.411] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.426] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.426] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.442] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.442] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.458] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.458] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.474] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.474] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.489] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.489] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.505] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.505] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.522] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.522] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.540] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.540] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.568] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.568] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.598] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.598] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.614] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.614] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.629] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.629] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.645] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.645] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.661] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0253.661] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0253.661] TranslateMessage (lpMsg=0x165c14) returned 0 [0253.661] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0253.661] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.679] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.679] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.693] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.693] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.726] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.726] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.743] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.743] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.771] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.771] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.788] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.788] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.801] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.801] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.817] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.817] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.832] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.832] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.848] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.848] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.864] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.864] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.881] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.881] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.895] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.895] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.911] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.911] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.931] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.931] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.948] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.948] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0253.976] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0253.976] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.077] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.078] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.082] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.082] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.099] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.099] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.114] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.114] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.129] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.129] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.145] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.145] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.160] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.160] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.179] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.179] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.198] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0254.198] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0254.198] TranslateMessage (lpMsg=0x165c14) returned 0 [0254.198] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0254.198] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.223] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.223] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.238] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.238] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.261] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.261] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.289] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.289] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.309] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.309] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.327] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.327] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.380] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.380] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.395] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.395] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.410] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.410] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.426] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.426] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.442] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.442] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.464] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.464] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.490] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.490] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.508] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.508] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.526] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.526] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.551] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.551] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.568] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.568] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.598] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.598] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.613] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.614] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.631] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.631] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.645] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.645] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.660] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.660] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.676] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.676] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.693] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.693] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.709] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.709] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.745] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0254.745] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0254.745] TranslateMessage (lpMsg=0x165c14) returned 0 [0254.745] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0254.745] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.754] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.754] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.806] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.806] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.832] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.832] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.849] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.849] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.866] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.866] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.905] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.905] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.935] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.935] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.946] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.946] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.959] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.959] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0254.976] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0254.976] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.046] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.046] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.050] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.050] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.064] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.064] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.080] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.080] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.098] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.098] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.115] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.115] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.133] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.133] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.153] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.153] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.167] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.167] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.183] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.183] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.198] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.198] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.230] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.230] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.246] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.246] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.263] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.263] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.294] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0255.294] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0255.294] TranslateMessage (lpMsg=0x165c14) returned 0 [0255.294] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0255.294] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.308] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.308] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.328] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.328] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.346] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.346] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.370] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.370] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.415] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.416] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.417] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.417] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.438] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.438] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.455] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.455] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.481] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.481] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.495] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.495] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.513] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.513] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.590] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.591] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.611] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.611] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.627] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.627] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.644] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.644] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.660] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.660] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.695] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.695] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.711] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.711] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.730] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.730] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.748] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.748] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.764] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.764] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.780] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.780] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.809] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.809] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.824] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0255.824] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0255.824] TranslateMessage (lpMsg=0x165c14) returned 0 [0255.824] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0255.824] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.840] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.840] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.868] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.868] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.885] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.885] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.902] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.902] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.918] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.918] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.933] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.933] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.948] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.949] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.974] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.974] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0255.991] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0255.991] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.011] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.011] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.028] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.028] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.045] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.046] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.078] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.078] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.148] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.148] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.152] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.152] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.170] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.170] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.183] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.183] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.198] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.198] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.230] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.230] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.251] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.251] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.268] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.268] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.308] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.308] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.324] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.324] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.339] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.339] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.356] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0256.357] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0256.357] TranslateMessage (lpMsg=0x165c14) returned 0 [0256.357] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0256.357] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.370] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.370] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.386] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.386] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.403] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.403] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.420] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.420] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.448] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.449] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.465] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.465] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.480] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.480] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.495] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.495] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.511] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.511] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.539] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.539] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.559] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.559] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.596] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.596] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.612] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.612] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.667] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.667] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.684] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.684] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.699] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.699] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.808] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.808] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.824] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.824] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.840] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.840] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.866] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.866] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.890] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0256.890] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0256.890] TranslateMessage (lpMsg=0x165c14) returned 0 [0256.890] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0256.890] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.919] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.919] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.949] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.950] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0256.972] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0256.972] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.008] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.008] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.038] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.038] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.079] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.079] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.105] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.105] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.141] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.141] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.167] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.167] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.192] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.192] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.220] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.220] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.250] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.250] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.286] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.286] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.314] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.314] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.336] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.336] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.356] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.356] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.433] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0257.433] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0257.433] TranslateMessage (lpMsg=0x165c14) returned 0 [0257.433] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0257.433] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.449] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.449] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.468] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.468] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.484] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.484] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.511] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.511] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.527] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.527] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.544] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.544] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.560] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.560] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.590] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.590] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.605] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.605] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.622] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.622] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.639] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.639] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.663] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.663] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.679] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.679] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.696] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.696] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.714] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.714] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.730] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.730] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.746] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.746] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.762] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.762] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.778] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.778] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.808] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.808] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.823] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.824] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.839] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.839] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.856] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.856] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.872] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.872] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.889] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.889] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.953] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0257.953] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0257.953] TranslateMessage (lpMsg=0x165c14) returned 0 [0257.953] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0257.953] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.964] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.964] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0257.980] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0257.980] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.006] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.006] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.023] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.023] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.078] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.078] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.086] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.086] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.101] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.101] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.118] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.118] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.131] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.131] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.148] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.148] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.163] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.163] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.178] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.178] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.195] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.195] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.211] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.211] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.227] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.227] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.297] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.297] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.321] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.321] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.338] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.338] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.351] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.351] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.380] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.380] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.397] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.397] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.461] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.461] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.476] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0258.476] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0258.476] TranslateMessage (lpMsg=0x165c14) returned 0 [0258.476] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0258.476] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.491] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.491] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.507] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.507] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.522] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.522] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.538] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.538] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.553] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.553] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.572] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.572] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.589] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.589] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.618] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.618] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.666] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.666] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.693] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.693] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.696] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.696] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.727] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.727] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.749] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.749] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.775] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.775] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.789] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.789] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.823] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.823] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.853] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.853] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.870] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.870] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.897] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.897] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.914] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.914] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.949] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.949] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.969] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.969] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0258.998] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0258.998] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.015] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0259.015] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0259.015] TranslateMessage (lpMsg=0x165c14) returned 0 [0259.015] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0259.015] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.039] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.039] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.061] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.061] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.227] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.227] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.241] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.241] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.257] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.257] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.272] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.272] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.313] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.313] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.330] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.330] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.350] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.350] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.366] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.366] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.381] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.381] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.397] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.397] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.414] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.414] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.435] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.435] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.454] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.454] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.618] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0259.618] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0259.619] TranslateMessage (lpMsg=0x165c14) returned 0 [0259.619] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0259.619] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.632] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.632] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.647] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.647] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.664] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.664] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.690] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.690] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.715] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.715] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.741] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.741] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.757] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.757] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.772] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.772] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.788] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.788] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.803] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.803] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.819] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.819] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.838] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.838] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.850] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.850] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.866] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.866] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.883] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.883] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.913] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.913] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.929] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.929] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0259.948] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0259.948] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.006] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.006] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.022] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.022] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.038] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.038] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.056] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.056] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.095] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0260.096] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0260.096] TranslateMessage (lpMsg=0x165c14) returned 0 [0260.096] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0260.096] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.116] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.116] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.131] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.131] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.147] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.147] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.163] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.163] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.191] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.192] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.211] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.211] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.225] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.226] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.241] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.241] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.256] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.256] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.272] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.272] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.288] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.288] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.305] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.305] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.336] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.336] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.350] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.350] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.370] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.371] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.397] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.397] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.413] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.413] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.436] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.436] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.454] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.455] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.478] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.478] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.503] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.503] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.533] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.533] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.552] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.552] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.571] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.571] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.587] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.587] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.669] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0260.669] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0260.669] TranslateMessage (lpMsg=0x165c14) returned 0 [0260.669] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0260.669] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.687] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.687] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.710] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.710] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.725] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.725] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.741] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.741] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.758] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.758] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.772] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.772] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.788] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.788] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.803] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.803] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.819] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.819] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.835] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.835] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.850] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.850] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.866] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.866] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.881] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.881] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.898] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.898] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.913] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.913] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.944] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.944] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.961] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.961] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.975] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.975] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0260.991] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0260.991] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.006] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.006] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.022] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.022] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.038] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.038] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.058] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.058] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.077] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.077] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.100] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.100] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.116] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.116] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.134] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.134] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.163] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.163] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.180] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0261.180] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0261.180] TranslateMessage (lpMsg=0x165c14) returned 0 [0261.181] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0261.181] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.199] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.199] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.225] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.225] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.241] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.241] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.256] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.256] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.272] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.272] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.289] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.289] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.314] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.314] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.332] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.332] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.350] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.350] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.366] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.366] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.386] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.386] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.407] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.407] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.428] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.428] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.444] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.444] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.554] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.554] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.589] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.589] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.620] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.620] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.655] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.655] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.738] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0261.738] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0261.738] TranslateMessage (lpMsg=0x165c14) returned 0 [0261.738] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0261.738] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.741] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.741] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.785] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.785] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.821] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.821] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.857] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.857] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.897] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.897] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.913] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.913] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.929] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.929] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.944] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.944] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.960] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.960] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0261.986] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0261.986] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.016] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.016] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.041] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.041] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.072] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.072] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.100] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.100] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.133] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.133] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.159] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.159] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.185] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.186] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.213] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.213] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.239] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.239] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.266] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0262.267] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0262.267] TranslateMessage (lpMsg=0x165c14) returned 0 [0262.267] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0262.267] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.295] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.295] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.333] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.333] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.358] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.358] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.396] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.396] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.421] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.421] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.444] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.444] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.466] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.466] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.476] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.476] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.491] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.491] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.510] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.510] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.538] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.538] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.553] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.553] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.569] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.569] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.585] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.585] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.600] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.600] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.617] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.617] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.748] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.748] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.756] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.756] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.773] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.773] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.788] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0262.788] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0262.788] TranslateMessage (lpMsg=0x165c14) returned 0 [0262.788] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0262.788] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.805] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.805] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.819] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.819] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.839] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.839] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.866] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.866] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.882] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.882] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.900] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.900] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.967] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.967] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.975] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.975] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0262.991] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0262.991] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.006] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.007] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.022] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.022] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.038] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.038] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.056] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.056] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.080] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.080] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.096] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.096] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.112] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.112] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.142] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.142] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.158] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.158] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.175] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.175] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.206] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.206] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.237] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.237] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.266] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.266] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.284] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.284] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.299] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.299] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.315] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.315] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.337] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0263.337] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0263.337] TranslateMessage (lpMsg=0x165c14) returned 0 [0263.337] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0263.338] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.362] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.362] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.377] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.377] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.395] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.395] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.408] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.408] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.424] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.424] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.440] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.440] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.456] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.456] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.471] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.472] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.487] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.487] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.502] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.503] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.519] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.519] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.533] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.533] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.549] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.549] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.565] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.565] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.580] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.580] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.598] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.598] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.612] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.612] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.627] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.627] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.650] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.650] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.658] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.658] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.674] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.674] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.690] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.690] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.706] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.707] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.735] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.735] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.752] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.752] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.768] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.768] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.797] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.797] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.816] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.816] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.909] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0263.910] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0263.910] TranslateMessage (lpMsg=0x165c14) returned 0 [0263.910] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0263.910] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.974] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.974] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0263.986] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0263.986] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.006] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.006] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.020] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.020] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.037] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.037] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.074] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.074] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.097] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.097] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.113] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.113] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.129] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.129] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.144] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.144] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.159] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.159] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.176] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.176] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.199] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.199] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.214] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.214] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.230] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.230] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.245] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.245] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.261] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.261] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.276] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.276] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.296] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.296] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.307] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.308] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.324] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.324] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.350] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.350] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.367] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.367] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.396] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0264.396] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0264.396] TranslateMessage (lpMsg=0x165c14) returned 0 [0264.396] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0264.396] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.417] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.417] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.432] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.432] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.449] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.449] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.464] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.464] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.479] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.479] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.495] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.495] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.511] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.511] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.526] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.526] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.573] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.573] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.589] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.589] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.605] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.605] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.620] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.620] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.636] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.636] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.651] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.651] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.668] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.668] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.683] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.683] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.698] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.698] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.714] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.714] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.729] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.729] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.745] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.745] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.761] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.761] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.777] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.777] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.792] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.792] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.807] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.808] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.823] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.823] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.839] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.839] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.854] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.854] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.870] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.870] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.887] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.887] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.901] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.901] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.917] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.917] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.933] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0264.933] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0264.933] TranslateMessage (lpMsg=0x165c14) returned 0 [0264.933] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0264.933] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0264.948] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0264.948] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.012] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.012] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.048] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.048] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.057] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.057] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.073] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.073] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.089] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.089] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.105] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.105] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.121] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.121] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.136] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.136] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.151] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.151] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.167] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.167] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.185] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.185] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.198] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.198] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.214] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.214] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.230] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.231] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.245] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.245] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.263] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.263] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.276] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.276] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.292] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.292] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.308] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.308] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.323] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.323] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.345] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.345] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.370] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.370] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.386] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.386] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.401] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.401] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.417] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.417] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.446] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.446] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.448] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.448] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.464] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0265.464] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0265.464] TranslateMessage (lpMsg=0x165c14) returned 0 [0265.464] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0265.464] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.479] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.479] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.495] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.495] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.511] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.511] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.526] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.526] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.543] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.543] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.557] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.557] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.585] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.585] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.606] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.606] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.620] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.620] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.636] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.636] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.651] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.651] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.667] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.667] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.683] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.683] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.730] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.730] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.767] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.767] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.795] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.795] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.825] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.825] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.839] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.839] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.854] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.854] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.872] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.872] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.886] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.886] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.903] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.903] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.917] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.917] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.933] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.933] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.948] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.948] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.964] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.964] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.981] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0265.981] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0265.995] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0265.995] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0265.995] TranslateMessage (lpMsg=0x165c14) returned 0 [0265.996] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0265.996] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.011] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.011] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.113] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.113] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.120] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.120] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.157] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.157] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.183] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.183] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.198] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.198] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.233] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.233] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.292] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.292] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.308] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.308] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.323] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.323] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.350] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.350] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.370] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.370] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.386] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.386] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.401] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.401] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.418] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.418] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.433] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.433] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.461] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.461] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.488] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.488] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.528] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0266.529] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0266.529] TranslateMessage (lpMsg=0x165c14) returned 0 [0266.529] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0266.529] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.557] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.558] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.574] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.574] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.589] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.589] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.604] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.604] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.620] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.620] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.636] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.636] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.651] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.651] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.667] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.667] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.682] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.682] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.698] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.698] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.714] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.714] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.729] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.729] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.745] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.745] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.761] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.761] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.778] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.778] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.792] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.792] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.808] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.808] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.823] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.823] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.839] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.839] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.854] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.854] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.870] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.870] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.886] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.886] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.902] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.902] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.917] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.917] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.932] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.932] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.948] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.948] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.964] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.964] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.980] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.980] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0266.995] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0266.995] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.011] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.011] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.027] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.027] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.044] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.044] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.058] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0267.058] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0267.058] TranslateMessage (lpMsg=0x165c14) returned 0 [0267.058] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0267.058] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.090] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.090] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.105] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.105] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.120] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.120] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.136] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.136] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.271] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.271] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.292] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.292] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.307] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.308] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.323] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.323] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.346] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.346] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.371] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.371] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.386] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.386] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.401] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.401] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.511] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.511] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.526] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.526] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.542] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.542] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.567] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.567] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.573] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.573] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.590] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0267.590] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0267.590] TranslateMessage (lpMsg=0x165c14) returned 0 [0267.590] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0267.590] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.604] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.604] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.620] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.620] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.636] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.636] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.652] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.652] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.672] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.672] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.692] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.692] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.698] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.698] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.714] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.714] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.729] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.729] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.745] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.745] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.760] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.761] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.808] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.808] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.823] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.823] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.839] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.839] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.854] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.854] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.870] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.870] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.886] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.886] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.902] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.902] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.917] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.917] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.932] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.932] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.948] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.948] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0267.964] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0267.964] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.042] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.042] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.058] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.058] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.072] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.073] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.091] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.091] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.105] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.105] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.120] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0268.120] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0268.120] TranslateMessage (lpMsg=0x165c14) returned 0 [0268.120] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0268.120] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.138] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.138] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.208] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.208] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.213] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.213] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.230] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.230] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.244] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.244] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.261] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.261] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.276] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.276] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.294] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.294] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.309] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.309] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.323] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.323] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.348] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.348] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.354] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.354] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.370] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.370] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.385] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.385] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.401] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.401] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.418] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.418] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.432] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.432] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.448] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.448] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.463] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.463] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.479] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.479] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.494] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.494] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.524] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.525] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.542] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.542] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.557] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.557] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.573] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.573] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.588] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.588] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.655] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0268.752] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0268.753] TranslateMessage (lpMsg=0x165c14) returned 0 [0268.753] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0268.753] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.760] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.760] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.776] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.776] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.803] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.803] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.827] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.827] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.854] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.854] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.875] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.875] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.901] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.901] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.916] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.916] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.932] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.932] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.950] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.950] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.963] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.963] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.979] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.979] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0268.995] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0268.995] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.011] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.011] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.026] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.026] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.041] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.041] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.057] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.057] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.072] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.072] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.088] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.088] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.108] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.109] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.119] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.120] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.168] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.168] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.183] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0269.183] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0269.183] TranslateMessage (lpMsg=0x165c14) returned 0 [0269.184] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0269.184] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.288] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.288] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.291] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.291] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.329] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.329] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.347] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.347] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.369] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.369] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.385] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.385] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.402] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.402] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.416] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.416] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.432] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.432] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.448] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.448] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.463] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.464] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.479] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.479] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.494] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.494] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.511] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.511] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.525] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.526] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.541] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.541] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.557] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.557] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.574] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.574] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.591] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.591] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.604] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.604] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.620] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.620] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.635] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.635] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.650] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.651] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.666] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.666] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.683] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.683] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.700] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.700] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.713] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0269.713] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0269.713] TranslateMessage (lpMsg=0x165c14) returned 0 [0269.713] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0269.714] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.730] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.730] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.744] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.744] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.760] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.760] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.775] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.775] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.841] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.841] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.866] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.866] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.869] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.869] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.892] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.892] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.901] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.901] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.916] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.916] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.932] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.932] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.947] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.947] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.964] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.964] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.979] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.979] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0269.994] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0269.994] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.010] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.010] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.026] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.026] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.044] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.044] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.057] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.057] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.073] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.073] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.088] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.088] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.104] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.104] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.119] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.119] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.135] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.135] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.163] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.163] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.182] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.182] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.198] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.198] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.213] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.213] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.231] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.231] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.312] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0270.312] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0270.312] TranslateMessage (lpMsg=0x165c14) returned 0 [0270.312] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0270.313] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.323] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.323] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.349] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.349] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.357] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.357] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.369] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.369] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.385] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.385] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.401] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.401] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.416] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.416] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.432] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.432] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.452] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.452] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.463] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.463] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.479] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.479] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.494] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.494] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.510] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.510] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.526] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.526] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.541] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.541] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.558] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.558] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.573] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.573] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.588] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.588] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.604] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.604] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.619] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.620] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.635] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.635] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.651] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.651] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.667] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.667] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.684] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.684] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.713] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.713] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.729] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.729] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.749] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.749] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.793] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.793] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.816] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.816] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.834] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.834] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.854] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0270.854] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0270.854] TranslateMessage (lpMsg=0x165c14) returned 0 [0270.854] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0270.854] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.869] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.870] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.892] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.892] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.917] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.917] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.932] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.932] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.948] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.948] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0270.963] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0270.963] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.057] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.057] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.084] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.084] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.129] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.129] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.151] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.151] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.167] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.167] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.182] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.182] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.198] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.198] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.213] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.213] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.230] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.230] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.244] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.244] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.260] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.260] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.276] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.276] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.291] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.291] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.307] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.307] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.322] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.322] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.345] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.345] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.405] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0271.406] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0271.406] TranslateMessage (lpMsg=0x165c14) returned 0 [0271.406] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0271.406] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.432] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.432] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.447] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.447] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.467] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.467] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.479] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.479] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.494] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.494] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.510] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.510] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.526] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.526] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.542] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.542] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.557] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.557] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.572] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.572] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.588] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.588] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.604] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.604] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.619] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.619] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.635] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.635] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.663] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.663] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.682] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.682] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.697] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.697] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.713] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.713] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.729] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.729] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.744] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.744] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.760] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.760] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.776] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.776] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.792] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.792] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.816] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.816] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.838] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.838] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.857] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.857] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.884] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.884] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.905] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.905] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.934] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0271.934] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0271.935] TranslateMessage (lpMsg=0x165c14) returned 0 [0271.935] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0271.935] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.952] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.952] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.979] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.979] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0271.994] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0271.994] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.010] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.010] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.038] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.038] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.057] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.057] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.072] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.072] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.089] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.089] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.104] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.104] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.119] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.120] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.151] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.152] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.191] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.191] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.260] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.260] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.285] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.285] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.317] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.317] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.350] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.350] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.382] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.382] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.409] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.409] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.959] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0272.960] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0272.960] TranslateMessage (lpMsg=0x165c14) returned 0 [0272.960] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0272.960] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0272.982] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0272.982] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.000] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.000] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.018] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.018] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.036] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.036] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.051] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.051] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.185] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.185] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.192] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.192] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.207] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.207] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.223] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.223] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.238] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.238] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.254] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.254] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.291] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.291] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.317] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.317] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.332] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.332] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.354] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.354] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.379] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.379] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.493] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0273.494] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0273.494] TranslateMessage (lpMsg=0x165c14) returned 0 [0273.494] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0273.494] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.504] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.504] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.520] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.520] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.602] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.602] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.617] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.617] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.632] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.632] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.657] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.657] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.684] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.684] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.705] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.706] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.720] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.720] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.736] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.736] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.751] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.751] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.767] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.767] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.784] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.784] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.808] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.808] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.822] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.822] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.838] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.838] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.855] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.855] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.869] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.869] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.885] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.885] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.900] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.900] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.919] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.919] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.943] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.943] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0273.994] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0273.994] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.011] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0274.011] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0274.011] TranslateMessage (lpMsg=0x165c14) returned 0 [0274.011] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0274.011] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.025] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.025] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.041] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.041] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.057] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.057] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.072] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.072] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.089] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.089] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.106] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.106] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.136] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.136] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.150] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.150] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.166] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.166] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.261] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.261] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.302] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.302] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.329] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.329] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.358] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.358] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.385] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.385] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.400] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.400] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.416] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.416] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.441] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.441] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.464] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.464] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.478] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.478] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.494] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.494] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.510] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.510] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.526] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.526] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.557] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0274.558] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0274.558] TranslateMessage (lpMsg=0x165c14) returned 0 [0274.558] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0274.558] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.669] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.669] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.681] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.681] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.698] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.698] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.728] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.728] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.744] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.744] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.768] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.768] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.793] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.793] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.822] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.822] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.838] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.838] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.870] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.870] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.916] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.916] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.931] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.931] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.947] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.947] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.974] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.974] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0274.994] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0274.994] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.010] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.010] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.025] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.025] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.041] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.041] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.057] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.057] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.075] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.075] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.104] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0275.104] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0275.104] TranslateMessage (lpMsg=0x165c14) returned 0 [0275.104] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0275.104] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.119] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.119] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.135] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.135] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.151] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.151] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.166] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.166] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.182] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.182] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.197] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.197] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.230] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.230] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.259] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.259] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.277] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.277] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.374] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.374] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.386] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.386] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.416] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.416] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.432] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.432] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.449] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.449] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.476] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.476] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.480] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.498] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.525] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.525] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.541] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.541] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.557] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.557] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.572] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.572] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.588] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.588] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.605] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.605] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.619] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.619] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.635] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0275.635] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0275.635] TranslateMessage (lpMsg=0x165c14) returned 0 [0275.635] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0275.635] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.651] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.651] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.667] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.667] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.697] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.697] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.715] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.715] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.728] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.729] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.744] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.744] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.760] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.760] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.828] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.828] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.838] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.839] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.854] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.854] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.869] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.869] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.885] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.885] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.901] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.901] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.933] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.933] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.947] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.947] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.963] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.963] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.978] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.979] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0275.994] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0275.994] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.010] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.010] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.025] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.025] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.041] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.041] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.057] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.057] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.072] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.072] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.088] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.088] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.104] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.104] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.121] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.121] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.135] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.135] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.150] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.150] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.166] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0276.166] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0276.166] TranslateMessage (lpMsg=0x165c14) returned 0 [0276.166] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0276.167] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.185] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.185] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.206] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.206] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.250] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.250] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.264] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.264] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.279] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.279] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.295] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.295] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.405] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.405] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.418] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.418] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.434] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.434] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.460] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.460] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.466] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.466] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.505] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.505] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.513] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.513] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.528] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.528] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.545] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.545] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.559] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.559] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.576] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.576] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.590] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.590] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.605] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.605] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.622] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.622] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.637] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.637] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.654] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.654] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.668] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.668] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.684] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.684] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.701] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0276.701] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0276.701] TranslateMessage (lpMsg=0x165c14) returned 0 [0276.701] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0276.701] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.717] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.717] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.730] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.730] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.748] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.748] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.763] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.763] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.780] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.780] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.793] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.793] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.813] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.813] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.825] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.825] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.843] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.843] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.858] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.858] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.873] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.873] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.890] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.890] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.905] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.905] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.928] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.928] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.934] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.934] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.951] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.951] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0276.982] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0276.982] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.009] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.009] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.012] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.012] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.031] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.031] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.043] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.043] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.061] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.061] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.074] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.074] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.093] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.093] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.108] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.108] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.123] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.123] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.141] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.141] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.156] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.156] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.186] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.186] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.199] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.199] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.217] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.217] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.233] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0277.233] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0277.233] TranslateMessage (lpMsg=0x165c14) returned 0 [0277.233] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0277.233] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.248] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.248] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.263] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.263] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.277] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.277] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.295] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.295] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.308] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.308] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.416] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.416] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.420] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.420] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.434] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.434] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.450] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.450] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.468] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.468] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.480] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.480] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.498] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.498] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.515] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.515] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.528] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.528] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.545] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.545] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.558] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.558] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.577] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.577] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.590] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.590] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.608] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.608] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.638] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.638] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.652] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.652] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.670] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.670] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.685] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.685] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.699] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.699] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.719] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.719] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.731] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.731] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.746] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.746] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.762] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0277.762] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0277.762] TranslateMessage (lpMsg=0x165c14) returned 0 [0277.762] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0277.762] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.778] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.778] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.793] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.793] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.808] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.808] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.855] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.855] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.871] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.871] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.887] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.887] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.902] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.902] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.918] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.918] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.933] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.934] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.949] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.949] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.966] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.966] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.986] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.986] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0277.999] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0277.999] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.012] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.012] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.027] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.027] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.044] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.044] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.059] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.059] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.074] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.074] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.090] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.090] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.105] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.105] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.121] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.121] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.142] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.142] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.159] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.159] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.183] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.183] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.199] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.199] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.215] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.215] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.231] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.231] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.246] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.247] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.264] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.264] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.277] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.277] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.293] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0278.293] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0278.293] TranslateMessage (lpMsg=0x165c14) returned 0 [0278.293] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0278.294] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.428] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.428] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.434] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.434] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.452] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.452] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.481] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.481] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.496] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.496] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.512] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.512] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.528] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.528] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.559] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.559] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.574] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.574] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.590] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.590] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.605] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.605] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.622] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.622] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.652] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.652] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.668] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.668] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.684] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.684] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.699] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.699] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.715] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.715] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.730] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.730] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.746] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.746] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.762] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.762] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.777] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.777] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.793] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.793] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.809] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.809] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.826] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0278.826] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0278.826] TranslateMessage (lpMsg=0x165c14) returned 0 [0278.826] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0278.826] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.840] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.840] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.856] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.856] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.871] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.871] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.887] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.887] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.902] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.902] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.918] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.918] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.933] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.933] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.950] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.950] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.965] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.965] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0278.983] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0278.983] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.012] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.012] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.028] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.028] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.043] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.043] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.058] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.058] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.074] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.074] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.090] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.090] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.105] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.105] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.121] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.121] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.137] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.137] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.152] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.152] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.168] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.168] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.183] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.183] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.199] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.199] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.215] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.215] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.230] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.230] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.246] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.246] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.262] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.262] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.277] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.277] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.293] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.293] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.308] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.308] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.324] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.324] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.496] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0279.497] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0279.497] TranslateMessage (lpMsg=0x165c14) returned 0 [0279.497] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0279.497] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.512] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.512] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.527] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.527] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.543] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.543] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.558] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.558] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.574] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.574] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.590] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.590] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.605] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.605] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.621] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.621] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.636] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.637] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.652] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.652] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.668] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.668] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.684] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.684] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.715] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.715] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.730] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.730] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.747] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.747] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.762] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.762] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.777] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.777] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.806] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.806] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.824] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.824] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.841] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.841] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.870] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.871] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.887] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.887] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.902] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.902] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.918] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.918] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.933] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.934] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.949] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0279.949] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0279.949] TranslateMessage (lpMsg=0x165c14) returned 0 [0279.949] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0279.949] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.965] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.965] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0279.989] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0279.989] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.011] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.011] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.027] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.027] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.045] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.045] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.074] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.074] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.091] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.091] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.105] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.105] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.124] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.124] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.152] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.152] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.168] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.168] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.184] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.184] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.200] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.200] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.215] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.215] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.262] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.262] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.277] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.277] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.293] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.293] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.324] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.324] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.340] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.340] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.364] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.364] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.386] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.387] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.402] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.402] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.472] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.472] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.482] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0280.482] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0280.482] TranslateMessage (lpMsg=0x165c14) returned 0 [0280.482] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0280.483] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.496] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.496] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.513] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.513] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.575] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.575] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.590] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.590] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.605] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.605] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.621] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.621] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.637] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.637] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.652] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.652] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.679] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.679] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.710] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.710] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.730] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.730] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.746] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.746] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.762] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.762] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.777] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.777] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.793] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.793] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.809] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.809] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.824] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.824] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.840] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.840] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.855] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.855] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.871] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.871] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.888] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.888] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.902] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.902] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.918] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.918] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.933] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.934] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.949] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.949] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.965] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.965] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.980] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.980] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0280.998] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0280.998] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.012] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0281.012] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0281.012] TranslateMessage (lpMsg=0x165c14) returned 0 [0281.012] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0281.012] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.027] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.027] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.043] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.043] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.059] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.059] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.074] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.074] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.090] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.090] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.107] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.107] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.121] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.121] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.137] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.137] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.153] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.153] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.200] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.200] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.217] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.219] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.236] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.236] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.251] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.251] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.267] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.267] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.282] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.282] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.298] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.298] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.314] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.314] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.331] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.331] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.345] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.345] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.370] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.370] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.392] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.392] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.407] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.407] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.423] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.423] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.440] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.440] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.592] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0281.592] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0281.592] TranslateMessage (lpMsg=0x165c14) returned 0 [0281.592] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0281.592] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.595] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.595] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.610] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.610] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.626] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.626] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.642] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.642] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.657] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.657] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.673] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.673] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.692] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.692] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.705] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.705] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.725] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.725] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.735] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.735] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.760] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.760] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.785] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.786] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.804] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.804] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.829] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.829] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.846] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.846] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.861] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.861] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.908] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.908] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.923] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.923] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.939] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.939] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.954] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.954] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.970] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.970] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0281.998] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0281.998] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.017] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.017] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.033] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.033] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.048] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.048] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.064] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.064] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.092] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.092] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.113] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0282.113] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0282.113] TranslateMessage (lpMsg=0x165c14) returned 0 [0282.113] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0282.114] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.142] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.142] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.157] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.157] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.173] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.173] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.189] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.189] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.204] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.204] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.220] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.220] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.235] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.235] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.251] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.251] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.267] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.267] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.282] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.282] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.298] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.298] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.329] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.329] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.356] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.356] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.371] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.371] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.404] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.405] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.425] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.425] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.459] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.459] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.497] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.497] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.517] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.517] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.533] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.533] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.549] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.549] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.564] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.564] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.579] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.579] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.595] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.595] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.611] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.611] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.629] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.629] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.642] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.642] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.724] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0282.724] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0282.724] TranslateMessage (lpMsg=0x165c14) returned 0 [0282.724] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0282.724] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.752] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.752] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.767] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.767] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.782] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.782] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.798] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.798] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.814] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.814] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.829] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.829] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.845] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.845] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.863] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.863] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.876] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.876] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.892] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.892] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.911] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.911] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.954] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.954] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.971] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.971] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0282.985] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0282.985] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.001] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.001] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.026] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.026] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.049] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.049] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.064] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.064] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.079] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.079] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.095] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.095] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.111] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.111] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.126] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.126] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.142] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.142] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.157] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.158] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.174] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.174] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.197] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.197] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.220] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.220] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.249] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.249] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.267] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0283.267] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0283.267] TranslateMessage (lpMsg=0x165c14) returned 0 [0283.267] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0283.267] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.285] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.285] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.314] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.314] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.336] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.336] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.380] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.380] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.408] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.408] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.423] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.423] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.440] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.440] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.455] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.456] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.473] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.473] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.489] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.489] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.504] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.504] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.519] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.519] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.577] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.577] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.599] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.599] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.615] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.615] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.637] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.637] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.664] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.664] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.681] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.681] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.700] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.700] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.715] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.715] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.750] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.750] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.778] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0283.778] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0283.778] TranslateMessage (lpMsg=0x165c14) returned 0 [0283.778] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0283.779] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.793] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.793] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.825] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.825] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.900] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.900] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.902] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.902] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.918] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.918] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.934] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.935] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.949] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.949] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.965] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.965] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0283.989] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0283.989] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.012] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.012] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.027] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.027] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.044] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.044] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.059] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.059] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.074] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.074] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.138] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.138] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.155] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.155] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.168] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.168] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.224] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.224] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.246] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.246] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.263] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.263] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.282] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.282] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.299] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.300] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.324] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0284.325] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0284.325] TranslateMessage (lpMsg=0x165c14) returned 0 [0284.325] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0284.325] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.340] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.340] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.355] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.355] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.380] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.380] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.387] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.387] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.402] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.402] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.424] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.424] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.448] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.448] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.465] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.465] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.482] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.482] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.496] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.496] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.523] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.523] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.543] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.543] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.559] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.559] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.574] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.574] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.591] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.591] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.605] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.605] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.621] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.621] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.637] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.637] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.652] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.652] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.668] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.668] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.683] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.684] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.701] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.701] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.715] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.715] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.745] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.745] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.762] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.762] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.777] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.777] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.803] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.803] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.824] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.824] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.840] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.840] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.857] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0284.857] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0284.857] TranslateMessage (lpMsg=0x165c14) returned 0 [0284.857] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0284.857] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.898] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.898] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.918] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.918] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.933] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.933] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.949] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.949] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.965] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.965] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0284.984] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0284.984] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.063] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.063] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.074] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.074] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.090] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.090] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.109] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.109] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.121] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.121] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.172] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.172] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.193] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.193] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.208] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.208] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.220] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.220] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.235] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.235] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.251] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.251] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.269] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.269] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.427] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0285.427] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0285.428] TranslateMessage (lpMsg=0x165c14) returned 0 [0285.428] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0285.428] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.437] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.437] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.452] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.452] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.469] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.469] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0285.576] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0285.576] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.344] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0286.344] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0286.344] TranslateMessage (lpMsg=0x165c14) returned 0 [0286.344] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0286.344] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.361] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.361] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.386] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.386] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.409] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.409] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.438] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.438] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.453] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.453] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.486] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0286.487] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0286.487] TranslateMessage (lpMsg=0x165c14) returned 0 [0286.487] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0286.487] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.515] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.515] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.530] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.530] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.548] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.548] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.561] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.561] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.577] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.577] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.606] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.606] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.628] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.628] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.642] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.642] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.659] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.659] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.673] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.673] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.689] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.689] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.702] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.702] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.720] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.720] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.736] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.736] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.769] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.769] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.799] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.799] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.834] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.834] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.863] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.863] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.891] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.891] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.908] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.908] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.923] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.923] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.938] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.938] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0286.973] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0286.973] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.002] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0287.002] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0287.002] TranslateMessage (lpMsg=0x165c14) returned 0 [0287.002] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0287.002] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.017] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.017] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.034] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.034] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.049] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.049] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.075] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.075] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.096] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.097] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.127] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.127] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.141] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.141] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.158] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.159] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.171] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.171] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.189] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.189] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.202] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.202] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.220] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.220] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.235] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.235] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.251] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.251] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.402] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.402] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.423] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.423] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.439] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.439] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.455] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.455] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.484] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.484] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.508] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.508] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.533] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0287.533] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0287.533] TranslateMessage (lpMsg=0x165c14) returned 0 [0287.533] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0287.533] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.546] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.546] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.562] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.562] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.577] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.577] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.593] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.593] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.610] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.610] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.642] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.642] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.673] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.673] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.723] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.724] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.735] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.735] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.772] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.772] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.793] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.793] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.812] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.812] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.830] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.830] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.844] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.844] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.860] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.860] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.897] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.897] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.927] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.927] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.953] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.953] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.970] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.970] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0287.984] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0287.984] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.025] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.025] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.055] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.055] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.080] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0288.080] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0288.081] TranslateMessage (lpMsg=0x165c14) returned 0 [0288.081] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0288.081] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.094] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.094] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.112] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.112] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.126] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.126] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.154] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.154] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.183] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.183] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.206] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.206] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.218] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.219] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.235] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.235] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.249] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.250] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.265] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.265] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.289] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.289] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.316] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.316] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.327] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.327] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.343] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.343] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.359] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.359] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.375] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.375] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.401] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.401] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.421] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.421] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.439] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.439] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.461] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.461] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.469] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.469] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.556] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.556] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.561] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.562] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.577] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.577] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.593] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.593] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.612] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0288.612] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0288.612] TranslateMessage (lpMsg=0x165c14) returned 0 [0288.612] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0288.612] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.625] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.625] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.640] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.641] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.660] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.660] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.672] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.672] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.687] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.687] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.703] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.703] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.720] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.720] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.734] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.734] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.750] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.750] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.768] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.768] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.780] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.780] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.798] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.798] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.812] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.812] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.845] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.845] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.862] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.862] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.877] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.877] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.892] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.892] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.905] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.905] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.922] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.922] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.939] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.939] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0288.955] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0288.955] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.004] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.004] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.017] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.017] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.046] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.046] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.064] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.064] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.080] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.080] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.096] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.096] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.111] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.111] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.126] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.126] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.142] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0289.142] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0289.143] TranslateMessage (lpMsg=0x165c14) returned 0 [0289.143] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0289.143] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.158] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.158] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.172] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.172] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.189] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.189] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.202] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.202] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.220] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.220] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.237] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.237] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.251] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.251] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.266] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.266] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.283] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.284] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.314] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.314] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.330] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.330] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.345] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.345] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.361] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.361] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.376] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.376] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.406] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.406] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.424] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.424] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.437] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.437] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.455] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.455] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.471] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.471] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.485] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.485] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.503] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.503] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.600] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.600] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.609] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.609] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.624] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.624] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.640] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.640] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.655] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.655] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.674] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0289.674] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0289.674] TranslateMessage (lpMsg=0x165c14) returned 0 [0289.674] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0289.675] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.688] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.688] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.706] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.706] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.720] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.720] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.735] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.735] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.751] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.751] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.767] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.767] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.783] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.783] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.798] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.798] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.815] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.815] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.830] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.830] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.845] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.845] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.861] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.861] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.874] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.874] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.892] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.893] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.908] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.908] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.925] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.925] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.937] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.937] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.955] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.955] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.970] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.970] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0289.985] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0289.985] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.001] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.001] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.017] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.017] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.081] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.081] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.094] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.094] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.114] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.114] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.124] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.124] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.141] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.141] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.158] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.158] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.173] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.173] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.189] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.189] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.203] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0290.204] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0290.204] TranslateMessage (lpMsg=0x165c14) returned 0 [0290.204] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0290.204] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.224] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.224] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.238] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.238] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.257] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.257] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.271] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.271] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.285] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.286] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.300] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.300] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.320] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.320] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.333] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.333] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.348] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.348] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.363] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.363] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.379] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.379] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.406] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.406] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.427] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.428] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.441] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.441] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.459] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.459] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.472] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.472] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.490] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.490] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.580] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.580] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.584] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.584] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.598] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.598] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.614] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.614] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.631] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.631] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.646] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.646] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.661] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.661] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.677] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.677] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.694] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.694] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.707] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.707] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.726] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0290.726] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0290.726] TranslateMessage (lpMsg=0x165c14) returned 0 [0290.726] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0290.727] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.751] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.751] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.754] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.754] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.772] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.772] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.787] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.787] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.817] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.817] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.832] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.832] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.847] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.847] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.865] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.865] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.881] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.881] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.894] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.894] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.913] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.913] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.925] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.925] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.949] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.949] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.957] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.957] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.973] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.973] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0290.994] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0290.994] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.005] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.005] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.021] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.021] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.035] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.035] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.054] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.054] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.078] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.078] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.100] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.100] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.114] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.114] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.129] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.129] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.145] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.145] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.161] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.161] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.176] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.176] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.192] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.192] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.361] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0291.361] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0291.361] TranslateMessage (lpMsg=0x165c14) returned 0 [0291.361] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0291.362] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.365] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.365] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.380] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.380] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.409] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.409] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.428] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.428] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.444] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.444] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.459] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.459] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.473] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.473] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.490] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.490] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.578] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.578] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.581] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.581] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.598] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.598] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.616] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.616] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.630] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.630] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.645] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.645] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.660] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.660] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.687] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.687] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.709] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.709] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.725] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.725] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.740] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.740] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.764] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.764] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.782] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.782] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.803] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0291.803] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0291.803] TranslateMessage (lpMsg=0x165c14) returned 0 [0291.803] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0291.803] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.818] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.818] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.831] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.831] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.849] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.849] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.865] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.865] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.881] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.881] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.896] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.896] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.920] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.920] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.926] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.926] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.941] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.941] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0291.957] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0291.957] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.005] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.005] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.020] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.020] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.037] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.037] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.052] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.052] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.066] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.066] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.082] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.082] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.098] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.098] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.115] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.115] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.129] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.130] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.146] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.146] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.162] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.162] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.176] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.176] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.193] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.193] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.206] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.207] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.225] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.225] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.238] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.238] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.254] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.254] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.270] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.270] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.285] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.285] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.300] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.300] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.318] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.318] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.333] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0292.333] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0292.333] TranslateMessage (lpMsg=0x165c14) returned 0 [0292.333] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0292.333] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.350] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.350] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.364] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.364] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.380] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.380] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.450] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.450] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.457] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.457] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.472] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.472] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.490] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.490] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.604] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.604] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.613] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.613] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.630] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.631] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.645] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.645] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.660] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.660] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.676] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.676] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.693] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.693] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.709] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.709] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.723] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.723] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.738] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.738] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.754] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.754] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.769] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.769] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.787] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.787] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.804] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.804] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.820] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.820] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.832] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.832] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.850] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.850] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.863] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0292.863] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0292.863] TranslateMessage (lpMsg=0x165c14) returned 0 [0292.863] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0292.864] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.881] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.881] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.897] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.897] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.918] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.918] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.925] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.925] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.944] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.944] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.959] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.959] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.975] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.975] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0292.996] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0292.996] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.007] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.008] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.024] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.024] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.037] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.037] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.050] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.050] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.088] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.088] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.119] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.119] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.135] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.135] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.146] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.146] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.164] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.164] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.193] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.193] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.209] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.209] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.225] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.225] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.256] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.256] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.269] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.270] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.287] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.287] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.300] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.300] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.318] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.318] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.334] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.334] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.347] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.347] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.364] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.364] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.390] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.390] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.436] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0293.436] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0293.436] TranslateMessage (lpMsg=0x165c14) returned 0 [0293.436] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0293.436] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.452] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.452] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.477] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.477] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.489] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.489] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.506] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.506] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.627] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.627] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.630] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.630] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.677] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.677] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.691] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.691] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.707] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.707] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.723] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.723] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.738] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.738] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.754] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.754] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.785] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.785] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.800] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.800] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.816] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.816] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.831] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.831] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.847] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.847] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.868] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.868] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.890] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.890] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.897] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.897] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.913] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.913] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.925] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.925] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.942] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0293.942] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0293.942] TranslateMessage (lpMsg=0x165c14) returned 0 [0293.943] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0293.943] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.964] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.964] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.981] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.981] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0293.988] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0293.988] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0294.011] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0294.011] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0294.020] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0294.020] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0294.041] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0294.041] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0294.062] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0294.062] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0294.068] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0294.068] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0294.081] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0294.081] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0294.100] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0294.100] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0294.115] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0294.115] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0294.130] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0294.130] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0294.145] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0294.145] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0294.171] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 0 [0294.171] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0304.176] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0304.176] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0304.176] TranslateMessage (lpMsg=0x165c14) returned 0 [0304.177] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0304.177] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0314.193] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0314.193] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0314.194] TranslateMessage (lpMsg=0x165c14) returned 0 [0314.194] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0314.194] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0324.207] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0324.208] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0324.208] TranslateMessage (lpMsg=0x165c14) returned 0 [0324.208] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0324.208] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0334.210] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0334.210] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0334.210] TranslateMessage (lpMsg=0x165c14) returned 0 [0334.210] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0334.211] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0344.223] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0344.223] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0344.223] TranslateMessage (lpMsg=0x165c14) returned 0 [0344.223] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0344.223] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0354.319] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0354.319] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0354.319] TranslateMessage (lpMsg=0x165c14) returned 0 [0354.319] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0354.320] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0364.334] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0364.335] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0364.335] TranslateMessage (lpMsg=0x165c14) returned 0 [0364.335] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0364.335] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0374.402] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0374.403] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0374.403] TranslateMessage (lpMsg=0x165c14) returned 0 [0374.403] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0374.403] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0384.395] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0384.396] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0384.396] TranslateMessage (lpMsg=0x165c14) returned 0 [0384.396] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0384.396] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) returned 0x102 [0394.410] PeekMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x165c14) returned 1 [0394.411] GetMessageW (in: lpMsg=0x165c14, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x165c14) returned 1 [0394.411] TranslateMessage (lpMsg=0x165c14) returned 0 [0394.411] DispatchMessageW (lpMsg=0x165c14) returned 0x0 [0394.411] WaitForSingleObject (hHandle=0x520, dwMilliseconds=0xa) Thread: id = 107 os_tid = 0x8d4 Thread: id = 108 os_tid = 0xf04 Thread: id = 109 os_tid = 0x14c0 Thread: id = 110 os_tid = 0x4bc Thread: id = 111 os_tid = 0x1474 Thread: id = 112 os_tid = 0xc34 Thread: id = 243 os_tid = 0x15e0 Thread: id = 244 os_tid = 0x1104 Process: id = "9" image_name = "gesf.exe" filename = "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe" page_root = "0x70009000" os_pid = "0x1428" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "8" os_parent_pid = "0xd60" cmd_line = "\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe\" " cur_dir = "C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\" os_username = "PXTHFFRYO7\\OqXZRaykm" bitness = "32" os_groups = "PXTHFFRYO7\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0001bd08" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1806 start_va = 0x10000 end_va = 0x11fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1807 start_va = 0x20000 end_va = 0x3a7fff monitored = 1 entry_point = 0x2873f region_type = mapped_file name = "gesf.exe" filename = "\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe") Region: id = 1808 start_va = 0x3b0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 1809 start_va = 0x3d0000 end_va = 0x3ecfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 1810 start_va = 0x3f0000 end_va = 0x3f3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003f0000" filename = "" Region: id = 1811 start_va = 0x400000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1812 start_va = 0x600000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1813 start_va = 0x640000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 1814 start_va = 0x740000 end_va = 0x740fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 1815 start_va = 0x750000 end_va = 0x751fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 1816 start_va = 0x77d40000 end_va = 0x77ee1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1817 start_va = 0x7ffe0000 end_va = 0x7ffe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1818 start_va = 0xfffb0000 end_va = 0xfffb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fffb0000" filename = "" Region: id = 1819 start_va = 0xfffc0000 end_va = 0xfffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000fffc0000" filename = "" Region: id = 1820 start_va = 0xffff0000 end_va = 0xffffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000ffff0000" filename = "" Region: id = 1821 start_va = 0x7fffcca30000 end_va = 0x7fffccc23fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1824 start_va = 0xfffa0000 end_va = 0xfffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fffa0000" filename = "" Region: id = 1825 start_va = 0xfff70000 end_va = 0xfff90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff70000" filename = "" Region: id = 1826 start_va = 0x760000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1827 start_va = 0x7fffcc7d0000 end_va = 0x7fffcc828fff monitored = 0 entry_point = 0x7fffcc7e8ff0 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1828 start_va = 0x7fffcba50000 end_va = 0x7fffcbad2fff monitored = 0 entry_point = 0x7fffcba5fb00 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1829 start_va = 0x77d30000 end_va = 0x77d39fff monitored = 0 entry_point = 0x77d312e0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1830 start_va = 0xfff60000 end_va = 0xfff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff60000" filename = "" Region: id = 1831 start_va = 0xfff40000 end_va = 0xfff50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000fff40000" filename = "" Region: id = 1832 start_va = 0x7f0000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 1833 start_va = 0x75ce0000 end_va = 0x75dcffff monitored = 0 entry_point = 0x75cff5a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1834 start_va = 0x77580000 end_va = 0x77792fff monitored = 0 entry_point = 0x77694030 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1835 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1836 start_va = 0xffe40000 end_va = 0xfff3ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000ffe40000" filename = "" Region: id = 1837 start_va = 0x7f0000 end_va = 0x8b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1838 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1839 start_va = 0x75b80000 end_va = 0x75c1efff monitored = 0 entry_point = 0x75bb85c0 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1840 start_va = 0xffa60000 end_va = 0xffe3cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\apppatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 1841 start_va = 0x3b0000 end_va = 0x3b3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003b0000" filename = "" Region: id = 1842 start_va = 0x769d0000 end_va = 0x76b63fff monitored = 0 entry_point = 0x76a09860 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1843 start_va = 0x77ab0000 end_va = 0x77ac7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "win32u.dll" filename = "\\Windows\\SysWOW64\\win32u.dll" (normalized: "c:\\windows\\syswow64\\win32u.dll") Region: id = 1844 start_va = 0x760000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1845 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 1846 start_va = 0xa00000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 1847 start_va = 0x767c0000 end_va = 0x767e2fff monitored = 0 entry_point = 0x767c73c0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1848 start_va = 0x774a0000 end_va = 0x7757afff monitored = 0 entry_point = 0x774ffc10 region_type = mapped_file name = "gdi32full.dll" filename = "\\Windows\\SysWOW64\\gdi32full.dll" (normalized: "c:\\windows\\syswow64\\gdi32full.dll") Region: id = 1849 start_va = 0x76740000 end_va = 0x767bafff monitored = 0 entry_point = 0x76757800 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\SysWOW64\\msvcp_win.dll" (normalized: "c:\\windows\\syswow64\\msvcp_win.dll") Region: id = 1850 start_va = 0x77380000 end_va = 0x7749ffff monitored = 0 entry_point = 0x773ab170 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 1851 start_va = 0x75ff0000 end_va = 0x76068fff monitored = 0 entry_point = 0x76001a00 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1852 start_va = 0x77ad0000 end_va = 0x77b8efff monitored = 0 entry_point = 0x77b05ac0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1853 start_va = 0x76c20000 end_va = 0x76c94fff monitored = 0 entry_point = 0x76c3f710 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1854 start_va = 0x75c20000 end_va = 0x75cd9fff monitored = 0 entry_point = 0x75c5a2c0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1856 start_va = 0x76ca0000 end_va = 0x76d3afff monitored = 0 entry_point = 0x76cd5a20 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1857 start_va = 0x777e0000 end_va = 0x77a5ffff monitored = 0 entry_point = 0x7791a960 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1858 start_va = 0x76090000 end_va = 0x76636fff monitored = 0 entry_point = 0x76209e50 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1859 start_va = 0x752b0000 end_va = 0x752b7fff monitored = 0 entry_point = 0x752b1800 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1860 start_va = 0x700a0000 end_va = 0x700f1fff monitored = 1 entry_point = 0x700cf100 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 1861 start_va = 0x3c0000 end_va = 0x3c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003c0000" filename = "" Region: id = 1862 start_va = 0x7a0000 end_va = 0x7c2fff monitored = 0 entry_point = 0x7a4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1863 start_va = 0xb00000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b00000" filename = "" Region: id = 1864 start_va = 0x75ec0000 end_va = 0x75ee4fff monitored = 0 entry_point = 0x75ec4410 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1865 start_va = 0xd00000 end_va = 0xe80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d00000" filename = "" Region: id = 1866 start_va = 0xe90000 end_va = 0x2290fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e90000" filename = "" Region: id = 1867 start_va = 0x22a0000 end_va = 0x246ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1868 start_va = 0x7a0000 end_va = 0x7a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007a0000" filename = "" Region: id = 1869 start_va = 0x7b0000 end_va = 0x7b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 1870 start_va = 0x7c0000 end_va = 0x7c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007c0000" filename = "" Region: id = 1871 start_va = 0x22a0000 end_va = 0x2381fff monitored = 0 entry_point = 0x22cc600 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1872 start_va = 0x2460000 end_va = 0x246ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002460000" filename = "" Region: id = 1873 start_va = 0x22a0000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1874 start_va = 0x7fff0000 end_va = 0x7fffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1875 start_va = 0x80000000 end_va = 0x8000ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000080000000" filename = "" Region: id = 1877 start_va = 0x77290000 end_va = 0x77372fff monitored = 0 entry_point = 0x772bc600 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1878 start_va = 0x2300000 end_va = 0x238afff monitored = 0 entry_point = 0x2367340 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1_none_92e69152510a8cb1\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1_none_92e69152510a8cb1\\comctl32.dll") Region: id = 1879 start_va = 0x703e0000 end_va = 0x7046cfff monitored = 0 entry_point = 0x70447340 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1_none_92e69152510a8cb1\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1_none_92e69152510a8cb1\\comctl32.dll") Region: id = 1880 start_va = 0x22a0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1881 start_va = 0x22f0000 end_va = 0x22fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022f0000" filename = "" Region: id = 1882 start_va = 0x70090000 end_va = 0x70095fff monitored = 0 entry_point = 0x700915c0 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 1883 start_va = 0x76bd0000 end_va = 0x76c14fff monitored = 0 entry_point = 0x76be7870 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1884 start_va = 0x2300000 end_va = 0x23fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002300000" filename = "" Region: id = 1885 start_va = 0x2470000 end_va = 0x2517fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 1894 start_va = 0x2520000 end_va = 0x261ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002520000" filename = "" Region: id = 1908 start_va = 0x7d0000 end_va = 0x7d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 1909 start_va = 0x8c0000 end_va = 0x8c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 1912 start_va = 0x8d0000 end_va = 0x8d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 1915 start_va = 0x74e80000 end_va = 0x74ef3fff monitored = 0 entry_point = 0x74eb7550 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1916 start_va = 0x2620000 end_va = 0x26effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 1917 start_va = 0x8e0000 end_va = 0x8e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 1918 start_va = 0x26f0000 end_va = 0x27d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000026f0000" filename = "" Region: id = 1919 start_va = 0x8e0000 end_va = 0x8e3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 1920 start_va = 0x8f0000 end_va = 0x8f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 1922 start_va = 0x22a0000 end_va = 0x22a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 1923 start_va = 0x22e0000 end_va = 0x22effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022e0000" filename = "" Region: id = 1925 start_va = 0x22b0000 end_va = 0x22b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022b0000" filename = "" Region: id = 1926 start_va = 0x27e0000 end_va = 0x29c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 1927 start_va = 0x29d0000 end_va = 0x2d07fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1928 start_va = 0x733d0000 end_va = 0x739d2fff monitored = 0 entry_point = 0x735aae30 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1929 start_va = 0x733a0000 end_va = 0x733c2fff monitored = 0 entry_point = 0x733a8580 region_type = mapped_file name = "wldp.dll" filename = "\\Windows\\SysWOW64\\wldp.dll" (normalized: "c:\\windows\\syswow64\\wldp.dll") Region: id = 1930 start_va = 0x76640000 end_va = 0x766c6fff monitored = 0 entry_point = 0x76682d70 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1931 start_va = 0x22c0000 end_va = 0x22c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022c0000" filename = "" Region: id = 1932 start_va = 0x72f20000 end_va = 0x72f37fff monitored = 0 entry_point = 0x72f2a250 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1935 start_va = 0x22d0000 end_va = 0x22d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1936 start_va = 0x2400000 end_va = 0x240afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 1937 start_va = 0x22d0000 end_va = 0x22d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1938 start_va = 0x2400000 end_va = 0x240afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 1939 start_va = 0x73c00000 end_va = 0x73c20fff monitored = 0 entry_point = 0x73c0ca40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1940 start_va = 0x2400000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 1941 start_va = 0x27e0000 end_va = 0x28dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 1942 start_va = 0x2940000 end_va = 0x29c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002940000" filename = "" Region: id = 1944 start_va = 0x2620000 end_va = 0x265ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002620000" filename = "" Region: id = 1945 start_va = 0x26e0000 end_va = 0x26effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026e0000" filename = "" Region: id = 1946 start_va = 0x2d10000 end_va = 0x2e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d10000" filename = "" Region: id = 1947 start_va = 0x70000000 end_va = 0x7008cfff monitored = 1 entry_point = 0x70012870 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 1948 start_va = 0x758f0000 end_va = 0x758fefff monitored = 0 entry_point = 0x758f4830 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1949 start_va = 0x6f850000 end_va = 0x6fffffff monitored = 1 entry_point = 0x6f86d1d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1950 start_va = 0x6f830000 end_va = 0x6f843fff monitored = 0 entry_point = 0x6f83ac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 1951 start_va = 0x6f780000 end_va = 0x6f82afff monitored = 0 entry_point = 0x6f815f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 1952 start_va = 0x22d0000 end_va = 0x22d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000022d0000" filename = "" Region: id = 1954 start_va = 0x2440000 end_va = 0x244ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002440000" filename = "" Region: id = 1955 start_va = 0x2450000 end_va = 0x245ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 1956 start_va = 0x2470000 end_va = 0x247ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 1957 start_va = 0x2490000 end_va = 0x2517fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002490000" filename = "" Region: id = 1958 start_va = 0x2480000 end_va = 0x248ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 1959 start_va = 0x2660000 end_va = 0x266ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002660000" filename = "" Region: id = 1960 start_va = 0x2670000 end_va = 0x267ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002670000" filename = "" Region: id = 1961 start_va = 0x2680000 end_va = 0x2680fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 1962 start_va = 0x2690000 end_va = 0x2690fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002690000" filename = "" Region: id = 1963 start_va = 0x2e10000 end_va = 0x2f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e10000" filename = "" Region: id = 1964 start_va = 0x28e0000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 1965 start_va = 0x26a0000 end_va = 0x26dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000026a0000" filename = "" Region: id = 1966 start_va = 0x2e10000 end_va = 0x2f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e10000" filename = "" Region: id = 1967 start_va = 0x2f20000 end_va = 0x2f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f20000" filename = "" Region: id = 1968 start_va = 0x28e0000 end_va = 0x28effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 1969 start_va = 0x2930000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002930000" filename = "" Region: id = 1970 start_va = 0x2f30000 end_va = 0x4f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f30000" filename = "" Region: id = 1971 start_va = 0x4f30000 end_va = 0x4fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f30000" filename = "" Region: id = 1972 start_va = 0x28e0000 end_va = 0x291ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028e0000" filename = "" Region: id = 1973 start_va = 0x4fd0000 end_va = 0x50cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fd0000" filename = "" Region: id = 1974 start_va = 0x6e370000 end_va = 0x6f77dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll") Region: id = 1975 start_va = 0x2920000 end_va = 0x292ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002920000" filename = "" Region: id = 1976 start_va = 0x77230000 end_va = 0x7728bfff monitored = 0 entry_point = 0x77260900 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1977 start_va = 0x2f10000 end_va = 0x2f16fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f10000" filename = "" Region: id = 1978 start_va = 0x50d0000 end_va = 0x50dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050d0000" filename = "" Region: id = 1979 start_va = 0x6e2e0000 end_va = 0x6e368fff monitored = 1 entry_point = 0x6e2e1130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 1980 start_va = 0x50e0000 end_va = 0x50effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 1981 start_va = 0x50f0000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1983 start_va = 0x50f0000 end_va = 0x51effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1984 start_va = 0x6d880000 end_va = 0x6e2d6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\dad683d51ebee37f8c55ac9c2f867e12\\system.ni.dll") Region: id = 1985 start_va = 0x6d060000 end_va = 0x6d877fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\77d580262e90f1a2bf25b9b1b608c6e6\\system.core.ni.dll") Region: id = 1986 start_va = 0x50f0000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1987 start_va = 0x51e0000 end_va = 0x51effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051e0000" filename = "" Region: id = 1988 start_va = 0x50f0000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1989 start_va = 0x50f0000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1990 start_va = 0x50f0000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1991 start_va = 0x50f0000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 1996 start_va = 0x6cf30000 end_va = 0x6d05ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\b7ea621a99f428c18af898966b979326\\system.management.ni.dll") Region: id = 1998 start_va = 0x50f0000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 2000 start_va = 0x51f0000 end_va = 0x52effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 2002 start_va = 0x50f0000 end_va = 0x512ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050f0000" filename = "" Region: id = 2003 start_va = 0x52f0000 end_va = 0x53effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052f0000" filename = "" Region: id = 2004 start_va = 0x5130000 end_va = 0x516ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2005 start_va = 0x53f0000 end_va = 0x54effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053f0000" filename = "" Region: id = 2006 start_va = 0x5170000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 2007 start_va = 0x54f0000 end_va = 0x55effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054f0000" filename = "" Region: id = 2008 start_va = 0x6cf00000 end_va = 0x6cf20fff monitored = 1 entry_point = 0x6cf098e0 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 2010 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2011 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2012 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2013 start_va = 0xffdf0000 end_va = 0xffe3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000ffdf0000" filename = "" Region: id = 2014 start_va = 0xffde0000 end_va = 0xffdeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000ffde0000" filename = "" Region: id = 2016 start_va = 0x51b0000 end_va = 0x51b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051b0000" filename = "" Region: id = 2017 start_va = 0x77c90000 end_va = 0x77d0dfff monitored = 0 entry_point = 0x77cfbd50 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2018 start_va = 0x51c0000 end_va = 0x51c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051c0000" filename = "" Region: id = 2019 start_va = 0x6cee0000 end_va = 0x6cefcfff monitored = 0 entry_point = 0x6ceea8a0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 2020 start_va = 0x6ce70000 end_va = 0x6ced8fff monitored = 0 entry_point = 0x6ce8c930 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 2021 start_va = 0x6ce60000 end_va = 0x6ce6cfff monitored = 0 entry_point = 0x6ce63550 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 2022 start_va = 0x766d0000 end_va = 0x76732fff monitored = 0 entry_point = 0x766d4b40 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 2582 start_va = 0x51d0000 end_va = 0x51d1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051d0000" filename = "" Region: id = 2583 start_va = 0x6ce50000 end_va = 0x6ce5ffff monitored = 0 entry_point = 0x6ce590e0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 2845 start_va = 0x6cd80000 end_va = 0x6ce48fff monitored = 0 entry_point = 0x6cdb42f0 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 2846 start_va = 0x6cd70000 end_va = 0x6cd7ffff monitored = 0 entry_point = 0x6cd78cd0 region_type = mapped_file name = "amsi.dll" filename = "\\Windows\\SysWOW64\\amsi.dll" (normalized: "c:\\windows\\syswow64\\amsi.dll") Region: id = 2847 start_va = 0x75280000 end_va = 0x752a4fff monitored = 0 entry_point = 0x75288820 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 2848 start_va = 0x6cd30000 end_va = 0x6cd67fff monitored = 0 entry_point = 0x6cd53160 region_type = mapped_file name = "mpoav.dll" filename = "\\Program Files (x86)\\Windows Defender\\MpOAV.dll" (normalized: "c:\\program files (x86)\\windows defender\\mpoav.dll") Region: id = 2854 start_va = 0x51d0000 end_va = 0x51d2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000051d0000" filename = "" Region: id = 2865 start_va = 0x55f0000 end_va = 0x562ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055f0000" filename = "" Region: id = 2866 start_va = 0x5c10000 end_va = 0x6227fff monitored = 1 entry_point = 0x6200a12 region_type = mapped_file name = "system.servicemodel.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.servicemodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.servicemodel.dll") Region: id = 2867 start_va = 0x51d0000 end_va = 0x51dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051d0000" filename = "" Region: id = 2868 start_va = 0x5630000 end_va = 0x563ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005630000" filename = "" Region: id = 2869 start_va = 0x5640000 end_va = 0x564ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005640000" filename = "" Region: id = 2870 start_va = 0x5650000 end_va = 0x565ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005650000" filename = "" Region: id = 2871 start_va = 0x5660000 end_va = 0x566ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005660000" filename = "" Region: id = 2872 start_va = 0x5660000 end_va = 0x566ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005660000" filename = "" Region: id = 2873 start_va = 0x5670000 end_va = 0x567ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005670000" filename = "" Region: id = 2875 start_va = 0x6cd10000 end_va = 0x6cd2ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "smdiagnostics.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\smdiagnostics\\a076de95458faf301b0890a85642988b\\smdiagnostics.ni.dll") Region: id = 2876 start_va = 0x72cf0000 end_va = 0x72d02fff monitored = 0 entry_point = 0x72cf5d30 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2877 start_va = 0x716e0000 end_va = 0x7170efff monitored = 0 entry_point = 0x716ebb00 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2878 start_va = 0x76070000 end_va = 0x76088fff monitored = 0 entry_point = 0x760793e0 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 2879 start_va = 0x73b90000 end_va = 0x73b99fff monitored = 0 entry_point = 0x73b92a60 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2880 start_va = 0x5680000 end_va = 0x577ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005680000" filename = "" Region: id = 2881 start_va = 0x5670000 end_va = 0x567ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005670000" filename = "" Region: id = 2882 start_va = 0x5670000 end_va = 0x567ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005670000" filename = "" Region: id = 2883 start_va = 0x5670000 end_va = 0x567ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005670000" filename = "" Region: id = 2884 start_va = 0x5890000 end_va = 0x5999fff monitored = 1 entry_point = 0x5994a8e region_type = mapped_file name = "system.identitymodel.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.identitymodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.identitymodel.dll") Region: id = 2885 start_va = 0x5780000 end_va = 0x578ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005780000" filename = "" Region: id = 2886 start_va = 0x5670000 end_va = 0x567ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005670000" filename = "" Region: id = 2887 start_va = 0x5670000 end_va = 0x567ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005670000" filename = "" Region: id = 2889 start_va = 0x5670000 end_va = 0x567ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005670000" filename = "" Region: id = 2890 start_va = 0x5670000 end_va = 0x567ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005670000" filename = "" Region: id = 2891 start_va = 0x5790000 end_va = 0x57a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005790000" filename = "" Region: id = 2892 start_va = 0x6cc00000 end_va = 0x6cd04fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\bdd5625eea3b03a8be11204987738096\\system.configuration.ni.dll") Region: id = 2893 start_va = 0x6c480000 end_va = 0x6cbf3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\system.xml.ni.dll") Region: id = 2895 start_va = 0x75f50000 end_va = 0x75f55fff monitored = 0 entry_point = 0x75f514d0 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2896 start_va = 0x6c3a0000 end_va = 0x6c478fff monitored = 0 entry_point = 0x6c3afe40 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 2897 start_va = 0x6c370000 end_va = 0x6c39afff monitored = 0 entry_point = 0x6c373290 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 2898 start_va = 0x6c350000 end_va = 0x6c360fff monitored = 0 entry_point = 0x6c3537e0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 2899 start_va = 0x72e90000 end_va = 0x72ee1fff monitored = 0 entry_point = 0x72e99e70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 2900 start_va = 0x59a0000 end_va = 0x5adefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 2901 start_va = 0x57b0000 end_va = 0x57effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057b0000" filename = "" Region: id = 2902 start_va = 0x5ae0000 end_va = 0x5bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ae0000" filename = "" Region: id = 2903 start_va = 0x5670000 end_va = 0x5673fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005670000" filename = "" Region: id = 2905 start_va = 0x57f0000 end_va = 0x582ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 2906 start_va = 0x6230000 end_va = 0x632ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006230000" filename = "" Region: id = 2907 start_va = 0x751b0000 end_va = 0x75272fff monitored = 0 entry_point = 0x751f8980 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 2908 start_va = 0x72ef0000 end_va = 0x72f01fff monitored = 0 entry_point = 0x72ef4620 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 2909 start_va = 0x72e50000 end_va = 0x72e81fff monitored = 0 entry_point = 0x72e5c340 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 2910 start_va = 0x769c0000 end_va = 0x769c6fff monitored = 0 entry_point = 0x769c1d30 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 2911 start_va = 0x6c330000 end_va = 0x6c343fff monitored = 0 entry_point = 0x6c332f20 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 2912 start_va = 0x6c310000 end_va = 0x6c325fff monitored = 0 entry_point = 0x6c3142f0 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 2913 start_va = 0x5830000 end_va = 0x586ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005830000" filename = "" Region: id = 2914 start_va = 0x6330000 end_va = 0x642ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006330000" filename = "" Region: id = 2915 start_va = 0x5870000 end_va = 0x5870fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2916 start_va = 0x5870000 end_va = 0x5870fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2917 start_va = 0x5870000 end_va = 0x5870fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2918 start_va = 0x71230000 end_va = 0x712bffff monitored = 0 entry_point = 0x71242f70 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 2919 start_va = 0x72e40000 end_va = 0x72e47fff monitored = 0 entry_point = 0x72e42220 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 2920 start_va = 0x71190000 end_va = 0x71197fff monitored = 0 entry_point = 0x71191960 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 2921 start_va = 0x711d0000 end_va = 0x71227fff monitored = 0 entry_point = 0x711e91a0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 2923 start_va = 0x70910000 end_va = 0x70919fff monitored = 0 entry_point = 0x70911820 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 2924 start_va = 0x71110000 end_va = 0x71187fff monitored = 0 entry_point = 0x711342d0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 2925 start_va = 0x71100000 end_va = 0x7110ffff monitored = 0 entry_point = 0x711031d0 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 2926 start_va = 0x710d0000 end_va = 0x710f7fff monitored = 0 entry_point = 0x710e5950 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 2927 start_va = 0x710a0000 end_va = 0x710c0fff monitored = 0 entry_point = 0x710a8730 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 2928 start_va = 0x71080000 end_va = 0x7109efff monitored = 0 entry_point = 0x71089bf0 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 2929 start_va = 0x77b90000 end_va = 0x77c8efff monitored = 0 entry_point = 0x77be54d0 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2930 start_va = 0x71710000 end_va = 0x7171dfff monitored = 0 entry_point = 0x71715690 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2931 start_va = 0x6430000 end_va = 0x646ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006430000" filename = "" Region: id = 2932 start_va = 0x6470000 end_va = 0x656ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006470000" filename = "" Region: id = 2933 start_va = 0x5870000 end_va = 0x5879fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 2934 start_va = 0x6c200000 end_va = 0x6c304fff monitored = 1 entry_point = 0x6c239680 region_type = mapped_file name = "diasymreader.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\diasymreader.dll") Region: id = 2937 start_va = 0x6570000 end_va = 0x65affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006570000" filename = "" Region: id = 2938 start_va = 0x65b0000 end_va = 0x65effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000065b0000" filename = "" Region: id = 2939 start_va = 0x5880000 end_va = 0x5881fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005880000" filename = "" Region: id = 2942 start_va = 0x5880000 end_va = 0x5881fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005880000" filename = "" Thread: id = 113 os_tid = 0xfe0 [0233.561] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0233.561] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteCriticalSection") returned 0x77d8f880 [0233.561] GetProcAddress (hModule=0x75ce0000, lpProcName="LeaveCriticalSection") returned 0x77d7dd40 [0233.561] GetProcAddress (hModule=0x75ce0000, lpProcName="EnterCriticalSection") returned 0x77d7e820 [0233.561] GetProcAddress (hModule=0x75ce0000, lpProcName="InitializeCriticalSection") returned 0x77d9ddb0 [0233.561] GetProcAddress (hModule=0x75ce0000, lpProcName="VirtualFree") returned 0x75cff420 [0233.561] GetProcAddress (hModule=0x75ce0000, lpProcName="VirtualAlloc") returned 0x75cff320 [0233.561] GetProcAddress (hModule=0x75ce0000, lpProcName="LocalFree") returned 0x75cff490 [0233.562] GetProcAddress (hModule=0x75ce0000, lpProcName="LocalAlloc") returned 0x75d003c0 [0233.562] GetProcAddress (hModule=0x75ce0000, lpProcName="GetTickCount") returned 0x75d02300 [0233.562] GetProcAddress (hModule=0x75ce0000, lpProcName="QueryPerformanceCounter") returned 0x75cfdea0 [0233.562] GetProcAddress (hModule=0x75ce0000, lpProcName="GetVersion") returned 0x75d018d0 [0233.562] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCurrentThreadId") returned 0x75cfde70 [0233.562] GetProcAddress (hModule=0x75ce0000, lpProcName="InterlockedDecrement") returned 0x75cfe7c0 [0233.562] GetProcAddress (hModule=0x75ce0000, lpProcName="InterlockedIncrement") returned 0x75cfe740 [0233.562] GetProcAddress (hModule=0x75ce0000, lpProcName="VirtualQuery") returned 0x75cff4d0 [0233.562] GetProcAddress (hModule=0x75ce0000, lpProcName="WideCharToMultiByte") returned 0x75cfdf50 [0233.562] GetProcAddress (hModule=0x75ce0000, lpProcName="MultiByteToWideChar") returned 0x75cfdee0 [0233.563] GetProcAddress (hModule=0x75ce0000, lpProcName="lstrlenA") returned 0x75d003a0 [0233.563] GetProcAddress (hModule=0x75ce0000, lpProcName="lstrcpynA") returned 0x75cf9260 [0233.563] GetProcAddress (hModule=0x75ce0000, lpProcName="LoadLibraryExA") returned 0x75d01580 [0233.563] GetProcAddress (hModule=0x75ce0000, lpProcName="GetThreadLocale") returned 0x75cf8930 [0233.563] GetProcAddress (hModule=0x75ce0000, lpProcName="GetStartupInfoA") returned 0x75d00be0 [0233.563] GetProcAddress (hModule=0x75ce0000, lpProcName="GetProcAddress") returned 0x75cff4b0 [0233.563] GetProcAddress (hModule=0x75ce0000, lpProcName="GetModuleHandleA") returned 0x75d009c0 [0233.563] GetProcAddress (hModule=0x75ce0000, lpProcName="GetModuleFileNameA") returned 0x75d00d90 [0233.563] GetProcAddress (hModule=0x75ce0000, lpProcName="GetLocaleInfoA") returned 0x75cf8370 [0233.564] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCommandLineA") returned 0x75d01e40 [0233.564] GetProcAddress (hModule=0x75ce0000, lpProcName="FreeLibrary") returned 0x75d00a40 [0233.564] GetProcAddress (hModule=0x75ce0000, lpProcName="FindFirstFileA") returned 0x75d03140 [0233.564] GetProcAddress (hModule=0x75ce0000, lpProcName="FindClose") returned 0x75d03100 [0233.564] GetProcAddress (hModule=0x75ce0000, lpProcName="ExitProcess") returned 0x75d04060 [0233.564] GetProcAddress (hModule=0x75ce0000, lpProcName="ExitThread") returned 0x77d9ad80 [0233.564] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateThread") returned 0x75d00e70 [0233.564] GetProcAddress (hModule=0x75ce0000, lpProcName="WriteFile") returned 0x75d03510 [0233.564] GetProcAddress (hModule=0x75ce0000, lpProcName="UnhandledExceptionFilter") returned 0x75d14f30 [0233.565] GetProcAddress (hModule=0x75ce0000, lpProcName="RtlUnwind") returned 0x75d00520 [0233.565] GetProcAddress (hModule=0x75ce0000, lpProcName="RaiseException") returned 0x75d00510 [0233.565] GetProcAddress (hModule=0x75ce0000, lpProcName="GetStdHandle") returned 0x75d01660 [0233.565] GetProcAddress (hModule=0x75ce0000, lpProcName="TlsSetValue") returned 0x75cfdf10 [0233.565] GetProcAddress (hModule=0x75ce0000, lpProcName="TlsGetValue") returned 0x75cfde80 [0233.565] GetProcAddress (hModule=0x75ce0000, lpProcName="TlsFree") returned 0x75d00ed0 [0233.565] GetProcAddress (hModule=0x75ce0000, lpProcName="TlsAlloc") returned 0x75d010a0 [0233.565] GetProcAddress (hModule=0x75ce0000, lpProcName="lstrcpyA") returned 0x75cf8320 [0233.565] GetProcAddress (hModule=0x75ce0000, lpProcName="lstrcmpA") returned 0x75cff440 [0233.566] GetProcAddress (hModule=0x75ce0000, lpProcName="WriteProcessMemory") returned 0x75d15250 [0233.566] GetProcAddress (hModule=0x75ce0000, lpProcName="WritePrivateProfileStringW") returned 0x75cf9580 [0233.566] GetProcAddress (hModule=0x75ce0000, lpProcName="WritePrivateProfileStringA") returned 0x75cf8d00 [0233.567] GetProcAddress (hModule=0x75ce0000, lpProcName="WaitForSingleObject") returned 0x75d03030 [0233.567] GetProcAddress (hModule=0x75ce0000, lpProcName="VirtualUnlock") returned 0x75cf96b0 [0233.567] GetProcAddress (hModule=0x75ce0000, lpProcName="VirtualProtectEx") returned 0x75d15040 [0233.567] GetProcAddress (hModule=0x75ce0000, lpProcName="VirtualProtect") returned 0x75d00420 [0233.567] GetProcAddress (hModule=0x75ce0000, lpProcName="VirtualLock") returned 0x75cf9280 [0233.567] GetProcAddress (hModule=0x75ce0000, lpProcName="VirtualAllocEx") returned 0x75d15000 [0233.567] GetProcAddress (hModule=0x75ce0000, lpProcName="UnmapViewOfFile") returned 0x75d00530 [0233.567] GetProcAddress (hModule=0x75ce0000, lpProcName="TerminateThread") returned 0x75d14ec0 [0233.567] GetProcAddress (hModule=0x75ce0000, lpProcName="SystemTimeToFileTime") returned 0x75d01080 [0233.568] GetProcAddress (hModule=0x75ce0000, lpProcName="SuspendThread") returned 0x75d14ea0 [0233.568] GetProcAddress (hModule=0x75ce0000, lpProcName="Sleep") returned 0x75d00e60 [0233.568] GetProcAddress (hModule=0x75ce0000, lpProcName="SizeofResource") returned 0x75d003e0 [0233.568] GetProcAddress (hModule=0x75ce0000, lpProcName="SetThreadPriority") returned 0x75d00620 [0233.568] GetProcAddress (hModule=0x75ce0000, lpProcName="SetThreadLocale") returned 0x75cf87c0 [0233.568] GetProcAddress (hModule=0x75ce0000, lpProcName="SetThreadContext") returned 0x75d14d30 [0233.568] GetProcAddress (hModule=0x75ce0000, lpProcName="SetLastError") returned 0x75cfdf00 [0233.568] GetProcAddress (hModule=0x75ce0000, lpProcName="SetFileTime") returned 0x75d034d0 [0233.568] GetProcAddress (hModule=0x75ce0000, lpProcName="SetFilePointer") returned 0x75d034b0 [0233.568] GetProcAddress (hModule=0x75ce0000, lpProcName="SetFileAttributesW") returned 0x75d03490 [0233.569] GetProcAddress (hModule=0x75ce0000, lpProcName="SetFileAttributesA") returned 0x75d03480 [0233.569] GetProcAddress (hModule=0x75ce0000, lpProcName="SetEvent") returned 0x75d02fe0 [0233.569] GetProcAddress (hModule=0x75ce0000, lpProcName="SetErrorMode") returned 0x75d00570 [0233.569] GetProcAddress (hModule=0x75ce0000, lpProcName="SetEnvironmentVariableA") returned 0x75d14b70 [0233.569] GetProcAddress (hModule=0x75ce0000, lpProcName="SetEndOfFile") returned 0x75d03470 [0233.569] GetProcAddress (hModule=0x75ce0000, lpProcName="SetCurrentDirectoryW") returned 0x75cf8f10 [0233.569] GetProcAddress (hModule=0x75ce0000, lpProcName="SetCurrentDirectoryA") returned 0x75d14b10 [0233.569] GetProcAddress (hModule=0x75ce0000, lpProcName="ResumeThread") returned 0x75d01850 [0233.569] GetProcAddress (hModule=0x75ce0000, lpProcName="ResetEvent") returned 0x75d02fd0 [0233.570] GetProcAddress (hModule=0x75ce0000, lpProcName="RemoveDirectoryW") returned 0x75d03460 [0233.570] GetProcAddress (hModule=0x75ce0000, lpProcName="RemoveDirectoryA") returned 0x75d03450 [0233.570] GetProcAddress (hModule=0x75ce0000, lpProcName="ReadProcessMemory") returned 0x75d14480 [0233.570] GetProcAddress (hModule=0x75ce0000, lpProcName="ReadFile") returned 0x75d03420 [0233.570] GetProcAddress (hModule=0x75ce0000, lpProcName="QueryDosDeviceW") returned 0x75d03410 [0233.570] GetProcAddress (hModule=0x75ce0000, lpProcName="PostQueuedCompletionStatus") returned 0x75d021c0 [0233.570] GetProcAddress (hModule=0x75ce0000, lpProcName="OpenProcess") returned 0x75d00590 [0233.570] GetProcAddress (hModule=0x75ce0000, lpProcName="MulDiv") returned 0x75d02c90 [0233.570] GetProcAddress (hModule=0x75ce0000, lpProcName="MapViewOfFileEx") returned 0x75d010d0 [0233.571] GetProcAddress (hModule=0x75ce0000, lpProcName="MapViewOfFile") returned 0x75cff4f0 [0233.571] GetProcAddress (hModule=0x75ce0000, lpProcName="LockResource") returned 0x75cff2a0 [0233.571] GetProcAddress (hModule=0x75ce0000, lpProcName="LoadResource") returned 0x75cfe7a0 [0233.571] GetProcAddress (hModule=0x75ce0000, lpProcName="LoadLibraryExW") returned 0x75cff300 [0233.571] GetProcAddress (hModule=0x75ce0000, lpProcName="LoadLibraryW") returned 0x75d01620 [0233.571] GetProcAddress (hModule=0x75ce0000, lpProcName="LoadLibraryA") returned 0x75d00b30 [0233.571] GetProcAddress (hModule=0x75ce0000, lpProcName="IsBadWritePtr") returned 0x75cf0010 [0233.571] GetProcAddress (hModule=0x75ce0000, lpProcName="IsBadStringPtrW") returned 0x75cf4c30 [0233.571] GetProcAddress (hModule=0x75ce0000, lpProcName="IsBadReadPtr") returned 0x75cf0100 [0233.572] GetProcAddress (hModule=0x75ce0000, lpProcName="HeapDestroy") returned 0x75d00b50 [0233.572] GetProcAddress (hModule=0x75ce0000, lpProcName="HeapCreate") returned 0x75d009a0 [0233.572] GetProcAddress (hModule=0x75ce0000, lpProcName="HeapAlloc") returned 0x77d852c0 [0233.572] GetProcAddress (hModule=0x75ce0000, lpProcName="GlobalUnlock") returned 0x75cfe030 [0233.572] GetProcAddress (hModule=0x75ce0000, lpProcName="GlobalReAlloc") returned 0x75cff100 [0233.572] GetProcAddress (hModule=0x75ce0000, lpProcName="GlobalHandle") returned 0x75cf7d40 [0233.572] GetProcAddress (hModule=0x75ce0000, lpProcName="GlobalLock") returned 0x75cfe0e0 [0233.572] GetProcAddress (hModule=0x75ce0000, lpProcName="GlobalFree") returned 0x75cfff20 [0233.572] GetProcAddress (hModule=0x75ce0000, lpProcName="GlobalFindAtomA") returned 0x75cf6150 [0233.573] GetProcAddress (hModule=0x75ce0000, lpProcName="GlobalDeleteAtom") returned 0x75d00df0 [0233.573] GetProcAddress (hModule=0x75ce0000, lpProcName="GlobalAlloc") returned 0x75d00550 [0233.573] GetProcAddress (hModule=0x75ce0000, lpProcName="GlobalAddAtomA") returned 0x75cfb470 [0233.573] GetProcAddress (hModule=0x75ce0000, lpProcName="GetWindowsDirectoryW") returned 0x75cf9890 [0233.573] GetProcAddress (hModule=0x75ce0000, lpProcName="GetWindowsDirectoryA") returned 0x75d01cb0 [0233.573] GetProcAddress (hModule=0x75ce0000, lpProcName="GetVolumeInformationA") returned 0x75d03390 [0233.573] GetProcAddress (hModule=0x75ce0000, lpProcName="GetVersionExA") returned 0x75d016c0 [0233.573] GetProcAddress (hModule=0x75ce0000, lpProcName="GetTimeZoneInformation") returned 0x75d01c20 [0233.573] GetProcAddress (hModule=0x75ce0000, lpProcName="GetThreadPriority") returned 0x75d009e0 [0233.573] GetProcAddress (hModule=0x75ce0000, lpProcName="GetThreadContext") returned 0x75d138e0 [0233.574] GetProcAddress (hModule=0x75ce0000, lpProcName="GetTempPathW") returned 0x75d03380 [0233.574] GetProcAddress (hModule=0x75ce0000, lpProcName="GetTempPathA") returned 0x75d03370 [0233.574] GetProcAddress (hModule=0x75ce0000, lpProcName="GetTempFileNameW") returned 0x75d03360 [0233.574] GetProcAddress (hModule=0x75ce0000, lpProcName="GetTempFileNameA") returned 0x75d03350 [0233.574] GetProcAddress (hModule=0x75ce0000, lpProcName="GetSystemInfo") returned 0x75d01870 [0233.574] GetProcAddress (hModule=0x75ce0000, lpProcName="GetSystemDirectoryW") returned 0x75d01010 [0233.574] GetProcAddress (hModule=0x75ce0000, lpProcName="GetSystemDirectoryA") returned 0x75cf83e0 [0233.574] GetProcAddress (hModule=0x75ce0000, lpProcName="GetStringTypeExW") returned 0x75cf1f40 [0233.574] GetProcAddress (hModule=0x75ce0000, lpProcName="GetStringTypeExA") returned 0x75cf9830 [0233.574] GetProcAddress (hModule=0x75ce0000, lpProcName="GetPrivateProfileStringW") returned 0x75cf13c0 [0233.575] GetProcAddress (hModule=0x75ce0000, lpProcName="GetPrivateProfileStringA") returned 0x75cfb490 [0233.575] GetProcAddress (hModule=0x75ce0000, lpProcName="GetModuleHandleW") returned 0x75d00db0 [0233.575] GetProcAddress (hModule=0x75ce0000, lpProcName="GetModuleFileNameW") returned 0x75d00860 [0233.575] GetProcAddress (hModule=0x75ce0000, lpProcName="GetLogicalDriveStringsW") returned 0x75d03340 [0233.575] GetProcAddress (hModule=0x75ce0000, lpProcName="GetLocaleInfoW") returned 0x75d00600 [0233.575] GetProcAddress (hModule=0x75ce0000, lpProcName="GetLocalTime") returned 0x75d00ac0 [0233.575] GetProcAddress (hModule=0x75ce0000, lpProcName="GetLastError") returned 0x75cfdf70 [0233.575] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFullPathNameW") returned 0x75d03330 [0233.575] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFullPathNameA") returned 0x75d03320 [0233.575] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFileSize") returned 0x75d032c0 [0233.576] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFileAttributesW") returned 0x75d032a0 [0233.576] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFileAttributesA") returned 0x75d03270 [0233.576] GetProcAddress (hModule=0x75ce0000, lpProcName="GetExitCodeThread") returned 0x75d02040 [0233.576] GetProcAddress (hModule=0x75ce0000, lpProcName="GetDriveTypeA") returned 0x75d03250 [0233.576] GetProcAddress (hModule=0x75ce0000, lpProcName="GetDiskFreeSpaceA") returned 0x75d03210 [0233.576] GetProcAddress (hModule=0x75ce0000, lpProcName="GetDateFormatA") returned 0x75d134b0 [0233.576] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCurrentThread") returned 0x75cfe710 [0233.576] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCurrentProcessId") returned 0x75d02df0 [0233.576] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCurrentProcess") returned 0x75d02de0 [0233.577] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCurrentDirectoryW") returned 0x75cf8a40 [0233.577] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCurrentDirectoryA") returned 0x75d13490 [0233.577] GetProcAddress (hModule=0x75ce0000, lpProcName="GetComputerNameW") returned 0x75d01300 [0233.577] GetProcAddress (hModule=0x75ce0000, lpProcName="GetComputerNameA") returned 0x75cf8fe0 [0233.577] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCommandLineW") returned 0x75d01cd0 [0233.577] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCPInfo") returned 0x75d01490 [0233.577] GetProcAddress (hModule=0x75ce0000, lpProcName="GetACP") returned 0x75d00320 [0233.577] GetProcAddress (hModule=0x75ce0000, lpProcName="FreeResource") returned 0x75d01160 [0233.577] GetProcAddress (hModule=0x75ce0000, lpProcName="InterlockedExchange") returned 0x75cf2e40 [0233.577] GetProcAddress (hModule=0x75ce0000, lpProcName="FormatMessageW") returned 0x75d01b20 [0233.578] GetProcAddress (hModule=0x75ce0000, lpProcName="FormatMessageA") returned 0x75cf8b90 [0233.578] GetProcAddress (hModule=0x75ce0000, lpProcName="FlushInstructionCache") returned 0x75d00eb0 [0233.578] GetProcAddress (hModule=0x75ce0000, lpProcName="FindResourceW") returned 0x75cf1f60 [0233.578] GetProcAddress (hModule=0x75ce0000, lpProcName="FindResourceA") returned 0x75cf2eb0 [0233.578] GetProcAddress (hModule=0x75ce0000, lpProcName="FindNextFileW") returned 0x75d031d0 [0233.578] GetProcAddress (hModule=0x75ce0000, lpProcName="FindNextFileA") returned 0x75d031b0 [0233.578] GetProcAddress (hModule=0x75ce0000, lpProcName="FindFirstFileW") returned 0x75d03180 [0233.578] GetProcAddress (hModule=0x75ce0000, lpProcName="FileTimeToLocalFileTime") returned 0x75d030f0 [0233.578] GetProcAddress (hModule=0x75ce0000, lpProcName="FileTimeToDosDateTime") returned 0x75cfbae0 [0233.578] GetProcAddress (hModule=0x75ce0000, lpProcName="EnumCalendarInfoA") returned 0x75cf9210 [0233.579] GetProcAddress (hModule=0x75ce0000, lpProcName="DeviceIoControl") returned 0x75cff530 [0233.579] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileW") returned 0x75d030d0 [0233.579] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteFileA") returned 0x75d030c0 [0233.579] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateMutexA") returned 0x75d02ed0 [0233.579] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateFileMappingW") returned 0x75d00400 [0233.579] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateFileMappingA") returned 0x75cf16b0 [0233.579] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateFileW") returned 0x75d030a0 [0233.579] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateFileA") returned 0x75d03090 [0233.579] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateEventA") returned 0x75d02e90 [0233.580] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateDirectoryW") returned 0x75d03070 [0233.580] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateDirectoryA") returned 0x75d03060 [0233.580] GetProcAddress (hModule=0x75ce0000, lpProcName="CompareStringW") returned 0x75cfdf30 [0233.580] GetProcAddress (hModule=0x75ce0000, lpProcName="CompareStringA") returned 0x75cf7ca0 [0233.580] GetProcAddress (hModule=0x75ce0000, lpProcName="CloseHandle") returned 0x75d02e40 [0233.580] GetProcAddress (hModule=0x75ce0000, lpProcName="IsBadStringPtrA") returned 0x75cf1600 [0233.580] GetModuleHandleA (lpModuleName="user32.dll") returned 0x769d0000 [0233.580] GetProcAddress (hModule=0x769d0000, lpProcName="GetKeyboardType") returned 0x76a5cea0 [0233.580] GetProcAddress (hModule=0x769d0000, lpProcName="LoadStringA") returned 0x769f2260 [0233.581] GetProcAddress (hModule=0x769d0000, lpProcName="MessageBoxA") returned 0x76a4d7d0 [0233.581] GetProcAddress (hModule=0x769d0000, lpProcName="CharNextA") returned 0x769f09f0 [0233.581] GetProcAddress (hModule=0x769d0000, lpProcName="CreateWindowExW") returned 0x769fc700 [0233.581] GetProcAddress (hModule=0x769d0000, lpProcName="CreateWindowExA") returned 0x769f5610 [0233.581] GetProcAddress (hModule=0x769d0000, lpProcName="WindowFromPoint") returned 0x76a0f390 [0233.581] GetProcAddress (hModule=0x769d0000, lpProcName="WinHelpA") returned 0x769f85e0 [0233.581] GetProcAddress (hModule=0x769d0000, lpProcName="WaitMessage") returned 0x76a0f360 [0233.581] GetProcAddress (hModule=0x769d0000, lpProcName="VkKeyScanW") returned 0x769f7550 [0233.581] GetProcAddress (hModule=0x769d0000, lpProcName="UpdateWindow") returned 0x76a01940 [0233.629] GetProcAddress (hModule=0x769d0000, lpProcName="UnregisterClassW") returned 0x769fc5a0 [0233.629] GetProcAddress (hModule=0x769d0000, lpProcName="UnregisterClassA") returned 0x769f62c0 [0233.629] GetProcAddress (hModule=0x769d0000, lpProcName="UnhookWindowsHookEx") returned 0x76a0d250 [0233.629] GetProcAddress (hModule=0x769d0000, lpProcName="TranslateMessage") returned 0x76a07060 [0233.630] GetProcAddress (hModule=0x769d0000, lpProcName="TranslateMDISysAccel") returned 0x76a4b200 [0233.630] GetProcAddress (hModule=0x769d0000, lpProcName="TrackPopupMenu") returned 0x76a4b830 [0233.630] GetProcAddress (hModule=0x769d0000, lpProcName="SystemParametersInfoA") returned 0x769f4f70 [0233.630] GetProcAddress (hModule=0x769d0000, lpProcName="ShowWindow") returned 0x76a0f1f0 [0233.630] GetProcAddress (hModule=0x769d0000, lpProcName="ShowScrollBar") returned 0x76a0f1d0 [0233.630] GetProcAddress (hModule=0x769d0000, lpProcName="ShowOwnedPopups") returned 0x769f9390 [0233.630] GetProcAddress (hModule=0x769d0000, lpProcName="ShowCursor") returned 0x76a0f1c0 [0233.630] GetProcAddress (hModule=0x769d0000, lpProcName="SetWindowsHookExW") returned 0x76a0c8e0 [0233.630] GetProcAddress (hModule=0x769d0000, lpProcName="SetWindowsHookExA") returned 0x769f7df0 [0233.631] GetProcAddress (hModule=0x769d0000, lpProcName="SetWindowTextW") returned 0x76a073a0 [0233.631] GetProcAddress (hModule=0x769d0000, lpProcName="SetWindowTextA") returned 0x769f4110 [0233.631] GetProcAddress (hModule=0x769d0000, lpProcName="SetWindowPos") returned 0x76a0f190 [0233.631] GetProcAddress (hModule=0x769d0000, lpProcName="SetWindowPlacement") returned 0x76a0f180 [0233.631] GetProcAddress (hModule=0x769d0000, lpProcName="SetWindowLongW") returned 0x75bb5730 [0233.631] GetProcAddress (hModule=0x769d0000, lpProcName="SetWindowLongA") returned 0x769f51b0 [0233.631] GetProcAddress (hModule=0x769d0000, lpProcName="SetTimer") returned 0x76a0b700 [0233.631] GetProcAddress (hModule=0x769d0000, lpProcName="SetScrollRange") returned 0x769ea2f0 [0233.631] GetProcAddress (hModule=0x769d0000, lpProcName="SetScrollPos") returned 0x769e9d70 [0233.632] GetProcAddress (hModule=0x769d0000, lpProcName="SetScrollInfo") returned 0x769ec300 [0233.632] GetProcAddress (hModule=0x769d0000, lpProcName="SetRect") returned 0x76a0b590 [0233.632] GetProcAddress (hModule=0x769d0000, lpProcName="SetPropA") returned 0x769f55a0 [0233.632] GetProcAddress (hModule=0x769d0000, lpProcName="SetParent") returned 0x76a0d1a0 [0233.632] GetProcAddress (hModule=0x769d0000, lpProcName="SetMenuItemInfoW") returned 0x769ed2b0 [0233.632] GetProcAddress (hModule=0x769d0000, lpProcName="SetMenuItemInfoA") returned 0x76a612b0 [0233.632] GetProcAddress (hModule=0x769d0000, lpProcName="SetMenu") returned 0x769f9030 [0233.632] GetProcAddress (hModule=0x769d0000, lpProcName="SetForegroundWindow") returned 0x76a0d290 [0233.632] GetProcAddress (hModule=0x769d0000, lpProcName="SetFocus") returned 0x76a0ef80 [0233.633] GetProcAddress (hModule=0x769d0000, lpProcName="SetCursor") returned 0x76a0da7c [0233.633] GetProcAddress (hModule=0x769d0000, lpProcName="SetClassLongA") returned 0x769f8d30 [0233.633] GetProcAddress (hModule=0x769d0000, lpProcName="SetCapture") returned 0x76a0ee80 [0233.633] GetProcAddress (hModule=0x769d0000, lpProcName="SetActiveWindow") returned 0x76a0ee30 [0233.633] GetProcAddress (hModule=0x769d0000, lpProcName="SendMessageW") returned 0x76a02680 [0233.633] GetProcAddress (hModule=0x769d0000, lpProcName="SendMessageA") returned 0x769f1370 [0233.633] GetProcAddress (hModule=0x769d0000, lpProcName="ScrollWindow") returned 0x769f7570 [0233.633] GetProcAddress (hModule=0x769d0000, lpProcName="ScreenToClient") returned 0x76a05ab0 [0233.633] GetProcAddress (hModule=0x769d0000, lpProcName="RemovePropA") returned 0x769f66e0 [0233.634] GetProcAddress (hModule=0x769d0000, lpProcName="RemoveMenu") returned 0x76a0ed90 [0233.634] GetProcAddress (hModule=0x769d0000, lpProcName="ReleaseDC") returned 0x75baa2b0 [0233.634] GetProcAddress (hModule=0x769d0000, lpProcName="ReleaseCapture") returned 0x769f6200 [0233.634] GetProcAddress (hModule=0x769d0000, lpProcName="RegisterWindowMessageA") returned 0x76a0b160 [0233.634] GetProcAddress (hModule=0x769d0000, lpProcName="RegisterClipboardFormatA") returned 0x76a0b160 [0233.634] GetProcAddress (hModule=0x769d0000, lpProcName="RegisterClassW") returned 0x769fc6b0 [0233.634] GetProcAddress (hModule=0x769d0000, lpProcName="RegisterClassA") returned 0x769ef1e0 [0233.634] GetProcAddress (hModule=0x769d0000, lpProcName="RedrawWindow") returned 0x75bb5c30 [0233.634] GetProcAddress (hModule=0x769d0000, lpProcName="PtInRect") returned 0x769f1480 [0233.635] GetProcAddress (hModule=0x769d0000, lpProcName="PostQuitMessage") returned 0x76a0d420 [0233.635] GetProcAddress (hModule=0x769d0000, lpProcName="PostMessageW") returned 0x76a025d0 [0233.635] GetProcAddress (hModule=0x769d0000, lpProcName="PostMessageA") returned 0x769f0ad0 [0233.635] GetProcAddress (hModule=0x769d0000, lpProcName="PeekMessageA") returned 0x769ed060 [0233.635] GetProcAddress (hModule=0x769d0000, lpProcName="OffsetRect") returned 0x76a07450 [0233.635] GetProcAddress (hModule=0x769d0000, lpProcName="OemToCharA") returned 0x76a4fe00 [0233.635] GetProcAddress (hModule=0x769d0000, lpProcName="MsgWaitForMultipleObjects") returned 0x76a08e10 [0233.635] GetProcAddress (hModule=0x769d0000, lpProcName="MessageBoxW") returned 0x76a4dc10 [0233.635] GetProcAddress (hModule=0x769d0000, lpProcName="MapWindowPoints") returned 0x76a01990 [0233.636] GetProcAddress (hModule=0x769d0000, lpProcName="MapVirtualKeyW") returned 0x769f7fd0 [0233.636] GetProcAddress (hModule=0x769d0000, lpProcName="MapVirtualKeyA") returned 0x769f7c30 [0233.636] GetProcAddress (hModule=0x769d0000, lpProcName="LoadKeyboardLayoutA") returned 0x76a5d380 [0233.636] GetProcAddress (hModule=0x769d0000, lpProcName="LoadIconA") returned 0x769f6d30 [0233.637] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x75ff0000 [0233.637] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76ca0000 [0233.637] GetModuleHandleA (lpModuleName="version.dll") returned 0x752b0000 [0233.637] GetModuleHandleA (lpModuleName="gdi32.dll") returned 0x767c0000 [0233.637] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x76090000 [0233.637] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x0 [0233.637] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x77290000 [0234.599] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x0 [0234.664] LoadLibraryA (lpLibFileName="comctl32.dll") returned 0x703e0000 [0234.674] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0234.674] GetModuleHandleA (lpModuleName="SHFolder.dll") returned 0x0 [0234.674] LoadLibraryA (lpLibFileName="SHFolder.dll") returned 0x70090000 [0234.684] GetModuleHandleA (lpModuleName="shlwapi.dll") returned 0x0 [0234.684] LoadLibraryA (lpLibFileName="shlwapi.dll") returned 0x76bd0000 [0234.725] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0234.725] GetProcAddress (hModule=0x75ce0000, lpProcName="VirtualAlloc") returned 0x75cff320 [0234.725] GetProcAddress (hModule=0x75ce0000, lpProcName="GlobalAddAtomA") returned 0x75cfb470 [0234.725] GetModuleHandleA (lpModuleName="user32.dll") returned 0x769d0000 [0234.725] GetProcAddress (hModule=0x769d0000, lpProcName="LoadStringA") returned 0x769f2260 [0234.725] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0234.725] GetModuleHandleA (lpModuleName="user32.dll") returned 0x769d0000 [0234.726] GetModuleHandleA (lpModuleName="advapi32.dll") returned 0x75ff0000 [0234.726] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76ca0000 [0234.726] GetModuleHandleA (lpModuleName="version.dll") returned 0x752b0000 [0234.726] GetModuleHandleA (lpModuleName="gdi32.dll") returned 0x767c0000 [0234.726] GetModuleHandleA (lpModuleName="shell32.dll") returned 0x76090000 [0234.726] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x77290000 [0234.726] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x703e0000 [0234.726] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0234.727] GetModuleHandleA (lpModuleName="SHFolder.dll") returned 0x70090000 [0234.727] GetModuleHandleA (lpModuleName="shlwapi.dll") returned 0x76bd0000 [0234.752] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x916760 [0234.781] GetKeyboardType (nTypeFlag=0) returned 4 [0234.808] GetCommandLineA () returned="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe\" " [0234.808] GetStartupInfoA (in: lpStartupInfo=0x73fe74 | out: lpStartupInfo=0x73fe74*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0234.808] GetVersion () returned 0x23f00206 [0234.808] GetVersion () returned 0x23f00206 [0234.808] GetCurrentThreadId () returned 0xfe0 [0234.836] GetModuleFileNameA (in: hModule=0x44000, lpFilename=0x73f970, nSize=0x105 | out: lpFilename="Èûs" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\èûs")) returned 0x0 [0234.836] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x73f84b, nSize=0x105 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0234.836] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x73f960 | out: phkResult=0x73f960*=0x0) returned 0x2 [0235.615] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x73f960 | out: phkResult=0x73f960*=0x0) returned 0x2 [0235.615] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x73f960 | out: phkResult=0x73f960*=0x0) returned 0x2 [0235.616] lstrcpynA (in: lpString1=0x73f84b, lpString2="Èûs", iMaxLength=261 | out: lpString1="Èûs") returned="Èûs" [0235.616] GetThreadLocale () returned 0x409 [0235.616] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x73f95b, cchData=5 | out: lpLCData="ENU") returned 4 [0235.618] lstrlenA (lpString="Èûs") returned 3 [0235.618] LoadStringA (in: hInstance=0x44000, uID=0xffd6, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid NULL variant operation") returned 0x1e [0235.618] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x921c48 [0235.618] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2300000 [0235.619] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x922c48 [0235.620] VirtualAlloc (lpAddress=0x2300000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x40) returned 0x2300000 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffd5, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffd3, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Variant or safe array is locked") returned 0x1f [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffd4, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffef, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Read") returned 0x4 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffd2, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffee, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffeb, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Application Error") returned 0x11 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffd1, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffd0, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Write") returned 0x5 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffe4, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffe5, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Access violation at address %p. %s of address %p") returned 0x30 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffe6, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffe3, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffe1, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xffff, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xfffe, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xfffd, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xfffc, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xfffb, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xfffa, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xfff9, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xfff8, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xfff7, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xfff6, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0235.621] LoadStringA (in: hInstance=0x44000, uID=0xfff5, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0235.622] LoadStringA (in: hInstance=0x44000, uID=0xfff4, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="I/O error %d") returned 0xc [0235.622] LoadStringA (in: hInstance=0x44000, uID=0xfff3, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0235.622] LoadStringA (in: hInstance=0x44000, uID=0xfff2, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid argument to date encode") returned 0x1f [0236.276] LoadStringA (in: hInstance=0x44000, uID=0xfff0, lpBuffer=0x73fa80, cchBufferMax=1024 | out: lpBuffer="'%s' is not a valid integer value") returned 0x21 [0236.276] LoadStringA (in: hInstance=0x44000, uID=0xffe0, lpBuffer=0x73fa80, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0236.276] GetVersionExA (in: lpVersionInformation=0x73fe18*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x77d852fe, dwMinorVersion=0x73fec4, dwBuildNumber=0x77db9420, dwPlatformId=0xbfa995ac, szCSDVersion="þÿÿÿhþs") | out: lpVersionInformation=0x73fe18*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0236.276] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0236.277] GetProcAddress (hModule=0x75ce0000, lpProcName="GetDiskFreeSpaceExA") returned 0x75d03220 [0236.277] GetThreadLocale () returned 0x409 [0236.277] GetThreadLocale () returned 0x409 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Jan") returned 4 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="January") returned 8 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Feb") returned 4 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="February") returned 9 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Mar") returned 4 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="March") returned 6 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Apr") returned 4 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="April") returned 6 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="May") returned 4 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="May") returned 4 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Jun") returned 4 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="June") returned 5 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Jul") returned 4 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="July") returned 5 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Aug") returned 4 [0236.277] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="August") returned 7 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Sep") returned 4 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="September") returned 10 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Oct") returned 4 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="October") returned 8 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Nov") returned 4 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="November") returned 9 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Dec") returned 4 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="December") returned 9 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Sun") returned 4 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Sunday") returned 7 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Mon") returned 4 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Monday") returned 7 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Tue") returned 4 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Tuesday") returned 8 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Wed") returned 4 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Wednesday") returned 10 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Thu") returned 4 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Thursday") returned 9 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Fri") returned 4 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Friday") returned 7 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Sat") returned 4 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Saturday") returned 9 [0236.278] GetThreadLocale () returned 0x409 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="$") returned 2 [0236.278] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="0") returned 2 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="0") returned 2 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x73fe44, cchData=2 | out: lpLCData=",") returned 2 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x73fe44, cchData=2 | out: lpLCData=".") returned 2 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="2") returned 2 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x73fe44, cchData=2 | out: lpLCData="/") returned 2 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0236.433] GetThreadLocale () returned 0x409 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x73fd18, cchData=256 | out: lpLCData="1") returned 2 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="dddd, MMMM d, yyyy") returned 19 [0236.433] GetThreadLocale () returned 0x409 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x73fd18, cchData=256 | out: lpLCData="1") returned 2 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x73fe44, cchData=2 | out: lpLCData=":") returned 2 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="AM") returned 3 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="PM") returned 3 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="0") returned 2 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="0") returned 2 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="0") returned 2 [0236.433] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x73fe44, cchData=2 | out: lpLCData=",") returned 2 [0236.433] HeapCreate (flOptions=0x0, dwInitialSize=0x88000, dwMaximumSize=0x88000) returned 0x2490000 [0236.435] RtlAllocateHeap (HeapHandle=0x2490000, Flags=0x0, Size=0x10000) returned 0x24904b0 [0236.436] RtlAllocateHeap (HeapHandle=0x2490000, Flags=0x0, Size=0x10000) returned 0x24a04b8 [0236.436] RtlAllocateHeap (HeapHandle=0x2490000, Flags=0x0, Size=0x10000) returned 0x24b04c0 [0236.436] RtlAllocateHeap (HeapHandle=0x2490000, Flags=0x0, Size=0x10000) returned 0x24c04c8 [0236.436] RtlAllocateHeap (HeapHandle=0x2490000, Flags=0x0, Size=0x10000) returned 0x24d04d0 [0236.436] RtlAllocateHeap (HeapHandle=0x2490000, Flags=0x0, Size=0x10000) returned 0x24e04d8 [0236.436] RtlAllocateHeap (HeapHandle=0x2490000, Flags=0x0, Size=0x10000) returned 0x24f04e0 [0236.436] RtlAllocateHeap (HeapHandle=0x2490000, Flags=0x0, Size=0x10000) returned 0x25004e8 [0239.498] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x919950 [0239.498] GetKeyboardType (nTypeFlag=0) returned 4 [0239.659] GetCommandLineA () returned="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe\" " [0239.660] GetStartupInfoA (in: lpStartupInfo=0x73fe74 | out: lpStartupInfo=0x73fe74*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0239.660] GetVersion () returned 0x23f00206 [0239.660] GetVersion () returned 0x23f00206 [0239.660] GetCurrentThreadId () returned 0xfe0 [0240.818] GetModuleFileNameA (in: hModule=0x20000, lpFilename=0x73f970, nSize=0x105 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0240.818] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x73f84b, nSize=0x105 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0240.818] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x73f960 | out: phkResult=0x73f960*=0x0) returned 0x2 [0240.819] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="Software\\Borland\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x73f960 | out: phkResult=0x73f960*=0x0) returned 0x2 [0240.819] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Borland\\Delphi\\Locales", ulOptions=0x0, samDesired=0xf0019, phkResult=0x73f960 | out: phkResult=0x73f960*=0x0) returned 0x2 [0240.819] lstrcpynA (in: lpString1=0x73f84b, lpString2="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", iMaxLength=261 | out: lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" [0240.819] GetThreadLocale () returned 0x409 [0240.819] GetLocaleInfoA (in: Locale=0x409, LCType=0x3, lpLCData=0x73f95b, cchData=5 | out: lpLCData="ENU") returned 4 [0240.819] lstrlenA (lpString="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 53 [0240.819] lstrcpynA (in: lpString1=0x73f87d, lpString2="ENU", iMaxLength=211 | out: lpString1="ENU") returned="ENU" [0240.819] LoadLibraryExA (lpLibFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.ENU", hFile=0x0, dwFlags=0x2) returned 0x0 [0240.820] lstrcpynA (in: lpString1=0x73f87d, lpString2="EN", iMaxLength=211 | out: lpString1="EN") returned="EN" [0240.820] LoadLibraryExA (lpLibFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.EN", hFile=0x0, dwFlags=0x2) returned 0x0 [0240.820] LoadStringA (in: hInstance=0x44000, uID=0xffc2, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Exception in safecall method") returned 0x1c [0241.463] LocalAlloc (uFlags=0x0, uBytes=0xff8) returned 0x923298 [0241.463] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x1) returned 0x2520000 [0241.463] LocalAlloc (uFlags=0x0, uBytes=0x644) returned 0x924298 [0241.463] VirtualAlloc (lpAddress=0x2520000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x40) returned 0x2520000 [0241.464] LoadStringA (in: hInstance=0x44000, uID=0xffc1, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Interface not supported") returned 0x17 [0241.464] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0241.464] LoadStringA (in: hInstance=0x44000, uID=0xffc0, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Assertion failed") returned 0x10 [0241.464] LoadStringA (in: hInstance=0x44000, uID=0xffd2, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Variant or safe array index out of bounds") returned 0x29 [0241.464] LoadStringA (in: hInstance=0x44000, uID=0xffdb, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid argument") returned 0x10 [0241.464] LoadStringA (in: hInstance=0x44000, uID=0xffd1, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Error creating variant or safe array") returned 0x24 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xffee, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Variant method calls not supported") returned 0x22 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xffd5, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid variant operation") returned 0x19 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xffd4, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid variant type conversion") returned 0x1f [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xffe7, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Stack overflow") returned 0xe [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xffe8, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Control-C hit") returned 0xd [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xffe9, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Privileged instruction") returned 0x16 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xffe6, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Access violation") returned 0x10 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xffe4, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid class typecast") returned 0x16 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xffe2, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Floating point underflow") returned 0x18 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xffe1, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Floating point overflow") returned 0x17 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xffe0, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Floating point division by zero") returned 0x1f [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xffff, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid floating point operation") returned 0x20 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xfffe, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Integer overflow") returned 0x10 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xfffd, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Range check error") returned 0x11 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xfffc, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Division by zero") returned 0x10 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xfffb, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid numeric input") returned 0x15 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xfffa, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Disk full") returned 0x9 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xfff9, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Read beyond end of file") returned 0x17 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xfff8, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="File access denied") returned 0x12 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xfff7, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Too many open files") returned 0x13 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xfff6, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="Invalid filename") returned 0x10 [0241.465] LoadStringA (in: hInstance=0x44000, uID=0xfff5, lpBuffer=0x73fa94, cchBufferMax=1024 | out: lpBuffer="File not found") returned 0xe [0241.597] LoadStringA (in: hInstance=0x44000, uID=0xfff3, lpBuffer=0x73fa80, cchBufferMax=1024 | out: lpBuffer="Out of memory") returned 0xd [0241.597] LoadStringA (in: hInstance=0x44000, uID=0xffe3, lpBuffer=0x73fa80, cchBufferMax=1024 | out: lpBuffer="Invalid pointer operation") returned 0x19 [0241.597] GetVersionExA (in: lpVersionInformation=0x73fe18*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x7, dwMinorVersion=0x0, dwBuildNumber=0x2, dwPlatformId=0x900000, szCSDVersion="8") | out: lpVersionInformation=0x73fe18*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0242.382] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0242.383] GetProcAddress (hModule=0x75ce0000, lpProcName="GetDiskFreeSpaceExA") returned 0x75d03220 [0242.383] GetThreadLocale () returned 0x409 [0242.567] GetThreadLocale () returned 0x409 [0242.567] GetLocaleInfoA (in: Locale=0x409, LCType=0x44, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Jan") returned 4 [0244.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x38, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="January") returned 8 [0244.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x45, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Feb") returned 4 [0244.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x39, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="February") returned 9 [0244.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x46, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Mar") returned 4 [0244.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x3a, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="March") returned 6 [0244.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x47, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Apr") returned 4 [0244.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x3b, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="April") returned 6 [0244.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x48, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="May") returned 4 [0244.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x3c, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="May") returned 4 [0244.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x49, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Jun") returned 4 [0244.130] GetLocaleInfoA (in: Locale=0x409, LCType=0x3d, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="June") returned 5 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x4a, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Jul") returned 4 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x3e, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="July") returned 5 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x4b, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Aug") returned 4 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x3f, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="August") returned 7 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x4c, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Sep") returned 4 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x40, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="September") returned 10 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x4d, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Oct") returned 4 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x41, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="October") returned 8 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x4e, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Nov") returned 4 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x42, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="November") returned 9 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x4f, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Dec") returned 4 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x43, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="December") returned 9 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x37, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Sun") returned 4 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x30, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Sunday") returned 7 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x31, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Mon") returned 4 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x2a, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Monday") returned 7 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x32, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Tue") returned 4 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x2b, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Tuesday") returned 8 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x33, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Wed") returned 4 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x2c, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Wednesday") returned 10 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x34, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Thu") returned 4 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x2d, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Thursday") returned 9 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x35, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Fri") returned 4 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x2e, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Friday") returned 7 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x36, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Sat") returned 4 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x2f, lpLCData=0x73fcf0, cchData=256 | out: lpLCData="Saturday") returned 9 [0244.131] GetThreadLocale () returned 0x409 [0244.131] GetLocaleInfoA (in: Locale=0x409, LCType=0x14, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="$") returned 2 [0244.132] GetLocaleInfoA (in: Locale=0x409, LCType=0x1b, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="0") returned 2 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x1c, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="0") returned 2 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0xf, lpLCData=0x73fe44, cchData=2 | out: lpLCData=",") returned 2 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0xe, lpLCData=0x73fe44, cchData=2 | out: lpLCData=".") returned 2 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x19, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="2") returned 2 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x1d, lpLCData=0x73fe44, cchData=2 | out: lpLCData="/") returned 2 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x1f, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="M/d/yyyy") returned 9 [0244.231] GetThreadLocale () returned 0x409 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x73fd18, cchData=256 | out: lpLCData="1") returned 2 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x20, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="dddd, MMMM d, yyyy") returned 19 [0244.231] GetThreadLocale () returned 0x409 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x1009, lpLCData=0x73fd18, cchData=256 | out: lpLCData="1") returned 2 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x1e, lpLCData=0x73fe44, cchData=2 | out: lpLCData=":") returned 2 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x28, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="AM") returned 3 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x29, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="PM") returned 3 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x25, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="0") returned 2 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x23, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="0") returned 2 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0x1005, lpLCData=0x73fd4c, cchData=256 | out: lpLCData="0") returned 2 [0244.231] GetLocaleInfoA (in: Locale=0x409, LCType=0xc, lpLCData=0x73fe44, cchData=2 | out: lpLCData=",") returned 2 [0244.558] GetModuleHandleA (lpModuleName="oleaut32.dll") returned 0x76ca0000 [0244.558] GetProcAddress (hModule=0x76ca0000, lpProcName="VariantChangeTypeEx") returned 0x76cbd780 [0244.559] GetProcAddress (hModule=0x76ca0000, lpProcName="VarNeg") returned 0x76d06e10 [0244.739] GetProcAddress (hModule=0x76ca0000, lpProcName="VarNot") returned 0x76d080b0 [0244.739] GetProcAddress (hModule=0x76ca0000, lpProcName="VarAdd") returned 0x76cde420 [0244.739] GetProcAddress (hModule=0x76ca0000, lpProcName="VarSub") returned 0x76cdf5b0 [0244.739] GetProcAddress (hModule=0x76ca0000, lpProcName="VarMul") returned 0x76cdece0 [0244.740] GetProcAddress (hModule=0x76ca0000, lpProcName="VarDiv") returned 0x76d07350 [0244.740] GetProcAddress (hModule=0x76ca0000, lpProcName="VarIdiv") returned 0x76d07cf0 [0244.740] GetProcAddress (hModule=0x76ca0000, lpProcName="VarMod") returned 0x76d07f50 [0244.740] GetProcAddress (hModule=0x76ca0000, lpProcName="VarAnd") returned 0x76cd0a60 [0244.741] GetProcAddress (hModule=0x76ca0000, lpProcName="VarOr") returned 0x76d08160 [0244.741] GetProcAddress (hModule=0x76ca0000, lpProcName="VarXor") returned 0x76d08300 [0244.741] GetProcAddress (hModule=0x76ca0000, lpProcName="VarCmp") returned 0x76cb4ae0 [0244.741] GetProcAddress (hModule=0x76ca0000, lpProcName="VarI4FromStr") returned 0x76cbac00 [0244.742] GetProcAddress (hModule=0x76ca0000, lpProcName="VarR4FromStr") returned 0x76cd0670 [0244.742] GetProcAddress (hModule=0x76ca0000, lpProcName="VarR8FromStr") returned 0x76cb74c0 [0244.742] GetProcAddress (hModule=0x76ca0000, lpProcName="VarDateFromStr") returned 0x76ccded0 [0244.742] GetProcAddress (hModule=0x76ca0000, lpProcName="VarCyFromStr") returned 0x76d09650 [0244.743] GetProcAddress (hModule=0x76ca0000, lpProcName="VarBoolFromStr") returned 0x76cba9e0 [0244.743] GetProcAddress (hModule=0x76ca0000, lpProcName="VarBstrFromCy") returned 0x76ccd180 [0244.743] GetProcAddress (hModule=0x76ca0000, lpProcName="VarBstrFromDate") returned 0x76ccdcb0 [0244.743] GetProcAddress (hModule=0x76ca0000, lpProcName="VarBstrFromBool") returned 0x76cd0f30 [0245.403] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x77290000 [0245.404] GetProcAddress (hModule=0x77290000, lpProcName="CoCreateInstanceEx") returned 0x779041d0 [0245.404] GetProcAddress (hModule=0x77290000, lpProcName="CoInitializeEx") returned 0x778901c0 [0245.404] GetProcAddress (hModule=0x77290000, lpProcName="CoAddRefServerProcess") returned 0x778ff400 [0245.404] GetProcAddress (hModule=0x77290000, lpProcName="CoReleaseServerProcess") returned 0x778ff340 [0245.404] GetProcAddress (hModule=0x77290000, lpProcName="CoResumeClassObjects") returned 0x778ee020 [0245.404] GetProcAddress (hModule=0x77290000, lpProcName="CoSuspendClassObjects") returned 0x778ff320 [0246.497] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="") returned 0x1c8 [0246.970] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1cc [0246.970] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1d0 [0252.580] QueryPerformanceCounter (in: lpPerformanceCount=0x73feb4 | out: lpPerformanceCount=0x73feb4*=2722033306556) returned 1 [0253.196] SysReAllocStringLen (in: pbstr=0x16506c*=0x0, psz="%Local, ApplicationData FOLDER%", len=0x1f | out: pbstr=0x16506c*="%Local, ApplicationData FOLDER%") returned 1 [0253.198] SysReAllocStringLen (in: pbstr=0x165068*=0x0, psz="%AllUsers, ApplicationData FOLDER%", len=0x22 | out: pbstr=0x165068*="%AllUsers, ApplicationData FOLDER%") returned 1 [0253.198] SysReAllocStringLen (in: pbstr=0x165064*=0x0, psz="%Temp FOLDER%", len=0xd | out: pbstr=0x165064*="%Temp FOLDER%") returned 1 [0253.198] SysReAllocStringLen (in: pbstr=0x165060*=0x0, psz="%ApplicationData FOLDER%", len=0x18 | out: pbstr=0x165060*="%ApplicationData FOLDER%") returned 1 [0253.198] SysReAllocStringLen (in: pbstr=0x16505c*=0x0, psz="%InternetCache FOLDER%", len=0x16 | out: pbstr=0x16505c*="%InternetCache FOLDER%") returned 1 [0253.198] SysReAllocStringLen (in: pbstr=0x165058*=0x0, psz="%Cookies FOLDER%", len=0x10 | out: pbstr=0x165058*="%Cookies FOLDER%") returned 1 [0253.198] SysReAllocStringLen (in: pbstr=0x165054*=0x0, psz="%History FOLDER%", len=0x10 | out: pbstr=0x165054*="%History FOLDER%") returned 1 [0253.198] SysReAllocStringLen (in: pbstr=0x165050*=0x0, psz="%My Pictures FOLDER%", len=0x14 | out: pbstr=0x165050*="%My Pictures FOLDER%") returned 1 [0253.198] SysReAllocStringLen (in: pbstr=0x16504c*=0x0, psz="%AllUsers, Documents FOLDER%", len=0x1c | out: pbstr=0x16504c*="%AllUsers, Documents FOLDER%") returned 1 [0253.198] SysReAllocStringLen (in: pbstr=0x165048*=0x0, psz="%Program Files, Common FOLDER%", len=0x1e | out: pbstr=0x165048*="%Program Files, Common FOLDER%") returned 1 [0253.198] SysReAllocStringLen (in: pbstr=0x165044*=0x0, psz="%Program Files FOLDER%", len=0x16 | out: pbstr=0x165044*="%Program Files FOLDER%") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x165040*=0x0, psz="%My Documents FOLDER%", len=0x15 | out: pbstr=0x165040*="%My Documents FOLDER%") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x16503c*=0x0, psz="%WINDOWS FOLDER%", len=0x10 | out: pbstr=0x16503c*="%WINDOWS FOLDER%") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x165038*=0x0, psz="%SYSTEM FOLDER%", len=0xf | out: pbstr=0x165038*="%SYSTEM FOLDER%") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x165034*=0x0, psz="%DEFAULT FOLDER%", len=0x10 | out: pbstr=0x165034*="%DEFAULT FOLDER%") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x165020*=0x0, psz="af}l|}pvlv}w", len=0xc | out: pbstr=0x165020*="af}l|}pvlv}w") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x164f04*=0x0, psz="af}l|}pvlqvtz}", len=0xe | out: pbstr=0x164f04*="af}l|}pvlqvtz}") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x164de8*=0x0, psz="p{vpxlca|gvpgz|}lv}w", len=0x14 | out: pbstr=0x164de8*="p{vpxlca|gvpgz|}lv}w") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x164ccc*=0x0, psz="p{vpxlca|gvpgz|}lqvtz}", len=0x16 | out: pbstr=0x164ccc*="p{vpxlca|gvpgz|}lqvtz}") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x164bb0*=0x0, psz="e~lv}w\x02", len=0x7 | out: pbstr=0x164bb0*="e~lv}w\x02") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x164a94*=0x0, psz="e~lqvtz}\x02", len=0x9 | out: pbstr=0x164a94*="e~lqvtz}\x02") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x164978*=0x0, psz="e~lv}w", len=0x6 | out: pbstr=0x164978*="e~lv}w") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x16485c*=0x0, psz="e~lqvtz}", len=0x8 | out: pbstr=0x16485c*="e~lqvtz}") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x164740*=0x0, psz="f}ca|gvpgvwlv}w", len=0xf | out: pbstr=0x164740*="f}ca|gvpgvwlv}w") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x164624*=0x0, psz="f}ca|gvpgvwlqvtz}", len=0x11 | out: pbstr=0x164624*="f}ca|gvpgvwlqvtz}") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x164508*=0x0, psz="f}avtlpajcglv}w\x02\x05", len=0x11 | out: pbstr=0x164508*="f}avtlpajcglv}w\x02\x05") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x1643ec*=0x0, psz="f}avtlpajcglqvtz}\x02\x05", len=0x13 | out: pbstr=0x1643ec*="f}avtlpajcglqvtz}\x02\x05") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x1642d0*=0x0, psz="f}avtlpajcglv}w\x02\x06", len=0x11 | out: pbstr=0x1642d0*="f}avtlpajcglv}w\x02\x06") returned 1 [0253.199] SysReAllocStringLen (in: pbstr=0x1641b4*=0x0, psz="f}avtlpajcglqvtz}\x02\x06", len=0x13 | out: pbstr=0x1641b4*="f}avtlpajcglqvtz}\x02\x06") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x164098*=0x0, psz="f}avtlpajcglv}w\x02\x07", len=0x11 | out: pbstr=0x164098*="f}avtlpajcglv}w\x02\x07") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x163f7c*=0x0, psz="f}avtlpajcglqvtz}\x02\x07", len=0x13 | out: pbstr=0x163f7c*="f}avtlpajcglqvtz}\x02\x07") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x163e60*=0x0, psz="f}avtlpajcglv}w\x02", len=0x11 | out: pbstr=0x163e60*="f}avtlpajcglv}w\x02") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x163d44*=0x0, psz="f}avtlpajcglqvtz}\x02", len=0x13 | out: pbstr=0x163d44*="f}avtlpajcglqvtz}\x02") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x163c28*=0x0, psz="f}avtlpajcglv}w\x02\x01", len=0x11 | out: pbstr=0x163c28*="f}avtlpajcglv}w\x02\x01") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x163b0c*=0x0, psz="f}avtlpajcglqvtz}\x02\x01", len=0x13 | out: pbstr=0x163b0c*="f}avtlpajcglqvtz}\x02\x01") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x1639f0*=0x0, psz="f}avtlpajcglv}w\x02\x02", len=0x11 | out: pbstr=0x1639f0*="f}avtlpajcglv}w\x02\x02") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x1638d4*=0x0, psz="f}avtlpajcglqvtz}\x02\x02", len=0x13 | out: pbstr=0x1638d4*="f}avtlpajcglqvtz}\x02\x02") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x1637b8*=0x0, psz="f}avtlpajcglv}w\x02\x03", len=0x11 | out: pbstr=0x1637b8*="f}avtlpajcglv}w\x02\x03") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x16369c*=0x0, psz="f}avtlpajcglqvtz}\x02\x03", len=0x13 | out: pbstr=0x16369c*="f}avtlpajcglqvtz}\x02\x03") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x163580*=0x0, psz="f}avtlpajcglv}w\n", len=0x10 | out: pbstr=0x163580*="f}avtlpajcglv}w\n") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x163464*=0x0, psz="f}avtlpajcglqvtz}\n", len=0x12 | out: pbstr=0x163464*="f}avtlpajcglqvtz}\n") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x163348*=0x0, psz="f}avtlpajcglv}w\x0b", len=0x10 | out: pbstr=0x163348*="f}avtlpajcglv}w\x0b") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x16322c*=0x0, psz="f}avtlpajcglqvtz}\x0b", len=0x12 | out: pbstr=0x16322c*="f}avtlpajcglqvtz}\x0b") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x163110*=0x0, psz="f}avtlpajcglv}w\x04", len=0x10 | out: pbstr=0x163110*="f}avtlpajcglv}w\x04") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x162ff4*=0x0, psz="f}avtlpajcglqvtz}\x04", len=0x12 | out: pbstr=0x162ff4*="f}avtlpajcglqvtz}\x04") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x162ed8*=0x0, psz="f}avtlpajcglv}w\x05", len=0x10 | out: pbstr=0x162ed8*="f}avtlpajcglv}w\x05") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x162dbc*=0x0, psz="f}avtlpajcglqvtz}\x05", len=0x12 | out: pbstr=0x162dbc*="f}avtlpajcglqvtz}\x05") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x162ca0*=0x0, psz="f}avtlpajcglv}w\x06", len=0x10 | out: pbstr=0x162ca0*="f}avtlpajcglv}w\x06") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x162b84*=0x0, psz="f}avtlpajcglqvtz}\x06", len=0x12 | out: pbstr=0x162b84*="f}avtlpajcglqvtz}\x06") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x162a68*=0x0, psz="f}avtlpajcglv}w\x07", len=0x10 | out: pbstr=0x162a68*="f}avtlpajcglv}w\x07") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x16294c*=0x0, psz="f}avtlpajcglqvtz}\x07", len=0x12 | out: pbstr=0x16294c*="f}avtlpajcglqvtz}\x07") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x162830*=0x0, psz="f}avtlpajcglv}w", len=0x10 | out: pbstr=0x162830*="f}avtlpajcglv}w") returned 1 [0253.200] SysReAllocStringLen (in: pbstr=0x162714*=0x0, psz="f}avtlpajcglqvtz}", len=0x12 | out: pbstr=0x162714*="f}avtlpajcglqvtz}") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x1625f8*=0x0, psz="f}avtlpajcglv}w\x01", len=0x10 | out: pbstr=0x1625f8*="f}avtlpajcglv}w\x01") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x1624dc*=0x0, psz="f}avtlpajcglqvtz}\x01", len=0x12 | out: pbstr=0x1624dc*="f}avtlpajcglqvtz}\x01") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x1623c0*=0x0, psz="f}avtlpajcglv}w\x02", len=0x10 | out: pbstr=0x1623c0*="f}avtlpajcglv}w\x02") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x1622a4*=0x0, psz="f}avtlpajcglqvtz}\x02", len=0x12 | out: pbstr=0x1622a4*="f}avtlpajcglqvtz}\x02") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x162188*=0x0, psz="wvpajcgl|}lvkvpfgvlv}w", len=0x16 | out: pbstr=0x162188*="wvpajcgl|}lvkvpfgvlv}w") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x16206c*=0x0, psz="wvpajcgl|}lvkvpfgvlqvtz}", len=0x18 | out: pbstr=0x16206c*="wvpajcgl|}lvkvpfgvlqvtz}") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x161f50*=0x0, psz="avtlpajcglv}w\x02\x05", len=0xf | out: pbstr=0x161f50*="avtlpajcglv}w\x02\x05") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x161e34*=0x0, psz="avtlpajcglqvtz}\x02\x05", len=0x11 | out: pbstr=0x161e34*="avtlpajcglqvtz}\x02\x05") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x161d18*=0x0, psz="avtlpajcglv}w\x02\x06", len=0xf | out: pbstr=0x161d18*="avtlpajcglv}w\x02\x06") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x161bfc*=0x0, psz="avtlpajcglqvtz}\x02\x06", len=0x11 | out: pbstr=0x161bfc*="avtlpajcglqvtz}\x02\x06") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x161ae0*=0x0, psz="avtlpajcglv}w\x02\x07", len=0xf | out: pbstr=0x161ae0*="avtlpajcglv}w\x02\x07") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x1619c4*=0x0, psz="avtlpajcglqvtz}\x02\x07", len=0x11 | out: pbstr=0x1619c4*="avtlpajcglqvtz}\x02\x07") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x1618a8*=0x0, psz="avtlpajcglv}w\x02", len=0xf | out: pbstr=0x1618a8*="avtlpajcglv}w\x02") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x16178c*=0x0, psz="avtlpajcglqvtz}\x02", len=0x11 | out: pbstr=0x16178c*="avtlpajcglqvtz}\x02") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x161670*=0x0, psz="avtlpajcglv}w\x02\x01", len=0xf | out: pbstr=0x161670*="avtlpajcglv}w\x02\x01") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x161554*=0x0, psz="avtlpajcglqvtz}\x02\x01", len=0x11 | out: pbstr=0x161554*="avtlpajcglqvtz}\x02\x01") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x161438*=0x0, psz="avtlpajcglv}w\x02\x02", len=0xf | out: pbstr=0x161438*="avtlpajcglv}w\x02\x02") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x16131c*=0x0, psz="avtlpajcglqvtz}\x02\x02", len=0x11 | out: pbstr=0x16131c*="avtlpajcglqvtz}\x02\x02") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x161200*=0x0, psz="avtlpajcglv}w\x02\x03", len=0xf | out: pbstr=0x161200*="avtlpajcglv}w\x02\x03") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x1610e4*=0x0, psz="avtlpajcglqvtz}\x02\x03", len=0x11 | out: pbstr=0x1610e4*="avtlpajcglqvtz}\x02\x03") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x160fc8*=0x0, psz="avtlpajcglv}w\n", len=0xe | out: pbstr=0x160fc8*="avtlpajcglv}w\n") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x160eac*=0x0, psz="avtlpajcglqvtz}\n", len=0x10 | out: pbstr=0x160eac*="avtlpajcglqvtz}\n") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x160d90*=0x0, psz="avtlpajcglv}w\x0b", len=0xe | out: pbstr=0x160d90*="avtlpajcglv}w\x0b") returned 1 [0253.201] SysReAllocStringLen (in: pbstr=0x160c74*=0x0, psz="avtlpajcglqvtz}\x0b", len=0x10 | out: pbstr=0x160c74*="avtlpajcglqvtz}\x0b") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x160b58*=0x0, psz="avtlpajcglv}w\x04", len=0xe | out: pbstr=0x160b58*="avtlpajcglv}w\x04") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x160a3c*=0x0, psz="avtlpajcglqvtz}\x04", len=0x10 | out: pbstr=0x160a3c*="avtlpajcglqvtz}\x04") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x160920*=0x0, psz="avtlpajcglv}w\x05", len=0xe | out: pbstr=0x160920*="avtlpajcglv}w\x05") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x160804*=0x0, psz="avtlpajcglqvtz}\x05", len=0x10 | out: pbstr=0x160804*="avtlpajcglqvtz}\x05") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x1606e8*=0x0, psz="avtlpajcglv}w\x06", len=0xe | out: pbstr=0x1606e8*="avtlpajcglv}w\x06") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x1605cc*=0x0, psz="avtlpajcglqvtz}\x06", len=0x10 | out: pbstr=0x1605cc*="avtlpajcglqvtz}\x06") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x1604b0*=0x0, psz="avtlpajcglv}w\x07", len=0xe | out: pbstr=0x1604b0*="avtlpajcglv}w\x07") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x160394*=0x0, psz="avtlpajcglqvtz}\x07", len=0x10 | out: pbstr=0x160394*="avtlpajcglqvtz}\x07") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x160278*=0x0, psz="avtlpajcglv}w", len=0xe | out: pbstr=0x160278*="avtlpajcglv}w") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x16015c*=0x0, psz="avtlpajcglqvtz}", len=0x10 | out: pbstr=0x16015c*="avtlpajcglqvtz}") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x160040*=0x0, psz="avtlpajcglv}w\x01", len=0xe | out: pbstr=0x160040*="avtlpajcglv}w\x01") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x15ff24*=0x0, psz="avtlpajcglqvtz}\x01", len=0x10 | out: pbstr=0x15ff24*="avtlpajcglqvtz}\x01") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x15fe08*=0x0, psz="avtlpajcglv}w\x02", len=0xe | out: pbstr=0x15fe08*="avtlpajcglv}w\x02") returned 1 [0253.202] SysReAllocStringLen (in: pbstr=0x15fcec*=0x0, psz="avtlpajcglqvtz}\x02", len=0x10 | out: pbstr=0x15fcec*="avtlpajcglqvtz}\x02") returned 1 [0253.366] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0253.540] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x7d0000 [0253.541] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0253.541] GetProcAddress (hModule=0x75ce0000, lpProcName="GetProcAddress") returned 0x75cff4b0 [0253.541] GetProcAddress (hModule=0x77d40000, lpProcName="ZwClose") returned 0x77db1180 [0253.542] GetProcAddress (hModule=0x77d40000, lpProcName="ZwSetInformationFile") returned 0x77db1320 [0253.542] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryInformationFile") returned 0x77db11a0 [0253.542] GetProcAddress (hModule=0x77d40000, lpProcName="ZwReadFile") returned 0x77db10f0 [0253.542] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateFile") returned 0x77db1600 [0253.542] GetProcAddress (hModule=0x77d40000, lpProcName="ZwOpenFile") returned 0x77db13e0 [0253.542] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryAttributesFile") returned 0x77db1480 [0253.542] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateSection") returned 0x77db1550 [0253.542] GetProcAddress (hModule=0x77d40000, lpProcName="ZwMapViewOfSection") returned 0x77db1330 [0253.542] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQuerySection") returned 0x77db15c0 [0253.543] GetProcAddress (hModule=0x77d40000, lpProcName="ZwUnmapViewOfSection") returned 0x77db1350 [0253.543] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryFullAttributesFile") returned 0x77db2510 [0253.543] GetProcAddress (hModule=0x77d40000, lpProcName="ZwWriteFile") returned 0x77db1110 [0253.543] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryObject") returned 0x77db1190 [0253.543] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryDirectoryFile") returned 0x77db1400 [0253.543] GetProcAddress (hModule=0x77d40000, lpProcName="ZwOpenSection") returned 0x77db1420 [0253.543] GetProcAddress (hModule=0x77d40000, lpProcName="ZwDuplicateObject") returned 0x77db1470 [0253.543] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryVolumeInformationFile") returned 0x77db1540 [0253.544] GetProcAddress (hModule=0x77d40000, lpProcName="ZwDeleteFile") returned 0x77db1dd0 [0253.544] GetProcAddress (hModule=0x77d40000, lpProcName="ZwLockFile") returned 0x77db2150 [0253.544] GetProcAddress (hModule=0x77d40000, lpProcName="ZwUnlockFile") returned 0x77db2d50 [0253.544] GetProcAddress (hModule=0x77d40000, lpProcName="ZwTerminateProcess") returned 0x77db1370 [0253.544] GetProcAddress (hModule=0x77d40000, lpProcName="ZwOpenKey") returned 0x77db11b0 [0253.544] GetProcAddress (hModule=0x77d40000, lpProcName="ZwEnumerateValueKey") returned 0x77db11c0 [0253.544] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryKey") returned 0x77db11f0 [0253.544] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryValueKey") returned 0x77db1200 [0253.545] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateKey") returned 0x77db1280 [0253.545] GetProcAddress (hModule=0x77d40000, lpProcName="ZwEnumerateKey") returned 0x77db13d0 [0253.545] GetProcAddress (hModule=0x77d40000, lpProcName="ZwSetValueKey") returned 0x77db16b0 [0253.545] GetProcAddress (hModule=0x77d40000, lpProcName="ZwDeleteKey") returned 0x77db1de0 [0253.545] GetProcAddress (hModule=0x77d40000, lpProcName="ZwDeleteValueKey") returned 0x77db1e10 [0253.545] GetProcAddress (hModule=0x77d40000, lpProcName="ZwFlushKey") returned 0x77db1f40 [0253.545] GetProcAddress (hModule=0x77d40000, lpProcName="ZwLoadKey") returned 0x77db2120 [0253.545] GetProcAddress (hModule=0x77d40000, lpProcName="ZwLoadKey2") returned 0x77db2130 [0253.546] GetProcAddress (hModule=0x77d40000, lpProcName="ZwNotifyChangeKey") returned 0x77db2240 [0253.546] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryMultipleValueKey") returned 0x77db25f0 [0253.546] GetProcAddress (hModule=0x77d40000, lpProcName="ZwReplaceKey") returned 0x77db27f0 [0253.546] GetProcAddress (hModule=0x77d40000, lpProcName="ZwRestoreKey") returned 0x77db2850 [0253.546] GetProcAddress (hModule=0x77d40000, lpProcName="ZwSaveKey") returned 0x77db28d0 [0253.546] GetProcAddress (hModule=0x77d40000, lpProcName="ZwSetInformationKey") returned 0x77db2a30 [0253.546] GetProcAddress (hModule=0x77d40000, lpProcName="ZwUnloadKey") returned 0x77db2d20 [0253.546] GetProcAddress (hModule=0x77d40000, lpProcName="ZwAccessCheck") returned 0x77db1090 [0253.546] GetProcAddress (hModule=0x77d40000, lpProcName="ZwExtendSection") returned 0x77db1ed0 [0253.547] GetProcAddress (hModule=0x77d40000, lpProcName="ZwFlushBuffersFile") returned 0x77db1560 [0253.547] GetProcAddress (hModule=0x77d40000, lpProcName="ZwFsControlFile") returned 0x77db1440 [0253.547] GetProcAddress (hModule=0x77d40000, lpProcName="ZwNotifyChangeDirectoryFile") returned 0x77db2220 [0253.547] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQuerySecurityObject") returned 0x77db2660 [0253.547] GetProcAddress (hModule=0x77d40000, lpProcName="ZwSetSecurityObject") returned 0x77db2b20 [0253.547] GetProcAddress (hModule=0x77d40000, lpProcName="ZwSetVolumeInformationFile") returned 0x77db2bd0 [0253.547] GetProcAddress (hModule=0x77d40000, lpProcName="ZwOpenKeyEx") returned 0x77db22b0 [0253.547] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateProcess") returned 0x77db1c40 [0253.547] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateProcessEx") returned 0x77db1580 [0253.548] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateUserProcess") returned 0x77db1d30 [0253.548] GetProcAddress (hModule=0x77d40000, lpProcName="ZwResumeThread") returned 0x77db15d0 [0253.548] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateThread") returned 0x77db1590 [0253.548] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryInformationProcess") returned 0x77db1220 [0253.548] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryVirtualMemory") returned 0x77db12e0 [0253.548] GetProcAddress (hModule=0x77d40000, lpProcName="ZwDeviceIoControlFile") returned 0x77db1100 [0253.548] GetProcAddress (hModule=0x77d40000, lpProcName="ZwUnmapViewOfSectionEx") returned 0x77db2d70 [0253.548] VirtualFree (lpAddress=0x7d0000, dwSize=0x1000, dwFreeType=0x4000) returned 1 [0253.549] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0253.549] GetProcAddress (hModule=0x77d40000, lpProcName="ZwProtectVirtualMemory") returned 0x77db15b0 [0253.549] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0253.550] GetProcAddress (hModule=0x77d40000, lpProcName="ZwClose") returned 0x77db1180 [0253.550] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0253.550] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryInformationFile") returned 0x77db11a0 [0253.550] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0253.550] GetProcAddress (hModule=0x77d40000, lpProcName="ZwSetInformationFile") returned 0x77db1320 [0253.550] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0253.550] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateFile") returned 0x77db1600 [0253.550] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0253.551] GetProcAddress (hModule=0x77d40000, lpProcName="ZwWriteFile") returned 0x77db1110 [0253.709] QueryPerformanceCounter (in: lpPerformanceCount=0x73feb4 | out: lpPerformanceCount=0x73feb4*=2722146208800) returned 1 [0253.709] VirtualAlloc (lpAddress=0x0, dwSize=0x4, flAllocationType=0x1000, flProtect=0x1) returned 0x8c0000 [0253.709] SysReAllocStringLen (in: pbstr=0x1658d8*=0x0, psz="enigma_ide.dll", len=0xe | out: pbstr=0x1658d8*="enigma_ide.dll") returned 1 [0254.162] ReleaseDC (hWnd=0x0, hDC=0x120108c2) returned 1 [0254.179] ReleaseDC (hWnd=0x0, hDC=0x120108c2) returned 1 [0254.179] GetStockObject (i=7) returned 0xb00017 [0254.179] GetStockObject (i=5) returned 0x900015 [0254.179] GetStockObject (i=13) returned 0x58a00b4 [0254.179] LoadIconA (hInstance=0x0, lpIconName=0x7f00) returned 0x1002b [0254.180] MulDiv (nNumber=8, nNumerator=96, nDenominator=72) returned 11 [0254.309] GetModuleHandleA (lpModuleName="USER32.DLL") returned 0x769d0000 [0254.508] LoadStringA (in: hInstance=0x44000, uID=0xff28, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Alt+") returned 0x4 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff27, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Ctrl+") returned 0x5 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff26, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Shift+") returned 0x6 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff25, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Del") returned 0x3 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff24, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Ins") returned 0x3 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff23, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Down") returned 0x4 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff22, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Right") returned 0x5 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff21, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Up") returned 0x2 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff20, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Left") returned 0x4 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff3f, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Home") returned 0x4 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff3e, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="End") returned 0x3 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff3d, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="PgDn") returned 0x4 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff3c, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="PgUp") returned 0x4 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff3b, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Space") returned 0x5 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff3a, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Enter") returned 0x5 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff39, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Esc") returned 0x3 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff38, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Tab") returned 0x3 [0254.509] LoadStringA (in: hInstance=0x44000, uID=0xff37, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="BkSp") returned 0x4 [0255.116] RegisterClipboardFormatA (lpszFormat="commdlg_help") returned 0xc15d [0255.116] RegisterClipboardFormatA (lpszFormat="commdlg_FindReplace") returned 0xc205 [0255.116] GetCurrentThreadId () returned 0xfe0 [0255.496] GlobalAddAtomA (lpString="EnigmaWndProcPtr0002000000000FE0") returned 0xc176 [0255.513] LoadStringA (in: hInstance=0x44000, uID=0xfee3, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Window Text") returned 0xb [0255.513] LoadStringA (in: hInstance=0x44000, uID=0xfee2, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Window Frame") returned 0xc [0255.513] LoadStringA (in: hInstance=0x44000, uID=0xfee1, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Window Background") returned 0x11 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfee0, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="3D Light") returned 0x8 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfeff, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="3D Dark Shadow") returned 0xe [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfefe, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Scroll Bar") returned 0xa [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfefd, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="None") returned 0x4 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfefc, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Menu Text") returned 0x9 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfefb, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Menu Background") returned 0xf [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfefa, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Info Text") returned 0x9 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfef9, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Info Background") returned 0xf [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfef8, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption Text") returned 0x15 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfef7, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Inactive Caption") returned 0x10 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfef6, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Inactive Border") returned 0xf [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfef5, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Highlight Text") returned 0xe [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfef4, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Highlight Background") returned 0x14 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfef3, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Gray Text") returned 0x9 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfef2, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Default") returned 0x7 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfef1, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Caption Text") returned 0xc [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xfef0, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Button Text") returned 0xb [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff0f, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Button Shadow") returned 0xd [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff0e, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Button Highlight") returned 0x10 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff0d, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Button Face") returned 0xb [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff0c, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Background") returned 0xa [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff0b, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Application Workspace") returned 0x15 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff0a, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Active Caption") returned 0xe [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff09, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Active Border") returned 0xd [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff08, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Medium Gray") returned 0xb [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff07, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Cream") returned 0x5 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff06, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Sky Blue") returned 0x8 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff05, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Money Green") returned 0xb [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff04, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="White") returned 0x5 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff03, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Aqua") returned 0x4 [0255.514] LoadStringA (in: hInstance=0x44000, uID=0xff02, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Fuchsia") returned 0x7 [0255.515] LoadStringA (in: hInstance=0x44000, uID=0xff01, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Blue") returned 0x4 [0255.515] LoadStringA (in: hInstance=0x44000, uID=0xff00, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Yellow") returned 0x6 [0255.515] LoadStringA (in: hInstance=0x44000, uID=0xff1f, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Lime") returned 0x4 [0255.515] LoadStringA (in: hInstance=0x44000, uID=0xff1e, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Red") returned 0x3 [0255.515] LoadStringA (in: hInstance=0x44000, uID=0xff1d, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Silver") returned 0x6 [0255.515] LoadStringA (in: hInstance=0x44000, uID=0xff1c, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Gray") returned 0x4 [0255.515] LoadStringA (in: hInstance=0x44000, uID=0xff1b, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Teal") returned 0x4 [0255.515] LoadStringA (in: hInstance=0x44000, uID=0xff1a, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Purple") returned 0x6 [0255.515] LoadStringA (in: hInstance=0x44000, uID=0xff19, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Navy") returned 0x4 [0255.515] LoadStringA (in: hInstance=0x44000, uID=0xff18, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Olive") returned 0x5 [0255.515] LoadStringA (in: hInstance=0x44000, uID=0xff17, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Green") returned 0x5 [0255.515] LoadStringA (in: hInstance=0x44000, uID=0xff16, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Maroon") returned 0x6 [0255.515] LoadStringA (in: hInstance=0x44000, uID=0xff15, lpBuffer=0x73faa4, cchBufferMax=1024 | out: lpBuffer="Black") returned 0x5 [0255.594] RegisterClipboardFormatA (lpszFormat="Delphi Picture") returned 0xc1f4 [0255.594] RegisterClipboardFormatA (lpszFormat="Delphi Component") returned 0xc206 [0255.676] GetModuleHandleA (lpModuleName="comctl32.dll") returned 0x703e0000 [0255.676] GetProcAddress (hModule=0x703e0000, lpProcName="InitializeFlatSB") returned 0x703fac50 [0255.676] GetProcAddress (hModule=0x703e0000, lpProcName="UninitializeFlatSB") returned 0x703fa9f0 [0255.676] GetProcAddress (hModule=0x703e0000, lpProcName="FlatSB_GetScrollProp") returned 0x703fc760 [0255.676] GetProcAddress (hModule=0x703e0000, lpProcName="FlatSB_SetScrollProp") returned 0x703fd980 [0255.677] GetProcAddress (hModule=0x703e0000, lpProcName="FlatSB_EnableScrollBar") returned 0x703fcc70 [0255.677] GetProcAddress (hModule=0x703e0000, lpProcName="FlatSB_ShowScrollBar") returned 0x703fca30 [0255.677] GetProcAddress (hModule=0x703e0000, lpProcName="FlatSB_GetScrollRange") returned 0x703fc8c0 [0255.677] GetProcAddress (hModule=0x703e0000, lpProcName="FlatSB_GetScrollInfo") returned 0x703fc950 [0255.677] GetProcAddress (hModule=0x703e0000, lpProcName="FlatSB_GetScrollPos") returned 0x703fc700 [0255.677] GetProcAddress (hModule=0x703e0000, lpProcName="FlatSB_SetScrollPos") returned 0x703fd730 [0255.677] GetProcAddress (hModule=0x703e0000, lpProcName="FlatSB_SetScrollInfo") returned 0x703fd8b0 [0255.677] GetProcAddress (hModule=0x703e0000, lpProcName="FlatSB_SetScrollRange") returned 0x703fd7c0 [0255.695] GetModuleHandleA (lpModuleName="User32.dll") returned 0x769d0000 [0255.695] GetProcAddress (hModule=0x769d0000, lpProcName="SetLayeredWindowAttributes") returned 0x76a0f010 [0255.695] RegisterClipboardFormatA (lpszFormat="TaskbarCreated") returned 0xc083 [0255.764] GetVersion () returned 0x23f00206 [0255.764] GetCurrentProcessId () returned 0x1428 [0256.046] GlobalAddAtomA (lpString="EnigmaDelphi00001428") returned 0xc175 [0256.046] GetCurrentThreadId () returned 0xfe0 [0256.046] GlobalAddAtomA (lpString="EnigmaControlOfs0002000000000FE0") returned 0xc174 [0256.046] RegisterClipboardFormatA (lpszFormat="ControlOfs0002000000000FE0") returned 0xc207 [0256.046] GetProcAddress (hModule=0x769d0000, lpProcName="GetMonitorInfoA") returned 0x769f16a0 [0256.046] GetProcAddress (hModule=0x769d0000, lpProcName="GetSystemMetrics") returned 0x76a01aa0 [0256.046] GetSystemMetrics (nIndex=19) returned 1 [0256.062] GetSystemMetrics (nIndex=75) returned 1 [0256.062] SystemParametersInfoA (in: uiAction=0x68, uiParam=0x0, pvParam=0x2521870, fWinIni=0x0 | out: pvParam=0x2521870) returned 1 [0256.230] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0256.230] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0256.231] LoadCursorA (hInstance=0x20000, lpCursorName=0x7ff9) returned 0x0 [0256.231] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8b) returned 0x1001b [0256.231] LoadCursorA (hInstance=0x0, lpCursorName=0x7f8a) returned 0x10019 [0256.231] LoadCursorA (hInstance=0x0, lpCursorName=0x7f88) returned 0x10017 [0256.232] LoadCursorA (hInstance=0x20000, lpCursorName=0x7ffa) returned 0x0 [0256.232] LoadCursorA (hInstance=0x20000, lpCursorName=0x7ffb) returned 0x0 [0256.232] LoadCursorA (hInstance=0x20000, lpCursorName=0x7ffc) returned 0x0 [0256.232] LoadCursorA (hInstance=0x20000, lpCursorName=0x7ffd) returned 0x0 [0256.232] LoadCursorA (hInstance=0x20000, lpCursorName=0x7fff) returned 0x0 [0256.232] LoadCursorA (hInstance=0x20000, lpCursorName=0x7ffe) returned 0x0 [0256.232] LoadCursorA (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0256.232] LoadCursorA (hInstance=0x0, lpCursorName=0x7f04) returned 0x1000b [0256.232] LoadCursorA (hInstance=0x0, lpCursorName=0x7f84) returned 0x10011 [0256.232] LoadCursorA (hInstance=0x0, lpCursorName=0x7f82) returned 0x1000d [0256.232] LoadCursorA (hInstance=0x0, lpCursorName=0x7f85) returned 0x10013 [0256.233] LoadCursorA (hInstance=0x0, lpCursorName=0x7f83) returned 0x1000f [0256.233] LoadCursorA (hInstance=0x0, lpCursorName=0x7f86) returned 0x10015 [0256.233] LoadCursorA (hInstance=0x0, lpCursorName=0x7f01) returned 0x10005 [0256.233] LoadCursorA (hInstance=0x0, lpCursorName=0x7f03) returned 0x10009 [0256.233] LoadCursorA (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0256.233] GetKeyboardLayout (idThread=0x0) returned 0x4090409 [0256.233] ReleaseDC (hWnd=0x0, hDC=0x120108c2) returned 1 [0256.233] GetProcAddress (hModule=0x769d0000, lpProcName="EnumDisplayMonitors") returned 0x76a0e260 [0256.234] EnumDisplayMonitors (hdc=0x0, lprcClip=0x0, lpfnEnum=0xc6228, dwData=0x2521abc) returned 1 [0256.514] SystemParametersInfoA (in: uiAction=0x1f, uiParam=0x3c, pvParam=0x73fe0f, fWinIni=0x0 | out: pvParam=0x73fe0f) returned 1 [0256.515] CreateFontIndirectA (lplf=0x73fe0f) returned 0x820a08c8 [0256.516] GetObjectA (in: h=0x820a08c8, c=60, pv=0x73fc00 | out: pv=0x73fc00) returned 60 [0256.516] SystemParametersInfoA (in: uiAction=0x29, uiParam=0x0, pvParam=0x73fcbb, fWinIni=0x0 | out: pvParam=0x73fcbb) returned 1 [0256.522] CreateFontIndirectA (lplf=0x73fd97) returned 0x550a08c3 [0256.522] GetObjectA (in: h=0x550a08c3, c=60, pv=0x73fc00 | out: pv=0x73fc00) returned 60 [0256.522] CreateFontIndirectA (lplf=0x73fd5b) returned 0x9a0a08e9 [0256.522] GetObjectA (in: h=0x9a0a08e9, c=60, pv=0x73fc00 | out: pv=0x73fc00) returned 60 [0256.539] LoadIconA (hInstance=0x0, lpIconName="MAINICON") returned 0x0 [0256.540] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x73fd6f, nSize=0x100 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0256.541] OemToCharA (in: pSrc="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", pDst=0x73fd6f | out: pDst="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0256.979] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x22a0000 [0256.980] GetKeyboardLayoutList (in: nBuff=64, lpList=0x73fcf0 | out: lpList=0x73fcf0) returned 1 [0257.194] GetModuleHandleA (lpModuleName="USER32") returned 0x769d0000 [0257.194] GetProcAddress (hModule=0x769d0000, lpProcName="AnimateWindow") returned 0x769f2d60 [0257.292] SysReAllocStringLen (in: pbstr=0x1663dc*=0x0, psz="Help", len=0x4 | out: pbstr=0x1663dc*="Help") returned 1 [0257.292] SysReAllocStringLen (in: pbstr=0x1663d8*=0x0, psz="YesToAll", len=0x8 | out: pbstr=0x1663d8*="YesToAll") returned 1 [0257.292] SysReAllocStringLen (in: pbstr=0x1663d4*=0x0, psz="NoToAll", len=0x7 | out: pbstr=0x1663d4*="NoToAll") returned 1 [0257.292] SysReAllocStringLen (in: pbstr=0x1663d0*=0x0, psz="All", len=0x3 | out: pbstr=0x1663d0*="All") returned 1 [0257.293] SysReAllocStringLen (in: pbstr=0x1663cc*=0x0, psz="Ignore", len=0x6 | out: pbstr=0x1663cc*="Ignore") returned 1 [0257.293] SysReAllocStringLen (in: pbstr=0x1663c8*=0x0, psz="Retry", len=0x5 | out: pbstr=0x1663c8*="Retry") returned 1 [0257.293] SysReAllocStringLen (in: pbstr=0x1663c4*=0x0, psz="Abort", len=0x5 | out: pbstr=0x1663c4*="Abort") returned 1 [0257.293] SysReAllocStringLen (in: pbstr=0x1663c0*=0x0, psz="Cancel", len=0x6 | out: pbstr=0x1663c0*="Cancel") returned 1 [0257.293] SysReAllocStringLen (in: pbstr=0x1663bc*=0x0, psz="OK", len=0x2 | out: pbstr=0x1663bc*="OK") returned 1 [0257.293] SysReAllocStringLen (in: pbstr=0x1663b8*=0x0, psz="No", len=0x2 | out: pbstr=0x1663b8*="No") returned 1 [0257.293] SysReAllocStringLen (in: pbstr=0x1663b4*=0x0, psz="Yes", len=0x3 | out: pbstr=0x1663b4*="Yes") returned 1 [0257.449] GetTickCount () returned 0x19d1748 [0257.449] GetTickCount () returned 0x19d1748 [0257.449] GetCurrentThreadId () returned 0xfe0 [0257.449] SetWindowsHookExW (idHook=3, lpfn=0xef384, hmod=0x0, dwThreadId=0xfe0) returned 0xb0203 [0257.527] RegisterClipboardFormatA (lpszFormat="TntUnicodeVcl.DestroyWindow") returned 0xc208 [0257.527] VirtualQuery (in: lpAddress=0xd6f48, lpBuffer=0x73fe4c, dwLength=0x1c | out: lpBuffer=0x73fe4c*(BaseAddress=0xd6000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x1ed000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0257.527] GetCurrentProcessId () returned 0x1428 [0257.527] GetCurrentThreadId () returned 0xfe0 [0257.527] GlobalAddAtomA (lpString="EnigmaDelphi00001428") returned 0xc175 [0257.528] GlobalAddAtomA (lpString="EnigmaControlOfs0002000000000FE0") returned 0xc174 [0257.605] LoadCursorA (hInstance=0x0, lpCursorName=0x7f89) returned 0x1001f [0257.605] DestroyCursor (hCursor=0x0) returned 0 [0257.622] QueryPerformanceCounter (in: lpPerformanceCount=0x73feb4 | out: lpPerformanceCount=0x73feb4*=2722537517593) returned 1 [0257.647] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x1f4 [0257.647] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1f8 [0257.872] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.872] GetProcAddress (hModule=0x75ce0000, lpProcName="UnhandledExceptionFilter") returned 0x75d14f30 [0257.872] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.872] GetProcAddress (hModule=0x75ce0000, lpProcName="DebugBreak") returned 0x75d12f90 [0257.873] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.873] GetProcAddress (hModule=0x75ce0000, lpProcName="FatalAppExitA") returned 0x75d13260 [0257.873] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.873] GetProcAddress (hModule=0x75ce0000, lpProcName="RtlRaiseException") returned 0x0 [0257.980] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.980] GetProcAddress (hModule=0x75ce0000, lpProcName="GetModuleHandleA") returned 0x75d009c0 [0257.981] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.981] GetProcAddress (hModule=0x75ce0000, lpProcName="GetModuleHandleW") returned 0x75d00db0 [0257.981] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.981] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateFileA") returned 0x75d03090 [0257.981] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.981] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateFileW") returned 0x75d030a0 [0257.981] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.981] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateFileMappingA") returned 0x75cf16b0 [0257.982] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.982] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateFileMappingW") returned 0x75d00400 [0257.982] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.982] GetProcAddress (hModule=0x75ce0000, lpProcName="ReadFile") returned 0x75d03420 [0257.982] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.982] GetProcAddress (hModule=0x75ce0000, lpProcName="CloseHandle") returned 0x75d02e40 [0257.983] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.983] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFileSize") returned 0x75d032c0 [0257.983] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.983] GetProcAddress (hModule=0x75ce0000, lpProcName="SetFilePointer") returned 0x75d034b0 [0257.983] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.983] GetProcAddress (hModule=0x75ce0000, lpProcName="MapViewOfFile") returned 0x75cff4f0 [0257.983] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.984] GetProcAddress (hModule=0x75ce0000, lpProcName="MapViewOfFileEx") returned 0x75d010d0 [0257.984] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.984] GetProcAddress (hModule=0x75ce0000, lpProcName="UnmapViewOfFile") returned 0x75d00530 [0257.984] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.984] GetProcAddress (hModule=0x75ce0000, lpProcName="LoadLibraryA") returned 0x75d00b30 [0257.984] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.984] GetProcAddress (hModule=0x75ce0000, lpProcName="LoadLibraryExA") returned 0x75d01580 [0257.985] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.985] GetProcAddress (hModule=0x75ce0000, lpProcName="LoadLibraryW") returned 0x75d01620 [0257.985] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.985] GetProcAddress (hModule=0x75ce0000, lpProcName="LoadLibraryExW") returned 0x75cff300 [0257.985] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.985] GetProcAddress (hModule=0x75ce0000, lpProcName="FreeLibrary") returned 0x75d00a40 [0257.985] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.985] GetProcAddress (hModule=0x75ce0000, lpProcName="FreeResource") returned 0x75d01160 [0257.986] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.986] GetProcAddress (hModule=0x75ce0000, lpProcName="GetVersion") returned 0x75d018d0 [0257.986] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.986] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCurrentProcessId") returned 0x75d02df0 [0257.986] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.986] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCurrentProcess") returned 0x75d02de0 [0257.986] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.986] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCommandLineA") returned 0x75d01e40 [0257.987] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.987] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCommandLineW") returned 0x75d01cd0 [0257.987] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.987] GetProcAddress (hModule=0x75ce0000, lpProcName="LockResource") returned 0x75cff2a0 [0257.987] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0257.987] GetProcAddress (hModule=0x75ce0000, lpProcName="GetProcAddress") returned 0x75cff4b0 [0258.786] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0258.787] VirtualAlloc (lpAddress=0x0, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x40) returned 0x22b0000 [0258.787] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0258.787] GetProcAddress (hModule=0x75ce0000, lpProcName="GetProcAddress") returned 0x75cff4b0 [0258.790] GetProcAddress (hModule=0x77d40000, lpProcName="ZwClose") returned 0x77db1180 [0258.790] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateFile") returned 0x77db1600 [0258.790] GetProcAddress (hModule=0x77d40000, lpProcName="ZwOpenFile") returned 0x77db13e0 [0258.791] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateSection") returned 0x77db1550 [0258.791] GetProcAddress (hModule=0x77d40000, lpProcName="ZwMapViewOfSection") returned 0x77db1330 [0258.791] GetProcAddress (hModule=0x77d40000, lpProcName="ZwUnmapViewOfSection") returned 0x77db1350 [0258.791] GetProcAddress (hModule=0x77d40000, lpProcName="ZwUnmapViewOfSectionEx") returned 0x77db2d70 [0258.791] GetProcAddress (hModule=0x77d40000, lpProcName="ZwReadFile") returned 0x77db10f0 [0258.791] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryInformationFile") returned 0x77db11a0 [0258.792] GetProcAddress (hModule=0x77d40000, lpProcName="ZwSetInformationFile") returned 0x77db1320 [0258.792] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryAttributesFile") returned 0x77db1480 [0258.792] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQuerySection") returned 0x77db15c0 [0258.792] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryFullAttributesFile") returned 0x77db2510 [0258.792] GetProcAddress (hModule=0x77d40000, lpProcName="ZwWriteFile") returned 0x77db1110 [0258.792] GetProcAddress (hModule=0x77d40000, lpProcName="ZwDeviceIoControlFile") returned 0x77db1100 [0258.792] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryObject") returned 0x77db1190 [0258.793] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryDirectoryFile") returned 0x77db1400 [0258.793] GetProcAddress (hModule=0x77d40000, lpProcName="ZwOpenSection") returned 0x77db1420 [0258.793] GetProcAddress (hModule=0x77d40000, lpProcName="ZwDuplicateObject") returned 0x77db1470 [0258.793] GetProcAddress (hModule=0x77d40000, lpProcName="ZwDeleteFile") returned 0x77db1dd0 [0258.793] GetProcAddress (hModule=0x77d40000, lpProcName="ZwLockFile") returned 0x77db2150 [0258.793] GetProcAddress (hModule=0x77d40000, lpProcName="ZwUnlockFile") returned 0x77db2d50 [0258.794] GetProcAddress (hModule=0x77d40000, lpProcName="ZwTerminateProcess") returned 0x77db1370 [0258.794] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryVolumeInformationFile") returned 0x77db1540 [0258.794] GetProcAddress (hModule=0x77d40000, lpProcName="ZwSetVolumeInformationFile") returned 0x77db2bd0 [0258.794] GetProcAddress (hModule=0x77d40000, lpProcName="ZwAccessCheck") returned 0x77db1090 [0258.794] GetProcAddress (hModule=0x77d40000, lpProcName="ZwExtendSection") returned 0x77db1ed0 [0258.794] GetProcAddress (hModule=0x77d40000, lpProcName="ZwFlushBuffersFile") returned 0x77db1560 [0258.795] GetProcAddress (hModule=0x77d40000, lpProcName="ZwFsControlFile") returned 0x77db1440 [0258.795] GetProcAddress (hModule=0x77d40000, lpProcName="ZwNotifyChangeDirectoryFile") returned 0x77db2220 [0258.795] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQuerySecurityObject") returned 0x77db2660 [0258.795] GetProcAddress (hModule=0x77d40000, lpProcName="ZwSetSecurityObject") returned 0x77db2b20 [0258.795] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateProcess") returned 0x77db1c40 [0258.795] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateProcessEx") returned 0x77db1580 [0258.796] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateUserProcess") returned 0x77db1d30 [0258.796] GetProcAddress (hModule=0x77d40000, lpProcName="ZwResumeThread") returned 0x77db15d0 [0258.796] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateThread") returned 0x77db1590 [0258.796] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryInformationProcess") returned 0x77db1220 [0258.796] GetProcAddress (hModule=0x77d40000, lpProcName="ZwOpenKey") returned 0x77db11b0 [0258.796] GetProcAddress (hModule=0x77d40000, lpProcName="ZwOpenKeyEx") returned 0x77db22b0 [0258.796] GetProcAddress (hModule=0x77d40000, lpProcName="ZwEnumerateValueKey") returned 0x77db11c0 [0258.797] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryKey") returned 0x77db11f0 [0258.797] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryValueKey") returned 0x77db1200 [0258.797] GetProcAddress (hModule=0x77d40000, lpProcName="ZwCreateKey") returned 0x77db1280 [0258.797] GetProcAddress (hModule=0x77d40000, lpProcName="ZwEnumerateKey") returned 0x77db13d0 [0258.797] GetProcAddress (hModule=0x77d40000, lpProcName="ZwSetValueKey") returned 0x77db16b0 [0258.797] GetProcAddress (hModule=0x77d40000, lpProcName="ZwDeleteKey") returned 0x77db1de0 [0258.798] GetProcAddress (hModule=0x77d40000, lpProcName="ZwDeleteValueKey") returned 0x77db1e10 [0258.798] GetProcAddress (hModule=0x77d40000, lpProcName="ZwFlushKey") returned 0x77db1f40 [0258.798] GetProcAddress (hModule=0x77d40000, lpProcName="ZwLoadKey") returned 0x77db2120 [0258.798] GetProcAddress (hModule=0x77d40000, lpProcName="ZwLoadKey2") returned 0x77db2130 [0258.798] GetProcAddress (hModule=0x77d40000, lpProcName="ZwNotifyChangeKey") returned 0x77db2240 [0258.798] GetProcAddress (hModule=0x77d40000, lpProcName="ZwQueryMultipleValueKey") returned 0x77db25f0 [0258.799] GetProcAddress (hModule=0x77d40000, lpProcName="ZwReplaceKey") returned 0x77db27f0 [0258.799] GetProcAddress (hModule=0x77d40000, lpProcName="ZwRestoreKey") returned 0x77db2850 [0258.799] GetProcAddress (hModule=0x77d40000, lpProcName="ZwSaveKey") returned 0x77db28d0 [0258.799] GetProcAddress (hModule=0x77d40000, lpProcName="ZwSetInformationKey") returned 0x77db2a30 [0258.799] GetProcAddress (hModule=0x77d40000, lpProcName="ZwUnloadKey") returned 0x77db2d20 [0258.799] VirtualFree (lpAddress=0x22b0000, dwSize=0x1000, dwFreeType=0x4000) returned 1 [0258.853] SysReAllocStringLen (in: pbstr=0x1668dc*=0x0, psz="tcpsvcs.exe", len=0xb | out: pbstr=0x1668dc*="tcpsvcs.exe") returned 1 [0258.853] SysReAllocStringLen (in: pbstr=0x1668d8*=0x0, psz="ntvdm.exe", len=0x9 | out: pbstr=0x1668d8*="ntvdm.exe") returned 1 [0258.853] SysReAllocStringLen (in: pbstr=0x1668d4*=0x0, psz="dllhost.exe", len=0xb | out: pbstr=0x1668d4*="dllhost.exe") returned 1 [0258.853] SysReAllocStringLen (in: pbstr=0x1668d0*=0x0, psz="replace.exe", len=0xb | out: pbstr=0x1668d0*="replace.exe") returned 1 [0258.853] SysReAllocStringLen (in: pbstr=0x1668cc*=0x0, psz="regsvr32.exe", len=0xc | out: pbstr=0x1668cc*="regsvr32.exe") returned 1 [0258.853] SysReAllocStringLen (in: pbstr=0x1668c8*=0x0, psz="winver.exe", len=0xa | out: pbstr=0x1668c8*="winver.exe") returned 1 [0258.853] SysReAllocStringLen (in: pbstr=0x1668c4*=0x0, psz="help.exe", len=0x8 | out: pbstr=0x1668c4*="help.exe") returned 1 [0258.853] SysReAllocStringLen (in: pbstr=0x1668c0*=0x0, psz="find.exe", len=0x8 | out: pbstr=0x1668c0*="find.exe") returned 1 [0258.853] SysReAllocStringLen (in: pbstr=0x1668bc*=0x0, psz="compact.exe", len=0xb | out: pbstr=0x1668bc*="compact.exe") returned 1 [0258.853] SysReAllocStringLen (in: pbstr=0x1668b8*=0x0, psz="chkdsk.exe", len=0xa | out: pbstr=0x1668b8*="chkdsk.exe") returned 1 [0258.853] SysReAllocStringLen (in: pbstr=0x1668b4*=0x0, psz="attrib.exe", len=0xa | out: pbstr=0x1668b4*="attrib.exe") returned 1 [0258.853] SysReAllocStringLen (in: pbstr=0x1668b0*=0x0, psz="write.exe", len=0x9 | out: pbstr=0x1668b0*="write.exe") returned 1 [0258.853] SysReAllocStringLen (in: pbstr=0x1668ac*=0x0, psz="hh.exe", len=0x6 | out: pbstr=0x1668ac*="hh.exe") returned 1 [0258.853] QueryPerformanceCounter (in: lpPerformanceCount=0x73feb4 | out: lpPerformanceCount=0x73feb4*=2722660641655) returned 1 [0258.950] HeapCreate (flOptions=0x0, dwInitialSize=0x88000, dwMaximumSize=0x88000) returned 0x2940000 [0258.952] RtlAllocateHeap (HeapHandle=0x2940000, Flags=0x0, Size=0x10000) returned 0x29404b0 [0258.952] RtlAllocateHeap (HeapHandle=0x2940000, Flags=0x0, Size=0x10000) returned 0x29504b8 [0258.952] RtlAllocateHeap (HeapHandle=0x2940000, Flags=0x0, Size=0x10000) returned 0x29604c0 [0258.952] RtlAllocateHeap (HeapHandle=0x2940000, Flags=0x0, Size=0x10000) returned 0x29704c8 [0258.952] RtlAllocateHeap (HeapHandle=0x2940000, Flags=0x0, Size=0x10000) returned 0x29804d0 [0258.953] RtlAllocateHeap (HeapHandle=0x2940000, Flags=0x0, Size=0x10000) returned 0x29904d8 [0258.953] RtlAllocateHeap (HeapHandle=0x2940000, Flags=0x0, Size=0x10000) returned 0x29a04e0 [0258.953] RtlAllocateHeap (HeapHandle=0x2940000, Flags=0x0, Size=0x10000) returned 0x29b04e8 [0259.062] ReleaseDC (hWnd=0x0, hDC=0x120108c2) returned 1 [0259.062] LoadStringA (in: hInstance=0x44000, uID=0xfeea, lpBuffer=0x73fa98, cchBufferMax=1024 | out: lpBuffer="JPEG Image File") returned 0xf [0259.273] LoadStringA (in: hInstance=0x44000, uID=0xff43, lpBuffer=0x73fa38, cchBufferMax=1024 | out: lpBuffer="Metafiles") returned 0x9 [0259.273] CharLowerBuffA (in: lpsz="wmf", cchLength=0x3 | out: lpsz="wmf") returned 0x3 [0259.273] LoadStringA (in: hInstance=0x44000, uID=0xff44, lpBuffer=0x73fa38, cchBufferMax=1024 | out: lpBuffer="Enhanced Metafiles") returned 0x12 [0259.273] CharLowerBuffA (in: lpsz="emf", cchLength=0x3 | out: lpsz="emf") returned 0x3 [0259.273] LoadStringA (in: hInstance=0x44000, uID=0xff45, lpBuffer=0x73fa38, cchBufferMax=1024 | out: lpBuffer="Icons") returned 0x5 [0259.274] CharLowerBuffA (in: lpsz="ico", cchLength=0x3 | out: lpsz="ico") returned 0x3 [0259.274] LoadStringA (in: hInstance=0x44000, uID=0xff46, lpBuffer=0x73fa38, cchBufferMax=1024 | out: lpBuffer="Bitmaps") returned 0x7 [0259.274] CharLowerBuffA (in: lpsz="bmp", cchLength=0x3 | out: lpsz="bmp") returned 0x3 [0259.274] CharLowerBuffA (in: lpsz="jpeg", cchLength=0x4 | out: lpsz="jpeg") returned 0x4 [0259.274] LoadStringA (in: hInstance=0x44000, uID=0xfeea, lpBuffer=0x73fa98, cchBufferMax=1024 | out: lpBuffer="JPEG Image File") returned 0xf [0259.274] CharLowerBuffA (in: lpsz="jpg", cchLength=0x3 | out: lpsz="jpg") returned 0x3 [0259.437] CharLowerBuffA (in: lpsz="PNG", cchLength=0x3 | out: lpsz="png") returned 0x3 [0259.929] VirtualAlloc (lpAddress=0x2524000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0x2524000 [0260.076] GetModuleFileNameW (in: hModule=0x20000, lpFilename=0x921504, nSize=0x104 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0260.077] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x104, lpBuffer=0x73facc, lpFilePart=0x73fac8 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x73fac8*="gesf.exe") returned 0x35 [0260.077] SysReAllocStringLen (in: pbstr=0x2522784*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x35 | out: pbstr=0x2522784*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0260.077] SysReAllocStringLen (in: pbstr=0x73fdb0*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x35 | out: pbstr=0x73fdb0*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0260.096] GetThreadLocale () returned 0x409 [0260.096] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.099] GetThreadLocale () returned 0x409 [0260.099] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.099] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x73fa78*="gesf.exe") returned 0x35 [0260.099] SysReAllocStringLen (in: pbstr=0x73fdb0*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x35 | out: pbstr=0x73fdb0*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0260.101] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x104, lpBuffer=0x73f7c4, lpFilePart=0x73f7c0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x73f7c0*="gesf.exe") returned 0x35 [0260.101] SysReAllocStringLen (in: pbstr=0x73fa04*=0x0, psz="C:", len=0x2 | out: pbstr=0x73fa04*="C:") returned 1 [0260.101] SysReAllocStringLen (in: pbstr=0x73f9c0*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f9c0*="C:\\") returned 1 [0260.101] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.101] SysReAllocStringLen (in: pbstr=0x73f9bc*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2d | out: pbstr=0x73f9bc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0260.101] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", cchLength=0x2d | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\") returned 0x2d [0260.101] SetLastError (dwErrCode=0x0) [0260.101] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\", cchCount1=45, lpString2="c:\\", cchCount2=3) returned 3 [0260.101] GetLastError () returned 0x0 [0260.101] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73fa28 | out: lpFindFileData=0x73fa28*(dwFileAttributes=0x900000, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x70, ftLastAccessTime.dwLowDateTime=0x73fa4c, ftLastAccessTime.dwHighDateTime=0x76cbfaff, ftLastWriteTime.dwLowDateTime=0x77a1fec4, ftLastWriteTime.dwHighDateTime=0x910314, nFileSizeHigh=0x6a, nFileSizeLow=0x76cbf9bc, dwReserved0=0x910314, dwReserved1=0x73fa7c, cFileName="j", cAlternateFileName="̔\x91j")) returned 0xffffffff [0260.102] GetLastError () returned 0x2 [0260.102] SysReAllocStringLen (in: pbstr=0x73f9fc*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2d | out: pbstr=0x73f9fc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0260.102] SysReAllocStringLen (in: pbstr=0x73fc80*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", len=0x2c | out: pbstr=0x73fc80*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0260.102] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", nBufferLength=0x104, lpBuffer=0x73f50c, lpFilePart=0x73f508 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", lpFilePart=0x73f508*="RarSFX1") returned 0x2c [0260.102] SysReAllocStringLen (in: pbstr=0x73f74c*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f74c*="C:") returned 1 [0260.102] SysReAllocStringLen (in: pbstr=0x73f708*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f708*="C:\\") returned 1 [0260.102] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.102] SysReAllocStringLen (in: pbstr=0x73f704*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73f704*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0260.102] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", cchLength=0x25 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\") returned 0x25 [0260.102] SetLastError (dwErrCode=0x0) [0260.102] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\", cchCount1=37, lpString2="c:\\", cchCount2=3) returned 3 [0260.102] GetLastError () returned 0x0 [0260.102] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73f770 | out: lpFindFileData=0x73f770*(dwFileAttributes=0x900000, ftCreationTime.dwLowDateTime=0xffffffe0, ftCreationTime.dwHighDateTime=0x907b22, ftLastAccessTime.dwLowDateTime=0xffffff30, ftLastAccessTime.dwHighDateTime=0xd, ftLastWriteTime.dwLowDateTime=0xffffffed, ftLastWriteTime.dwHighDateTime=0x1e, nFileSizeHigh=0xffffff43, nFileSizeLow=0x20, dwReserved0=0xffffffc0, dwReserved1=0x912d40, cFileName="j", cAlternateFileName="ⵄ\x91X")) returned 0xffffffff [0260.103] GetLastError () returned 0x2 [0260.103] SysReAllocStringLen (in: pbstr=0x73f744*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73f744*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0260.103] SysReAllocStringLen (in: pbstr=0x73f9c8*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", len=0x24 | out: pbstr=0x73f9c8*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp") returned 1 [0260.103] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x73f254, lpFilePart=0x73f250 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", lpFilePart=0x73f250*="Temp") returned 0x24 [0260.103] SysReAllocStringLen (in: pbstr=0x73f494*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f494*="C:") returned 1 [0260.103] SysReAllocStringLen (in: pbstr=0x73f450*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f450*="C:\\") returned 1 [0260.103] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.103] SysReAllocStringLen (in: pbstr=0x73f44c*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73f44c*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0260.103] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\") returned 0x20 [0260.103] SetLastError (dwErrCode=0x0) [0260.103] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0260.103] GetLastError () returned 0x0 [0260.103] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73f4b8 | out: lpFindFileData=0x73f4b8*(dwFileAttributes=0x73f4fc, ftCreationTime.dwLowDateTime=0x71302, ftCreationTime.dwHighDateTime=0x907b1e, ftLastAccessTime.dwLowDateTime=0xffffff38, ftLastAccessTime.dwHighDateTime=0x15, ftLastWriteTime.dwLowDateTime=0xffffffb3, ftLastWriteTime.dwHighDateTime=0x60, nFileSizeHigh=0xffffff85, nFileSizeLow=0x62, dwReserved0=0xffffff90, dwReserved1=0x91e6e0, cFileName="ʔ\x90\x09", cAlternateFileName="\x91H")) returned 0xffffffff [0260.104] GetLastError () returned 0x2 [0260.104] SysReAllocStringLen (in: pbstr=0x73f48c*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73f48c*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0260.104] SysReAllocStringLen (in: pbstr=0x73f710*="C:\\Users\\OQXZRA~1\\AppData\\Local\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local", len=0x1f | out: pbstr=0x73f710*="C:\\Users\\OQXZRA~1\\AppData\\Local") returned 1 [0260.104] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x73ef9c, lpFilePart=0x73ef98 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local", lpFilePart=0x73ef98*="Local") returned 0x1f [0260.104] SysReAllocStringLen (in: pbstr=0x73f1dc*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f1dc*="C:") returned 1 [0260.104] SysReAllocStringLen (in: pbstr=0x73f198*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f198*="C:\\") returned 1 [0260.104] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.104] SysReAllocStringLen (in: pbstr=0x73f194*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73f194*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0260.104] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\oqxzra~1\\appdata\\") returned 0x1a [0260.104] SetLastError (dwErrCode=0x0) [0260.104] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0260.104] GetLastError () returned 0x0 [0260.104] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73f200 | out: lpFindFileData=0x73f200*(dwFileAttributes=0x73f244, ftCreationTime.dwLowDateTime=0x71302, ftCreationTime.dwHighDateTime=0x907b1e, ftLastAccessTime.dwLowDateTime=0xffffff7a, ftLastAccessTime.dwHighDateTime=0x57, ftLastWriteTime.dwLowDateTime=0xffffff85, ftLastWriteTime.dwHighDateTime=0x3f, nFileSizeHigh=0xffffff64, nFileSizeLow=0x41, dwReserved0=0xffffff6f, dwReserved1=0x91e7e8, cFileName="譄\x90\x09", cAlternateFileName="\x91>")) returned 0xffffffff [0260.105] GetLastError () returned 0x2 [0260.105] SysReAllocStringLen (in: pbstr=0x73f1d4*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73f1d4*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0260.105] SysReAllocStringLen (in: pbstr=0x73f458*="C:\\Users\\OQXZRA~1\\AppData\\", psz="C:\\Users\\OQXZRA~1\\AppData", len=0x19 | out: pbstr=0x73f458*="C:\\Users\\OQXZRA~1\\AppData") returned 1 [0260.105] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData", nBufferLength=0x104, lpBuffer=0x73ece4, lpFilePart=0x73ece0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData", lpFilePart=0x73ece0*="AppData") returned 0x19 [0260.105] SysReAllocStringLen (in: pbstr=0x73ef24*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ef24*="C:") returned 1 [0260.105] SysReAllocStringLen (in: pbstr=0x73eee0*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73eee0*="C:\\") returned 1 [0260.105] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.105] SysReAllocStringLen (in: pbstr=0x73eedc*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73eedc*="C:\\Users\\OQXZRA~1\\") returned 1 [0260.105] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\", cchLength=0x12 | out: lpsz="c:\\users\\oqxzra~1\\") returned 0x12 [0260.105] SetLastError (dwErrCode=0x0) [0260.105] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0260.105] GetLastError () returned 0x0 [0260.105] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73ef48 | out: lpFindFileData=0x73ef48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x90b1f8, ftLastAccessTime.dwLowDateTime=0x35, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x2c002a, ftLastWriteTime.dwHighDateTime=0x9248e8, nFileSizeHigh=0x925800, nFileSizeLow=0x90b1e8, dwReserved0=0x900000, dwReserved1=0x73ef94, cFileName="s蚆矘\n", cAlternateFileName="双\x922")) returned 0xffffffff [0260.106] GetLastError () returned 0x2 [0260.106] SysReAllocStringLen (in: pbstr=0x73ef1c*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73ef1c*="C:\\Users\\OQXZRA~1\\") returned 1 [0260.106] SysReAllocStringLen (in: pbstr=0x73f1a0*="C:\\Users\\OQXZRA~1\\", psz="C:\\Users\\OQXZRA~1", len=0x11 | out: pbstr=0x73f1a0*="C:\\Users\\OQXZRA~1") returned 1 [0260.106] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1", nBufferLength=0x104, lpBuffer=0x73ea2c, lpFilePart=0x73ea28 | out: lpBuffer="C:\\Users\\OQXZRA~1", lpFilePart=0x73ea28*="OQXZRA~1") returned 0x11 [0260.106] SysReAllocStringLen (in: pbstr=0x73ec6c*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ec6c*="C:") returned 1 [0260.106] SysReAllocStringLen (in: pbstr=0x73ec28*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ec28*="C:\\") returned 1 [0260.106] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.106] SysReAllocStringLen (in: pbstr=0x73ec24*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73ec24*="C:\\Users\\") returned 1 [0260.106] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0260.106] SetLastError (dwErrCode=0x0) [0260.106] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0260.106] GetLastError () returned 0x0 [0260.106] FindFirstFileW (in: lpFileName="C:\\Users\\" (normalized: "c:\\users"), lpFindFileData=0x73ec90 | out: lpFindFileData=0x73ec90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x9203c8, ftLastAccessTime.dwLowDateTime=0x1c, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x1e0005, ftLastWriteTime.dwHighDateTime=0x9260f8, nFileSizeHigh=0x926748, nFileSizeLow=0x9203b8, dwReserved0=0x900000, dwReserved1=0x73ecdc, cFileName="s蚆矘\n", cAlternateFileName="朔\x92\"")) returned 0xffffffff [0260.107] GetLastError () returned 0x2 [0260.107] SysReAllocStringLen (in: pbstr=0x73ec64*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73ec64*="C:\\Users\\") returned 1 [0260.107] SysReAllocStringLen (in: pbstr=0x73eee8*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x73eee8*="C:\\Users") returned 1 [0260.107] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x73e774, lpFilePart=0x73e770 | out: lpBuffer="C:\\Users", lpFilePart=0x73e770*="Users") returned 0x8 [0260.107] SysReAllocStringLen (in: pbstr=0x73e9b4*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e9b4*="C:") returned 1 [0260.107] SysReAllocStringLen (in: pbstr=0x73e970*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e970*="C:\\") returned 1 [0260.107] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.107] SysReAllocStringLen (in: pbstr=0x73e96c*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e96c*="C:\\") returned 1 [0260.107] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.107] SetLastError (dwErrCode=0x0) [0260.107] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0260.107] GetLastError () returned 0x0 [0260.107] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x73e9d8 | out: lpFindFileData=0x73e9d8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x29a50bc2, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73ea24, cFileName="Users", cAlternateFileName="")) returned 0x91dcf0 [0260.108] FileTimeToLocalFileTime (in: lpFileTime=0x73e9ec, lpLocalFileTime=0x73e95c | out: lpLocalFileTime=0x73e95c) returned 1 [0260.108] FileTimeToDosDateTime (in: lpFileTime=0x73e95c, lpFatDate=0x73e9ba, lpFatTime=0x73e9b8 | out: lpFatDate=0x73e9ba, lpFatTime=0x73e9b8) returned 1 [0260.108] FindClose (in: hFindFile=0x91dcf0 | out: hFindFile=0x91dcf0) returned 1 [0260.108] SysReAllocStringLen (in: pbstr=0x73eee8*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x73eee8*="C:\\Users") returned 1 [0260.108] SysReAllocStringLen (in: pbstr=0x73ec5c*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x73ec5c*="C:\\Users") returned 1 [0260.108] SysReAllocStringLen (in: pbstr=0x73eee8*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x73eee8*="C:\\Users\\") returned 1 [0260.108] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73ec90 | out: lpFindFileData=0x73ec90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29c66c9e, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73ecdc, cFileName="OqXZRaykm", cAlternateFileName="OQXZRA~1")) returned 0x91d930 [0260.108] FileTimeToLocalFileTime (in: lpFileTime=0x73eca4, lpLocalFileTime=0x73ec14 | out: lpLocalFileTime=0x73ec14) returned 1 [0260.108] FileTimeToDosDateTime (in: lpFileTime=0x73ec14, lpFatDate=0x73ec72, lpFatTime=0x73ec70 | out: lpFatDate=0x73ec72, lpFatTime=0x73ec70) returned 1 [0260.109] FindClose (in: hFindFile=0x91d930 | out: hFindFile=0x91d930) returned 1 [0260.109] SysReAllocStringLen (in: pbstr=0x73f1a0*="C:\\Users\\OQXZRA~1", psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73f1a0*="C:\\Users\\OqXZRaykm") returned 1 [0260.109] SysReAllocStringLen (in: pbstr=0x73ef14*=0x0, psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73ef14*="C:\\Users\\OqXZRaykm") returned 1 [0260.109] SysReAllocStringLen (in: pbstr=0x73f1a0*="C:\\Users\\OqXZRaykm", psz="C:\\Users\\OqXZRaykm\\", len=0x13 | out: pbstr=0x73f1a0*="C:\\Users\\OqXZRaykm\\") returned 1 [0260.109] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73ef48 | out: lpFindFileData=0x73ef48*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29de43c9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73ef94, cFileName="AppData", cAlternateFileName="")) returned 0x91dd70 [0260.109] FileTimeToLocalFileTime (in: lpFileTime=0x73ef5c, lpLocalFileTime=0x73eecc | out: lpLocalFileTime=0x73eecc) returned 1 [0260.109] FileTimeToDosDateTime (in: lpFileTime=0x73eecc, lpFatDate=0x73ef2a, lpFatTime=0x73ef28 | out: lpFatDate=0x73ef2a, lpFatTime=0x73ef28) returned 1 [0260.109] FindClose (in: hFindFile=0x91dd70 | out: hFindFile=0x91dd70) returned 1 [0260.110] SysReAllocStringLen (in: pbstr=0x73f458*="C:\\Users\\OQXZRA~1\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73f458*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0260.110] SysReAllocStringLen (in: pbstr=0x73f1cc*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73f1cc*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0260.110] SysReAllocStringLen (in: pbstr=0x73f458*="C:\\Users\\OqXZRaykm\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData\\", len=0x1b | out: pbstr=0x73f458*="C:\\Users\\OqXZRaykm\\AppData\\") returned 1 [0260.110] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73f200 | out: lpFindFileData=0x73f200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2deab81f, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7e8773d3, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xffffff6f, dwReserved1=0x91e7e8, cFileName="Local", cAlternateFileName="")) returned 0x91db70 [0260.110] FileTimeToLocalFileTime (in: lpFileTime=0x73f214, lpLocalFileTime=0x73f184 | out: lpLocalFileTime=0x73f184) returned 1 [0260.110] FileTimeToDosDateTime (in: lpFileTime=0x73f184, lpFatDate=0x73f1e2, lpFatTime=0x73f1e0 | out: lpFatDate=0x73f1e2, lpFatTime=0x73f1e0) returned 1 [0260.110] FindClose (in: hFindFile=0x91db70 | out: hFindFile=0x91db70) returned 1 [0260.111] SysReAllocStringLen (in: pbstr=0x73f710*="C:\\Users\\OQXZRA~1\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73f710*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0260.111] SysReAllocStringLen (in: pbstr=0x73f484*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73f484*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0260.111] SysReAllocStringLen (in: pbstr=0x73f710*="C:\\Users\\OqXZRaykm\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\", len=0x21 | out: pbstr=0x73f710*="C:\\Users\\OqXZRaykm\\AppData\\Local\\") returned 1 [0260.111] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73f4b8 | out: lpFindFileData=0x73f4b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6d556de9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d556de9, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xffffff90, dwReserved1=0x91e6e0, cFileName="Temp", cAlternateFileName="")) returned 0x91deb0 [0260.111] FileTimeToLocalFileTime (in: lpFileTime=0x73f4cc, lpLocalFileTime=0x73f43c | out: lpLocalFileTime=0x73f43c) returned 1 [0260.111] FileTimeToDosDateTime (in: lpFileTime=0x73f43c, lpFatDate=0x73f49a, lpFatTime=0x73f498 | out: lpFatDate=0x73f49a, lpFatTime=0x73f498) returned 1 [0260.111] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0260.111] SysReAllocStringLen (in: pbstr=0x73f9c8*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73f9c8*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0260.111] SysReAllocStringLen (in: pbstr=0x73f73c*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73f73c*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0260.111] SysReAllocStringLen (in: pbstr=0x73f9c8*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\", len=0x26 | out: pbstr=0x73f9c8*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\") returned 1 [0260.112] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73f770 | out: lpFindFileData=0x73f770*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6d556de9, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x6d7469be, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d7469be, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xffffffc0, dwReserved1=0x912d40, cFileName="RarSFX1", cAlternateFileName="")) returned 0x91deb0 [0260.112] FileTimeToLocalFileTime (in: lpFileTime=0x73f784, lpLocalFileTime=0x73f6f4 | out: lpLocalFileTime=0x73f6f4) returned 1 [0260.112] FileTimeToDosDateTime (in: lpFileTime=0x73f6f4, lpFatDate=0x73f752, lpFatTime=0x73f750 | out: lpFatDate=0x73f752, lpFatTime=0x73f750) returned 1 [0260.112] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0260.112] SysReAllocStringLen (in: pbstr=0x73fc80*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73fc80*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0260.112] SysReAllocStringLen (in: pbstr=0x73f9f4*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73f9f4*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0260.112] SysReAllocStringLen (in: pbstr=0x73fc80*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2e | out: pbstr=0x73fc80*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0260.112] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe"), lpFindFileData=0x73fa28 | out: lpFindFileData=0x73fa28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d7469be, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x6d805560, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xe5e7750c, ftLastWriteTime.dwHighDateTime=0x1da8528, nFileSizeHigh=0x0, nFileSizeLow=0x11bc00, dwReserved0=0x910314, dwReserved1=0x73fa7c, cFileName="gesf.exe", cAlternateFileName="")) returned 0x91dd30 [0260.113] FileTimeToLocalFileTime (in: lpFileTime=0x73fa3c, lpLocalFileTime=0x73f9ac | out: lpLocalFileTime=0x73f9ac) returned 1 [0260.113] FileTimeToDosDateTime (in: lpFileTime=0x73f9ac, lpFatDate=0x73fa0a, lpFatTime=0x73fa08 | out: lpFatDate=0x73fa0a, lpFatTime=0x73fa08) returned 1 [0260.113] FindClose (in: hFindFile=0x91dd30 | out: hFindFile=0x91dd30) returned 1 [0260.113] SysReAllocStringLen (in: pbstr=0x73fdb0*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x36 | out: pbstr=0x73fdb0*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0260.113] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x36 | out: pbstr=0x73fca8*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0260.113] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", cchLength=0x36 | out: lpsz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe") returned 0x36 [0260.113] SysReAllocStringLen (in: pbstr=0x73fdb0*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe", len=0x36 | out: pbstr=0x73fdb0*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe") returned 1 [0260.113] SysReAllocStringLen (in: pbstr=0x2522784*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe", len=0x36 | out: pbstr=0x2522784*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe") returned 1 [0260.113] SysReAllocStringLen (in: pbstr=0x2522794*=0x0, psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", len=0x2e | out: pbstr=0x2522794*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\") returned 1 [0260.113] SysReAllocStringLen (in: pbstr=0x73fda4*=0x0, psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", len=0x2e | out: pbstr=0x73fda4*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\") returned 1 [0260.114] SysReAllocStringLen (in: pbstr=0x73fda8*=0x0, psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", len=0x2e | out: pbstr=0x73fda8*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\") returned 1 [0260.114] GetThreadLocale () returned 0x409 [0260.114] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.114] GetThreadLocale () returned 0x409 [0260.114] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.114] GetFullPathNameW (in: lpFileName="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", lpFilePart=0x73fa78*=0x0) returned 0x2e [0260.114] SysReAllocStringLen (in: pbstr=0x73fda8*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", len=0x2e | out: pbstr=0x73fda8*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\") returned 1 [0260.114] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", len=0x2e | out: pbstr=0x73fca8*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\") returned 1 [0260.114] CharLowerBuffW (in: lpsz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", cchLength=0x2e | out: lpsz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\") returned 0x2e [0260.114] SysReAllocStringLen (in: pbstr=0x73fda8*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", len=0x2e | out: pbstr=0x73fda8*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\") returned 1 [0260.114] SysReAllocStringLen (in: pbstr=0x2522794*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\", len=0x2e | out: pbstr=0x2522794*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\") returned 1 [0260.114] VirtualAlloc (lpAddress=0x2534000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x40) returned 0x2534000 [0260.167] GetSystemDirectoryW (in: lpBuffer=0x2531d8c, uSize=0xfffe | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0260.167] SysReAllocStringLen (in: pbstr=0x73fd9c*=0x0, psz="C:\\Windows\\system32", len=0x13 | out: pbstr=0x73fd9c*="C:\\Windows\\system32") returned 1 [0260.167] SysReAllocStringLen (in: pbstr=0x73fda0*=0x0, psz="C:\\Windows\\system32\\", len=0x14 | out: pbstr=0x73fda0*="C:\\Windows\\system32\\") returned 1 [0260.167] GetThreadLocale () returned 0x409 [0260.167] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\system32\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.167] GetThreadLocale () returned 0x409 [0260.167] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\system32\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\Windows\\system32\\", lpFilePart=0x73fa78*=0x0) returned 0x14 [0260.168] SysReAllocStringLen (in: pbstr=0x73fda0*="C:\\Windows\\system32\\", psz="C:\\Windows\\system32\\", len=0x14 | out: pbstr=0x73fda0*="C:\\Windows\\system32\\") returned 1 [0260.168] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\Windows\\system32\\", len=0x14 | out: pbstr=0x73fca8*="C:\\Windows\\system32\\") returned 1 [0260.168] CharLowerBuffW (in: lpsz="C:\\Windows\\system32\\", cchLength=0x14 | out: lpsz="c:\\windows\\system32\\") returned 0x14 [0260.168] SysReAllocStringLen (in: pbstr=0x73fda0*="C:\\Windows\\system32\\", psz="c:\\windows\\system32\\", len=0x14 | out: pbstr=0x73fda0*="c:\\windows\\system32\\") returned 1 [0260.192] SysReAllocStringLen (in: pbstr=0x2522790*=0x0, psz="c:\\windows\\system32\\", len=0x14 | out: pbstr=0x2522790*="c:\\windows\\system32\\") returned 1 [0260.192] GetTempPathW (in: nBufferLength=0xfffe, lpBuffer=0x2531d8c | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 0x25 [0260.192] SysReAllocStringLen (in: pbstr=0x73fd90*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73fd90*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0260.192] SysReAllocStringLen (in: pbstr=0x73fd94*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73fd94*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0260.192] GetThreadLocale () returned 0x409 [0260.192] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.192] GetThreadLocale () returned 0x409 [0260.192] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.192] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", lpFilePart=0x73fa78*=0x0) returned 0x25 [0260.193] SysReAllocStringLen (in: pbstr=0x73fd94*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73fd94*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0260.193] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", nBufferLength=0x104, lpBuffer=0x73f7c4, lpFilePart=0x73f7c0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", lpFilePart=0x73f7c0*=0x0) returned 0x25 [0260.193] SysReAllocStringLen (in: pbstr=0x73fa04*=0x0, psz="C:", len=0x2 | out: pbstr=0x73fa04*="C:") returned 1 [0260.193] SysReAllocStringLen (in: pbstr=0x73f9c0*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f9c0*="C:\\") returned 1 [0260.193] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.193] SysReAllocStringLen (in: pbstr=0x73f9bc*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73f9bc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0260.193] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", cchLength=0x25 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\") returned 0x25 [0260.193] SetLastError (dwErrCode=0x0) [0260.193] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\", cchCount1=37, lpString2="c:\\", cchCount2=3) returned 3 [0260.193] GetLastError () returned 0x0 [0260.193] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73fa28 | out: lpFindFileData=0x73fa28*(dwFileAttributes=0x900000, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x50, ftLastAccessTime.dwLowDateTime=0x73fa4c, ftLastAccessTime.dwHighDateTime=0x76cbfaff, ftLastWriteTime.dwLowDateTime=0x77a1fec4, ftLastWriteTime.dwHighDateTime=0x91f2e4, nFileSizeHigh=0x4a, nFileSizeLow=0x76cbf9bc, dwReserved0=0x91f2e4, dwReserved1=0x73fa7c, cFileName="J", cAlternateFileName="\x91J")) returned 0xffffffff [0260.194] GetLastError () returned 0x2 [0260.194] SysReAllocStringLen (in: pbstr=0x73f9fc*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73f9fc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0260.194] SysReAllocStringLen (in: pbstr=0x73fc80*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", len=0x24 | out: pbstr=0x73fc80*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp") returned 1 [0260.194] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x73f50c, lpFilePart=0x73f508 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", lpFilePart=0x73f508*="Temp") returned 0x24 [0260.194] SysReAllocStringLen (in: pbstr=0x73f74c*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f74c*="C:") returned 1 [0260.194] SysReAllocStringLen (in: pbstr=0x73f708*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f708*="C:\\") returned 1 [0260.195] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.195] SysReAllocStringLen (in: pbstr=0x73f704*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73f704*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0260.195] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\") returned 0x20 [0260.195] SetLastError (dwErrCode=0x0) [0260.195] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0260.195] GetLastError () returned 0x0 [0260.195] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73f770 | out: lpFindFileData=0x73f770*(dwFileAttributes=0x900000, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x907b1e, ftLastAccessTime.dwLowDateTime=0xfffffdde, ftLastAccessTime.dwHighDateTime=0xf, ftLastWriteTime.dwLowDateTime=0xffffffee, ftLastWriteTime.dwHighDateTime=0x1f, nFileSizeHigh=0xfffffdf0, nFileSizeLow=0x21, dwReserved0=0xfffffffc, dwReserved1=0x91e6e0, cFileName="ʔ\x90\x09", cAlternateFileName="\x91H")) returned 0xffffffff [0260.195] GetLastError () returned 0x2 [0260.195] SysReAllocStringLen (in: pbstr=0x73f744*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73f744*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0260.195] SysReAllocStringLen (in: pbstr=0x73f9c8*="C:\\Users\\OQXZRA~1\\AppData\\Local\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local", len=0x1f | out: pbstr=0x73f9c8*="C:\\Users\\OQXZRA~1\\AppData\\Local") returned 1 [0260.195] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x73f254, lpFilePart=0x73f250 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local", lpFilePart=0x73f250*="Local") returned 0x1f [0260.196] SysReAllocStringLen (in: pbstr=0x73f494*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f494*="C:") returned 1 [0260.196] SysReAllocStringLen (in: pbstr=0x73f450*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f450*="C:\\") returned 1 [0260.196] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.196] SysReAllocStringLen (in: pbstr=0x73f44c*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73f44c*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0260.196] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\oqxzra~1\\appdata\\") returned 0x1a [0260.196] SetLastError (dwErrCode=0x0) [0260.196] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0260.196] GetLastError () returned 0x0 [0260.196] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73f4b8 | out: lpFindFileData=0x73f4b8*(dwFileAttributes=0x73f4fc, ftCreationTime.dwLowDateTime=0x71302, ftCreationTime.dwHighDateTime=0x907b1e, ftLastAccessTime.dwLowDateTime=0xfffffde5, ftLastAccessTime.dwHighDateTime=0x16, ftLastWriteTime.dwLowDateTime=0xfffffff1, ftLastWriteTime.dwHighDateTime=0x91e738, nFileSizeHigh=0x73f510, nFileSizeLow=0x0, dwReserved0=0xfffffdda, dwReserved1=0xb, cFileName="ʘ\x90s\x91", cAlternateFileName="\x91>")) returned 0xffffffff [0260.196] GetLastError () returned 0x2 [0260.196] SysReAllocStringLen (in: pbstr=0x73f48c*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73f48c*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0260.196] SysReAllocStringLen (in: pbstr=0x73f710*="C:\\Users\\OQXZRA~1\\AppData\\", psz="C:\\Users\\OQXZRA~1\\AppData", len=0x19 | out: pbstr=0x73f710*="C:\\Users\\OQXZRA~1\\AppData") returned 1 [0260.196] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData", nBufferLength=0x104, lpBuffer=0x73ef9c, lpFilePart=0x73ef98 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData", lpFilePart=0x73ef98*="AppData") returned 0x19 [0260.197] SysReAllocStringLen (in: pbstr=0x73f1dc*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f1dc*="C:") returned 1 [0260.197] SysReAllocStringLen (in: pbstr=0x73f198*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f198*="C:\\") returned 1 [0260.197] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.197] SysReAllocStringLen (in: pbstr=0x73f194*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73f194*="C:\\Users\\OQXZRA~1\\") returned 1 [0260.197] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\", cchLength=0x12 | out: lpsz="c:\\users\\oqxzra~1\\") returned 0x12 [0260.197] SetLastError (dwErrCode=0x0) [0260.197] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0260.197] GetLastError () returned 0x0 [0260.197] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73f200 | out: lpFindFileData=0x73f200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x90b1f8, ftLastAccessTime.dwLowDateTime=0x33, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x360028, ftLastWriteTime.dwHighDateTime=0x9248e8, nFileSizeHigh=0x925770, nFileSizeLow=0x90b1e8, dwReserved0=0x900000, dwReserved1=0x73f24c, cFileName="s蚆矘\n", cAlternateFileName="哬\x922")) returned 0xffffffff [0260.197] GetLastError () returned 0x2 [0260.197] SysReAllocStringLen (in: pbstr=0x73f1d4*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73f1d4*="C:\\Users\\OQXZRA~1\\") returned 1 [0260.197] SysReAllocStringLen (in: pbstr=0x73f458*="C:\\Users\\OQXZRA~1\\", psz="C:\\Users\\OQXZRA~1", len=0x11 | out: pbstr=0x73f458*="C:\\Users\\OQXZRA~1") returned 1 [0260.197] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1", nBufferLength=0x104, lpBuffer=0x73ece4, lpFilePart=0x73ece0 | out: lpBuffer="C:\\Users\\OQXZRA~1", lpFilePart=0x73ece0*="OQXZRA~1") returned 0x11 [0260.198] SysReAllocStringLen (in: pbstr=0x73ef24*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ef24*="C:") returned 1 [0260.198] SysReAllocStringLen (in: pbstr=0x73eee0*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73eee0*="C:\\") returned 1 [0260.198] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.198] SysReAllocStringLen (in: pbstr=0x73eedc*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73eedc*="C:\\Users\\") returned 1 [0260.198] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0260.198] SetLastError (dwErrCode=0x0) [0260.198] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0260.198] GetLastError () returned 0x0 [0260.198] FindFirstFileW (in: lpFileName="C:\\Users\\" (normalized: "c:\\users"), lpFindFileData=0x73ef48 | out: lpFindFileData=0x73ef48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x9203c8, ftLastAccessTime.dwLowDateTime=0xb, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x3, ftLastWriteTime.dwHighDateTime=0x9260f8, nFileSizeHigh=0x926390, nFileSizeLow=0x9203b8, dwReserved0=0x900000, dwReserved1=0x73ef94, cFileName="s蚆矘\n", cAlternateFileName="枼\x92\"")) returned 0xffffffff [0260.198] GetLastError () returned 0x2 [0260.198] SysReAllocStringLen (in: pbstr=0x73ef1c*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73ef1c*="C:\\Users\\") returned 1 [0260.198] SysReAllocStringLen (in: pbstr=0x73f1a0*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x73f1a0*="C:\\Users") returned 1 [0260.198] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x73ea2c, lpFilePart=0x73ea28 | out: lpBuffer="C:\\Users", lpFilePart=0x73ea28*="Users") returned 0x8 [0260.199] SysReAllocStringLen (in: pbstr=0x73ec6c*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ec6c*="C:") returned 1 [0260.199] SysReAllocStringLen (in: pbstr=0x73ec28*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ec28*="C:\\") returned 1 [0260.199] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.199] SysReAllocStringLen (in: pbstr=0x73ec24*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ec24*="C:\\") returned 1 [0260.199] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.199] SetLastError (dwErrCode=0x0) [0260.199] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0260.199] GetLastError () returned 0x0 [0260.199] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x73ec90 | out: lpFindFileData=0x73ec90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x29a50bc2, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73ecdc, cFileName="Users", cAlternateFileName="")) returned 0x91da30 [0260.199] FileTimeToLocalFileTime (in: lpFileTime=0x73eca4, lpLocalFileTime=0x73ec14 | out: lpLocalFileTime=0x73ec14) returned 1 [0260.199] FileTimeToDosDateTime (in: lpFileTime=0x73ec14, lpFatDate=0x73ec72, lpFatTime=0x73ec70 | out: lpFatDate=0x73ec72, lpFatTime=0x73ec70) returned 1 [0260.199] FindClose (in: hFindFile=0x91da30 | out: hFindFile=0x91da30) returned 1 [0260.200] SysReAllocStringLen (in: pbstr=0x73f1a0*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x73f1a0*="C:\\Users") returned 1 [0260.200] SysReAllocStringLen (in: pbstr=0x73ef14*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x73ef14*="C:\\Users") returned 1 [0260.200] SysReAllocStringLen (in: pbstr=0x73f1a0*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x73f1a0*="C:\\Users\\") returned 1 [0260.200] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73ef48 | out: lpFindFileData=0x73ef48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29c66c9e, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73ef94, cFileName="OqXZRaykm", cAlternateFileName="OQXZRA~1")) returned 0x91e0b0 [0260.200] FileTimeToLocalFileTime (in: lpFileTime=0x73ef5c, lpLocalFileTime=0x73eecc | out: lpLocalFileTime=0x73eecc) returned 1 [0260.200] FileTimeToDosDateTime (in: lpFileTime=0x73eecc, lpFatDate=0x73ef2a, lpFatTime=0x73ef28 | out: lpFatDate=0x73ef2a, lpFatTime=0x73ef28) returned 1 [0260.200] FindClose (in: hFindFile=0x91e0b0 | out: hFindFile=0x91e0b0) returned 1 [0260.201] SysReAllocStringLen (in: pbstr=0x73f458*="C:\\Users\\OQXZRA~1", psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73f458*="C:\\Users\\OqXZRaykm") returned 1 [0260.201] SysReAllocStringLen (in: pbstr=0x73f1cc*=0x0, psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73f1cc*="C:\\Users\\OqXZRaykm") returned 1 [0260.201] SysReAllocStringLen (in: pbstr=0x73f458*="C:\\Users\\OqXZRaykm", psz="C:\\Users\\OqXZRaykm\\", len=0x13 | out: pbstr=0x73f458*="C:\\Users\\OqXZRaykm\\") returned 1 [0260.201] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73f200 | out: lpFindFileData=0x73f200*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29de43c9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73f24c, cFileName="AppData", cAlternateFileName="")) returned 0x91daf0 [0260.201] FileTimeToLocalFileTime (in: lpFileTime=0x73f214, lpLocalFileTime=0x73f184 | out: lpLocalFileTime=0x73f184) returned 1 [0260.201] FileTimeToDosDateTime (in: lpFileTime=0x73f184, lpFatDate=0x73f1e2, lpFatTime=0x73f1e0 | out: lpFatDate=0x73f1e2, lpFatTime=0x73f1e0) returned 1 [0260.201] FindClose (in: hFindFile=0x91daf0 | out: hFindFile=0x91daf0) returned 1 [0260.201] SysReAllocStringLen (in: pbstr=0x73f710*="C:\\Users\\OQXZRA~1\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73f710*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0260.201] SysReAllocStringLen (in: pbstr=0x73f484*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73f484*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0260.202] SysReAllocStringLen (in: pbstr=0x73f710*="C:\\Users\\OqXZRaykm\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData\\", len=0x1b | out: pbstr=0x73f710*="C:\\Users\\OqXZRaykm\\AppData\\") returned 1 [0260.202] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73f4b8 | out: lpFindFileData=0x73f4b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2deab81f, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7e8773d3, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffdda, dwReserved1=0xb, cFileName="Local", cAlternateFileName="")) returned 0x91dd70 [0260.202] FileTimeToLocalFileTime (in: lpFileTime=0x73f4cc, lpLocalFileTime=0x73f43c | out: lpLocalFileTime=0x73f43c) returned 1 [0260.202] FileTimeToDosDateTime (in: lpFileTime=0x73f43c, lpFatDate=0x73f49a, lpFatTime=0x73f498 | out: lpFatDate=0x73f49a, lpFatTime=0x73f498) returned 1 [0260.202] FindClose (in: hFindFile=0x91dd70 | out: hFindFile=0x91dd70) returned 1 [0260.202] SysReAllocStringLen (in: pbstr=0x73f9c8*="C:\\Users\\OQXZRA~1\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73f9c8*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0260.202] SysReAllocStringLen (in: pbstr=0x73f73c*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73f73c*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0260.202] SysReAllocStringLen (in: pbstr=0x73f9c8*="C:\\Users\\OqXZRaykm\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\", len=0x21 | out: pbstr=0x73f9c8*="C:\\Users\\OqXZRaykm\\AppData\\Local\\") returned 1 [0260.202] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73f770 | out: lpFindFileData=0x73f770*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6d556de9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d556de9, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xfffffffc, dwReserved1=0x91e6e0, cFileName="Temp", cAlternateFileName="")) returned 0x91d930 [0260.203] FileTimeToLocalFileTime (in: lpFileTime=0x73f784, lpLocalFileTime=0x73f6f4 | out: lpLocalFileTime=0x73f6f4) returned 1 [0260.203] FileTimeToDosDateTime (in: lpFileTime=0x73f6f4, lpFatDate=0x73f752, lpFatTime=0x73f750 | out: lpFatDate=0x73f752, lpFatTime=0x73f750) returned 1 [0260.203] FindClose (in: hFindFile=0x91d930 | out: hFindFile=0x91d930) returned 1 [0260.203] SysReAllocStringLen (in: pbstr=0x73fc80*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73fc80*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0260.203] SysReAllocStringLen (in: pbstr=0x73f9f4*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73f9f4*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0260.203] SysReAllocStringLen (in: pbstr=0x73fc80*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\", len=0x26 | out: pbstr=0x73fc80*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\") returned 1 [0260.203] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73fa28 | out: lpFindFileData=0x73fa28*(dwFileAttributes=0x900000, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x50, ftLastAccessTime.dwLowDateTime=0x73fa4c, ftLastAccessTime.dwHighDateTime=0x76cbfaff, ftLastWriteTime.dwLowDateTime=0x77a1fec4, ftLastWriteTime.dwHighDateTime=0x91f2e4, nFileSizeHigh=0x4a, nFileSizeLow=0x76cbf9bc, dwReserved0=0x91f2e4, dwReserved1=0x73fa7c, cFileName="J", cAlternateFileName="\x91J")) returned 0xffffffff [0260.204] GetLastError () returned 0x2 [0260.204] SysReAllocStringLen (in: pbstr=0x73fd94*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73fd94*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0260.204] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp")) returned 0x10 [0260.204] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x73f7c4, lpFilePart=0x73f7c0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", lpFilePart=0x73f7c0*="Temp") returned 0x24 [0260.204] SysReAllocStringLen (in: pbstr=0x73fa04*=0x0, psz="C:", len=0x2 | out: pbstr=0x73fa04*="C:") returned 1 [0260.204] SysReAllocStringLen (in: pbstr=0x73f9c0*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f9c0*="C:\\") returned 1 [0260.204] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.204] SysReAllocStringLen (in: pbstr=0x73f9bc*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73f9bc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0260.204] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\") returned 0x20 [0260.204] SetLastError (dwErrCode=0x0) [0260.205] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0260.205] GetLastError () returned 0x0 [0260.205] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73fa28 | out: lpFindFileData=0x73fa28*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0260.205] GetLastError () returned 0x2 [0260.205] SysReAllocStringLen (in: pbstr=0x73f9fc*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73f9fc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0260.205] SysReAllocStringLen (in: pbstr=0x73fc80*="C:\\Users\\OQXZRA~1\\AppData\\Local\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local", len=0x1f | out: pbstr=0x73fc80*="C:\\Users\\OQXZRA~1\\AppData\\Local") returned 1 [0260.205] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x73f50c, lpFilePart=0x73f508 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local", lpFilePart=0x73f508*="Local") returned 0x1f [0260.205] SysReAllocStringLen (in: pbstr=0x73f74c*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f74c*="C:") returned 1 [0260.205] SysReAllocStringLen (in: pbstr=0x73f708*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f708*="C:\\") returned 1 [0260.205] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.205] SysReAllocStringLen (in: pbstr=0x73f704*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73f704*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0260.205] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\oqxzra~1\\appdata\\") returned 0x1a [0260.206] SetLastError (dwErrCode=0x0) [0260.206] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0260.206] GetLastError () returned 0x0 [0260.206] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73f770 | out: lpFindFileData=0x73f770*(dwFileAttributes=0x926eb8, ftCreationTime.dwLowDateTime=0x900000, ftCreationTime.dwHighDateTime=0x2000002, ftLastAccessTime.dwLowDateTime=0x2, ftLastAccessTime.dwHighDateTime=0x73f7b4, ftLastWriteTime.dwLowDateTime=0x77d92f90, ftLastWriteTime.dwHighDateTime=0x1, nFileSizeHigh=0x926eb8, nFileSizeLow=0x2, dwReserved0=0x2, dwReserved1=0x926e58, cFileName="", cAlternateFileName="\x91>")) returned 0xffffffff [0260.206] GetLastError () returned 0x2 [0260.206] SysReAllocStringLen (in: pbstr=0x73f744*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73f744*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0260.206] SysReAllocStringLen (in: pbstr=0x73f9c8*="C:\\Users\\OQXZRA~1\\AppData\\", psz="C:\\Users\\OQXZRA~1\\AppData", len=0x19 | out: pbstr=0x73f9c8*="C:\\Users\\OQXZRA~1\\AppData") returned 1 [0260.206] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData", nBufferLength=0x104, lpBuffer=0x73f254, lpFilePart=0x73f250 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData", lpFilePart=0x73f250*="AppData") returned 0x19 [0260.206] SysReAllocStringLen (in: pbstr=0x73f494*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f494*="C:") returned 1 [0260.206] SysReAllocStringLen (in: pbstr=0x73f450*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f450*="C:\\") returned 1 [0260.206] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.206] SysReAllocStringLen (in: pbstr=0x73f44c*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73f44c*="C:\\Users\\OQXZRA~1\\") returned 1 [0260.206] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\", cchLength=0x12 | out: lpsz="c:\\users\\oqxzra~1\\") returned 0x12 [0260.206] SetLastError (dwErrCode=0x0) [0260.207] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0260.207] GetLastError () returned 0x0 [0260.207] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73f4b8 | out: lpFindFileData=0x73f4b8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x90b1f8, ftLastAccessTime.dwLowDateTime=0x31, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x2b0026, ftLastWriteTime.dwHighDateTime=0x9248e8, nFileSizeHigh=0x9256e0, nFileSizeLow=0x90b1e8, dwReserved0=0x900000, dwReserved1=0x73f504, cFileName="s蚆矘\n", cAlternateFileName="双\x922")) returned 0xffffffff [0260.207] GetLastError () returned 0x2 [0260.207] SysReAllocStringLen (in: pbstr=0x73f48c*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73f48c*="C:\\Users\\OQXZRA~1\\") returned 1 [0260.207] SysReAllocStringLen (in: pbstr=0x73f710*="C:\\Users\\OQXZRA~1\\", psz="C:\\Users\\OQXZRA~1", len=0x11 | out: pbstr=0x73f710*="C:\\Users\\OQXZRA~1") returned 1 [0260.207] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1", nBufferLength=0x104, lpBuffer=0x73ef9c, lpFilePart=0x73ef98 | out: lpBuffer="C:\\Users\\OQXZRA~1", lpFilePart=0x73ef98*="OQXZRA~1") returned 0x11 [0260.207] SysReAllocStringLen (in: pbstr=0x73f1dc*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f1dc*="C:") returned 1 [0260.207] SysReAllocStringLen (in: pbstr=0x73f198*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f198*="C:\\") returned 1 [0260.207] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.207] SysReAllocStringLen (in: pbstr=0x73f194*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73f194*="C:\\Users\\") returned 1 [0260.207] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0260.207] SetLastError (dwErrCode=0x0) [0260.207] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0260.208] GetLastError () returned 0x0 [0260.208] FindFirstFileW (in: lpFileName="C:\\Users\\" (normalized: "c:\\users"), lpFindFileData=0x73f200 | out: lpFindFileData=0x73f200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x90b1f8, ftLastAccessTime.dwLowDateTime=0x2a, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x310027, ftLastWriteTime.dwHighDateTime=0x9248e8, nFileSizeHigh=0x9254e8, nFileSizeLow=0x90b1e8, dwReserved0=0x900000, dwReserved1=0x73f24c, cFileName="s蚆矘\n", cAlternateFileName="枼\x92\"")) returned 0xffffffff [0260.208] GetLastError () returned 0x2 [0260.208] SysReAllocStringLen (in: pbstr=0x73f1d4*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73f1d4*="C:\\Users\\") returned 1 [0260.208] SysReAllocStringLen (in: pbstr=0x73f458*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x73f458*="C:\\Users") returned 1 [0260.208] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x73ece4, lpFilePart=0x73ece0 | out: lpBuffer="C:\\Users", lpFilePart=0x73ece0*="Users") returned 0x8 [0260.208] SysReAllocStringLen (in: pbstr=0x73ef24*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ef24*="C:") returned 1 [0260.208] SysReAllocStringLen (in: pbstr=0x73eee0*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73eee0*="C:\\") returned 1 [0260.208] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.208] SysReAllocStringLen (in: pbstr=0x73eedc*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73eedc*="C:\\") returned 1 [0260.208] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0260.208] SetLastError (dwErrCode=0x0) [0260.208] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0260.208] GetLastError () returned 0x0 [0260.209] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x73ef48 | out: lpFindFileData=0x73ef48*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x29a50bc2, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73ef94, cFileName="Users", cAlternateFileName="")) returned 0x91deb0 [0260.209] FileTimeToLocalFileTime (in: lpFileTime=0x73ef5c, lpLocalFileTime=0x73eecc | out: lpLocalFileTime=0x73eecc) returned 1 [0260.209] FileTimeToDosDateTime (in: lpFileTime=0x73eecc, lpFatDate=0x73ef2a, lpFatTime=0x73ef28 | out: lpFatDate=0x73ef2a, lpFatTime=0x73ef28) returned 1 [0260.209] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0260.240] SysReAllocStringLen (in: pbstr=0x73f458*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x73f458*="C:\\Users") returned 1 [0260.240] SysReAllocStringLen (in: pbstr=0x73f1cc*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x73f1cc*="C:\\Users") returned 1 [0260.240] SysReAllocStringLen (in: pbstr=0x73f458*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x73f458*="C:\\Users\\") returned 1 [0260.240] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73f200 | out: lpFindFileData=0x73f200*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29c66c9e, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73f24c, cFileName="OqXZRaykm", cAlternateFileName="OQXZRA~1")) returned 0x91da30 [0260.240] FileTimeToLocalFileTime (in: lpFileTime=0x73f214, lpLocalFileTime=0x73f184 | out: lpLocalFileTime=0x73f184) returned 1 [0260.240] FileTimeToDosDateTime (in: lpFileTime=0x73f184, lpFatDate=0x73f1e2, lpFatTime=0x73f1e0 | out: lpFatDate=0x73f1e2, lpFatTime=0x73f1e0) returned 1 [0260.241] FindClose (in: hFindFile=0x91da30 | out: hFindFile=0x91da30) returned 1 [0260.241] SysReAllocStringLen (in: pbstr=0x73f710*="C:\\Users\\OQXZRA~1", psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73f710*="C:\\Users\\OqXZRaykm") returned 1 [0260.241] SysReAllocStringLen (in: pbstr=0x73f484*=0x0, psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73f484*="C:\\Users\\OqXZRaykm") returned 1 [0260.241] SysReAllocStringLen (in: pbstr=0x73f710*="C:\\Users\\OqXZRaykm", psz="C:\\Users\\OqXZRaykm\\", len=0x13 | out: pbstr=0x73f710*="C:\\Users\\OqXZRaykm\\") returned 1 [0260.242] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73f4b8 | out: lpFindFileData=0x73f4b8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29de43c9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73f504, cFileName="AppData", cAlternateFileName="")) returned 0x91deb0 [0260.242] FileTimeToLocalFileTime (in: lpFileTime=0x73f4cc, lpLocalFileTime=0x73f43c | out: lpLocalFileTime=0x73f43c) returned 1 [0260.242] FileTimeToDosDateTime (in: lpFileTime=0x73f43c, lpFatDate=0x73f49a, lpFatTime=0x73f498 | out: lpFatDate=0x73f49a, lpFatTime=0x73f498) returned 1 [0260.242] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0260.242] SysReAllocStringLen (in: pbstr=0x73f9c8*="C:\\Users\\OQXZRA~1\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73f9c8*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0260.242] SysReAllocStringLen (in: pbstr=0x73f73c*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73f73c*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0260.242] SysReAllocStringLen (in: pbstr=0x73f9c8*="C:\\Users\\OqXZRaykm\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData\\", len=0x1b | out: pbstr=0x73f9c8*="C:\\Users\\OqXZRaykm\\AppData\\") returned 1 [0260.242] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73f770 | out: lpFindFileData=0x73f770*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2deab81f, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7e8773d3, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2, dwReserved1=0x926e58, cFileName="Local", cAlternateFileName="")) returned 0x91def0 [0260.243] FileTimeToLocalFileTime (in: lpFileTime=0x73f784, lpLocalFileTime=0x73f6f4 | out: lpLocalFileTime=0x73f6f4) returned 1 [0260.243] FileTimeToDosDateTime (in: lpFileTime=0x73f6f4, lpFatDate=0x73f752, lpFatTime=0x73f750 | out: lpFatDate=0x73f752, lpFatTime=0x73f750) returned 1 [0260.243] FindClose (in: hFindFile=0x91def0 | out: hFindFile=0x91def0) returned 1 [0260.243] SysReAllocStringLen (in: pbstr=0x73fc80*="C:\\Users\\OQXZRA~1\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73fc80*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0260.243] SysReAllocStringLen (in: pbstr=0x73f9f4*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73f9f4*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0260.243] SysReAllocStringLen (in: pbstr=0x73fc80*="C:\\Users\\OqXZRaykm\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\", len=0x21 | out: pbstr=0x73fc80*="C:\\Users\\OqXZRaykm\\AppData\\Local\\") returned 1 [0260.243] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73fa28 | out: lpFindFileData=0x73fa28*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6d556de9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d556de9, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0x91da30 [0260.243] FileTimeToLocalFileTime (in: lpFileTime=0x73fa3c, lpLocalFileTime=0x73f9ac | out: lpLocalFileTime=0x73f9ac) returned 1 [0260.243] FileTimeToDosDateTime (in: lpFileTime=0x73f9ac, lpFatDate=0x73fa0a, lpFatTime=0x73fa08 | out: lpFatDate=0x73fa0a, lpFatTime=0x73fa08) returned 1 [0260.244] FindClose (in: hFindFile=0x91da30 | out: hFindFile=0x91da30) returned 1 [0260.244] SysReAllocStringLen (in: pbstr=0x73fcc4*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73fcc4*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0260.244] SysReAllocStringLen (in: pbstr=0x73fd94*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\", len=0x26 | out: pbstr=0x73fd94*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\") returned 1 [0260.244] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\", len=0x26 | out: pbstr=0x73fca8*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\") returned 1 [0260.244] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\", cchLength=0x26 | out: lpsz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\") returned 0x26 [0260.244] SysReAllocStringLen (in: pbstr=0x73fd94*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\", psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\", len=0x26 | out: pbstr=0x73fd94*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\") returned 1 [0260.244] SysReAllocStringLen (in: pbstr=0x2522798*=0x0, psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\", len=0x26 | out: pbstr=0x2522798*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\") returned 1 [0260.244] GetWindowsDirectoryW (in: lpBuffer=0x2531d8c, uSize=0xfffe | out: lpBuffer="C:\\Windows") returned 0xa [0260.245] SysReAllocStringLen (in: pbstr=0x73fd84*=0x0, psz="C:\\Windows", len=0xa | out: pbstr=0x73fd84*="C:\\Windows") returned 1 [0260.245] SysReAllocStringLen (in: pbstr=0x73fd88*=0x0, psz="C:\\Windows\\", len=0xb | out: pbstr=0x73fd88*="C:\\Windows\\") returned 1 [0260.245] GetThreadLocale () returned 0x409 [0260.245] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.245] GetThreadLocale () returned 0x409 [0260.245] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.245] GetFullPathNameW (in: lpFileName="C:\\Windows\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\Windows\\", lpFilePart=0x73fa78*=0x0) returned 0xb [0260.245] SysReAllocStringLen (in: pbstr=0x73fd88*="C:\\Windows\\", psz="C:\\Windows\\", len=0xb | out: pbstr=0x73fd88*="C:\\Windows\\") returned 1 [0260.245] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\Windows\\", len=0xb | out: pbstr=0x73fca8*="C:\\Windows\\") returned 1 [0260.245] CharLowerBuffW (in: lpsz="C:\\Windows\\", cchLength=0xb | out: lpsz="c:\\windows\\") returned 0xb [0260.245] SysReAllocStringLen (in: pbstr=0x73fd88*="C:\\Windows\\", psz="c:\\windows\\", len=0xb | out: pbstr=0x73fd88*="c:\\windows\\") returned 1 [0260.245] SysReAllocStringLen (in: pbstr=0x252278c*=0x0, psz="c:\\windows\\", len=0xb | out: pbstr=0x252278c*="c:\\windows\\") returned 1 [0260.245] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2531d8c | out: pszPath="C:\\Users\\OqXZRaykm\\Documents") returned 0x0 [0260.271] SysReAllocStringLen (in: pbstr=0x73fd78*=0x0, psz="C:\\Users\\OqXZRaykm\\Documents", len=0x1c | out: pbstr=0x73fd78*="C:\\Users\\OqXZRaykm\\Documents") returned 1 [0260.272] SysReAllocStringLen (in: pbstr=0x73fd7c*=0x0, psz="C:\\Users\\OqXZRaykm\\Documents\\", len=0x1d | out: pbstr=0x73fd7c*="C:\\Users\\OqXZRaykm\\Documents\\") returned 1 [0260.272] GetThreadLocale () returned 0x409 [0260.272] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\Documents\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.272] GetThreadLocale () returned 0x409 [0260.272] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\Documents\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.272] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Documents\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Documents\\", lpFilePart=0x73fa78*=0x0) returned 0x1d [0260.272] SysReAllocStringLen (in: pbstr=0x73fd7c*="C:\\Users\\OqXZRaykm\\Documents\\", psz="C:\\Users\\OqXZRaykm\\Documents\\", len=0x1d | out: pbstr=0x73fd7c*="C:\\Users\\OqXZRaykm\\Documents\\") returned 1 [0260.272] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\Users\\OqXZRaykm\\Documents\\", len=0x1d | out: pbstr=0x73fca8*="C:\\Users\\OqXZRaykm\\Documents\\") returned 1 [0260.273] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\Documents\\", cchLength=0x1d | out: lpsz="c:\\users\\oqxzraykm\\documents\\") returned 0x1d [0260.273] SysReAllocStringLen (in: pbstr=0x73fd7c*="C:\\Users\\OqXZRaykm\\Documents\\", psz="c:\\users\\oqxzraykm\\documents\\", len=0x1d | out: pbstr=0x73fd7c*="c:\\users\\oqxzraykm\\documents\\") returned 1 [0260.273] SysReAllocStringLen (in: pbstr=0x2522788*=0x0, psz="c:\\users\\oqxzraykm\\documents\\", len=0x1d | out: pbstr=0x2522788*="c:\\users\\oqxzraykm\\documents\\") returned 1 [0260.273] SHGetFolderPathW (in: hwnd=0x0, csidl=46, hToken=0x0, dwFlags=0x0, pszPath=0x2531d8c | out: pszPath="C:\\Users\\Public\\Documents") returned 0x0 [0260.276] SysReAllocStringLen (in: pbstr=0x73fd6c*=0x0, psz="C:\\Users\\Public\\Documents", len=0x19 | out: pbstr=0x73fd6c*="C:\\Users\\Public\\Documents") returned 1 [0260.276] SysReAllocStringLen (in: pbstr=0x73fd70*=0x0, psz="C:\\Users\\Public\\Documents\\", len=0x1a | out: pbstr=0x73fd70*="C:\\Users\\Public\\Documents\\") returned 1 [0260.276] GetThreadLocale () returned 0x409 [0260.276] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\Public\\Documents\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.276] GetThreadLocale () returned 0x409 [0260.276] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\Public\\Documents\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.276] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\Users\\Public\\Documents\\", lpFilePart=0x73fa78*=0x0) returned 0x1a [0260.276] SysReAllocStringLen (in: pbstr=0x73fd70*="C:\\Users\\Public\\Documents\\", psz="C:\\Users\\Public\\Documents\\", len=0x1a | out: pbstr=0x73fd70*="C:\\Users\\Public\\Documents\\") returned 1 [0260.276] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\Users\\Public\\Documents\\", len=0x1a | out: pbstr=0x73fca8*="C:\\Users\\Public\\Documents\\") returned 1 [0260.276] CharLowerBuffW (in: lpsz="C:\\Users\\Public\\Documents\\", cchLength=0x1a | out: lpsz="c:\\users\\public\\documents\\") returned 0x1a [0260.276] SysReAllocStringLen (in: pbstr=0x73fd70*="C:\\Users\\Public\\Documents\\", psz="c:\\users\\public\\documents\\", len=0x1a | out: pbstr=0x73fd70*="c:\\users\\public\\documents\\") returned 1 [0260.276] SysReAllocStringLen (in: pbstr=0x252279c*=0x0, psz="c:\\users\\public\\documents\\", len=0x1a | out: pbstr=0x252279c*="c:\\users\\public\\documents\\") returned 1 [0260.276] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x2531d8c | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0260.280] SysReAllocStringLen (in: pbstr=0x73fd60*=0x0, psz="C:\\Program Files (x86)", len=0x16 | out: pbstr=0x73fd60*="C:\\Program Files (x86)") returned 1 [0260.280] SysReAllocStringLen (in: pbstr=0x73fd64*=0x0, psz="C:\\Program Files (x86)\\", len=0x17 | out: pbstr=0x73fd64*="C:\\Program Files (x86)\\") returned 1 [0260.280] GetThreadLocale () returned 0x409 [0260.280] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.281] GetThreadLocale () returned 0x409 [0260.281] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.281] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\Program Files (x86)\\", lpFilePart=0x73fa78*=0x0) returned 0x17 [0260.281] SysReAllocStringLen (in: pbstr=0x73fd64*="C:\\Program Files (x86)\\", psz="C:\\Program Files (x86)\\", len=0x17 | out: pbstr=0x73fd64*="C:\\Program Files (x86)\\") returned 1 [0260.281] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\Program Files (x86)\\", len=0x17 | out: pbstr=0x73fca8*="C:\\Program Files (x86)\\") returned 1 [0260.281] CharLowerBuffW (in: lpsz="C:\\Program Files (x86)\\", cchLength=0x17 | out: lpsz="c:\\program files (x86)\\") returned 0x17 [0260.281] SysReAllocStringLen (in: pbstr=0x73fd64*="C:\\Program Files (x86)\\", psz="c:\\program files (x86)\\", len=0x17 | out: pbstr=0x73fd64*="c:\\program files (x86)\\") returned 1 [0260.281] SysReAllocStringLen (in: pbstr=0x25227a0*=0x0, psz="c:\\program files (x86)\\", len=0x17 | out: pbstr=0x25227a0*="c:\\program files (x86)\\") returned 1 [0260.281] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x2531d8c | out: pszPath="C:\\ProgramData") returned 0x0 [0260.337] SysReAllocStringLen (in: pbstr=0x73fd54*=0x0, psz="C:\\ProgramData", len=0xe | out: pbstr=0x73fd54*="C:\\ProgramData") returned 1 [0260.337] SysReAllocStringLen (in: pbstr=0x73fd58*=0x0, psz="C:\\ProgramData\\", len=0xf | out: pbstr=0x73fd58*="C:\\ProgramData\\") returned 1 [0260.337] GetThreadLocale () returned 0x409 [0260.337] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.337] GetThreadLocale () returned 0x409 [0260.337] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\ProgramData\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.337] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\ProgramData\\", lpFilePart=0x73fa78*=0x0) returned 0xf [0260.337] SysReAllocStringLen (in: pbstr=0x73fd58*="C:\\ProgramData\\", psz="C:\\ProgramData\\", len=0xf | out: pbstr=0x73fd58*="C:\\ProgramData\\") returned 1 [0260.337] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\ProgramData\\", len=0xf | out: pbstr=0x73fca8*="C:\\ProgramData\\") returned 1 [0260.337] CharLowerBuffW (in: lpsz="C:\\ProgramData\\", cchLength=0xf | out: lpsz="c:\\programdata\\") returned 0xf [0260.337] SysReAllocStringLen (in: pbstr=0x73fd58*="C:\\ProgramData\\", psz="c:\\programdata\\", len=0xf | out: pbstr=0x73fd58*="c:\\programdata\\") returned 1 [0260.337] SysReAllocStringLen (in: pbstr=0x25227a4*=0x0, psz="c:\\programdata\\", len=0xf | out: pbstr=0x25227a4*="c:\\programdata\\") returned 1 [0260.337] SHGetFolderPathW (in: hwnd=0x0, csidl=43, hToken=0x0, dwFlags=0x0, pszPath=0x2531d8c | out: pszPath="C:\\Program Files (x86)\\Common Files") returned 0x0 [0260.340] SysReAllocStringLen (in: pbstr=0x73fd48*=0x0, psz="C:\\Program Files (x86)\\Common Files", len=0x23 | out: pbstr=0x73fd48*="C:\\Program Files (x86)\\Common Files") returned 1 [0260.340] SysReAllocStringLen (in: pbstr=0x73fd4c*=0x0, psz="C:\\Program Files (x86)\\Common Files\\", len=0x24 | out: pbstr=0x73fd4c*="C:\\Program Files (x86)\\Common Files\\") returned 1 [0260.340] GetThreadLocale () returned 0x409 [0260.340] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Common Files\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.340] GetThreadLocale () returned 0x409 [0260.340] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Program Files (x86)\\Common Files\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.340] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\", lpFilePart=0x73fa78*=0x0) returned 0x24 [0260.340] SysReAllocStringLen (in: pbstr=0x73fd4c*="C:\\Program Files (x86)\\Common Files\\", psz="C:\\Program Files (x86)\\Common Files\\", len=0x24 | out: pbstr=0x73fd4c*="C:\\Program Files (x86)\\Common Files\\") returned 1 [0260.340] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\Program Files (x86)\\Common Files\\", len=0x24 | out: pbstr=0x73fca8*="C:\\Program Files (x86)\\Common Files\\") returned 1 [0260.340] CharLowerBuffW (in: lpsz="C:\\Program Files (x86)\\Common Files\\", cchLength=0x24 | out: lpsz="c:\\program files (x86)\\common files\\") returned 0x24 [0260.340] SysReAllocStringLen (in: pbstr=0x73fd4c*="C:\\Program Files (x86)\\Common Files\\", psz="c:\\program files (x86)\\common files\\", len=0x24 | out: pbstr=0x73fd4c*="c:\\program files (x86)\\common files\\") returned 1 [0260.340] SysReAllocStringLen (in: pbstr=0x25227a8*=0x0, psz="c:\\program files (x86)\\common files\\", len=0x24 | out: pbstr=0x25227a8*="c:\\program files (x86)\\common files\\") returned 1 [0260.340] SHGetFolderPathW (in: hwnd=0x0, csidl=39, hToken=0x0, dwFlags=0x0, pszPath=0x2531d8c | out: pszPath="C:\\Users\\OqXZRaykm\\Pictures") returned 0x0 [0260.343] SysReAllocStringLen (in: pbstr=0x73fd3c*=0x0, psz="C:\\Users\\OqXZRaykm\\Pictures", len=0x1b | out: pbstr=0x73fd3c*="C:\\Users\\OqXZRaykm\\Pictures") returned 1 [0260.343] SysReAllocStringLen (in: pbstr=0x73fd40*=0x0, psz="C:\\Users\\OqXZRaykm\\Pictures\\", len=0x1c | out: pbstr=0x73fd40*="C:\\Users\\OqXZRaykm\\Pictures\\") returned 1 [0260.343] GetThreadLocale () returned 0x409 [0260.343] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\Pictures\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.343] GetThreadLocale () returned 0x409 [0260.343] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\Pictures\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.343] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\Pictures\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\Users\\OqXZRaykm\\Pictures\\", lpFilePart=0x73fa78*=0x0) returned 0x1c [0260.343] SysReAllocStringLen (in: pbstr=0x73fd40*="C:\\Users\\OqXZRaykm\\Pictures\\", psz="C:\\Users\\OqXZRaykm\\Pictures\\", len=0x1c | out: pbstr=0x73fd40*="C:\\Users\\OqXZRaykm\\Pictures\\") returned 1 [0260.343] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\Users\\OqXZRaykm\\Pictures\\", len=0x1c | out: pbstr=0x73fca8*="C:\\Users\\OqXZRaykm\\Pictures\\") returned 1 [0260.343] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\Pictures\\", cchLength=0x1c | out: lpsz="c:\\users\\oqxzraykm\\pictures\\") returned 0x1c [0260.343] SysReAllocStringLen (in: pbstr=0x73fd40*="C:\\Users\\OqXZRaykm\\Pictures\\", psz="c:\\users\\oqxzraykm\\pictures\\", len=0x1c | out: pbstr=0x73fd40*="c:\\users\\oqxzraykm\\pictures\\") returned 1 [0260.343] SysReAllocStringLen (in: pbstr=0x25227ac*=0x0, psz="c:\\users\\oqxzraykm\\pictures\\", len=0x1c | out: pbstr=0x25227ac*="c:\\users\\oqxzraykm\\pictures\\") returned 1 [0260.343] SHGetFolderPathW (in: hwnd=0x0, csidl=34, hToken=0x0, dwFlags=0x0, pszPath=0x2531d8c | out: pszPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History") returned 0x0 [0260.346] SysReAllocStringLen (in: pbstr=0x73fd30*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History", len=0x3a | out: pbstr=0x73fd30*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History") returned 1 [0260.346] SysReAllocStringLen (in: pbstr=0x73fd34*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History\\", len=0x3b | out: pbstr=0x73fd34*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History\\") returned 1 [0260.346] GetThreadLocale () returned 0x409 [0260.346] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.346] GetThreadLocale () returned 0x409 [0260.346] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.346] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History\\", lpFilePart=0x73fa78*=0x0) returned 0x3b [0260.347] SysReAllocStringLen (in: pbstr=0x73fd34*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History\\", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History\\", len=0x3b | out: pbstr=0x73fd34*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History\\") returned 1 [0260.347] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History\\", len=0x3b | out: pbstr=0x73fca8*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History\\") returned 1 [0260.347] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History\\", cchLength=0x3b | out: lpsz="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\history\\") returned 0x3b [0260.347] SysReAllocStringLen (in: pbstr=0x73fd34*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\History\\", psz="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\history\\", len=0x3b | out: pbstr=0x73fd34*="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\history\\") returned 1 [0260.347] SysReAllocStringLen (in: pbstr=0x25227b0*=0x0, psz="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\history\\", len=0x3b | out: pbstr=0x25227b0*="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\history\\") returned 1 [0260.347] SHGetFolderPathW (in: hwnd=0x0, csidl=33, hToken=0x0, dwFlags=0x0, pszPath=0x2531d8c | out: pszPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies") returned 0x0 [0260.350] SysReAllocStringLen (in: pbstr=0x73fd24*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies", len=0x3e | out: pbstr=0x73fd24*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies") returned 1 [0260.350] SysReAllocStringLen (in: pbstr=0x73fd28*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\", len=0x3f | out: pbstr=0x73fd28*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\") returned 1 [0260.351] GetThreadLocale () returned 0x409 [0260.351] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.351] GetThreadLocale () returned 0x409 [0260.351] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.351] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\", lpFilePart=0x73fa78*=0x0) returned 0x3f [0260.351] SysReAllocStringLen (in: pbstr=0x73fd28*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\", len=0x3f | out: pbstr=0x73fd28*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\") returned 1 [0260.351] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\", len=0x3f | out: pbstr=0x73fca8*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\") returned 1 [0260.351] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\", cchLength=0x3f | out: lpsz="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\inetcookies\\") returned 0x3f [0260.351] SysReAllocStringLen (in: pbstr=0x73fd28*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\", psz="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\inetcookies\\", len=0x3f | out: pbstr=0x73fd28*="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\inetcookies\\") returned 1 [0260.351] SysReAllocStringLen (in: pbstr=0x25227b4*=0x0, psz="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\inetcookies\\", len=0x3f | out: pbstr=0x25227b4*="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\inetcookies\\") returned 1 [0260.351] SHGetFolderPathW (in: hwnd=0x0, csidl=32, hToken=0x0, dwFlags=0x0, pszPath=0x2531d8c | out: pszPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache") returned 0x0 [0260.354] SysReAllocStringLen (in: pbstr=0x73fd18*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache", len=0x3c | out: pbstr=0x73fd18*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache") returned 1 [0260.354] SysReAllocStringLen (in: pbstr=0x73fd1c*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\", len=0x3d | out: pbstr=0x73fd1c*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\") returned 1 [0260.354] GetThreadLocale () returned 0x409 [0260.354] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.354] GetThreadLocale () returned 0x409 [0260.354] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.355] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\", lpFilePart=0x73fa78*=0x0) returned 0x3d [0260.355] SysReAllocStringLen (in: pbstr=0x73fd1c*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\", len=0x3d | out: pbstr=0x73fd1c*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\") returned 1 [0260.355] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\", len=0x3d | out: pbstr=0x73fca8*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\") returned 1 [0260.355] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\", cchLength=0x3d | out: lpsz="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\inetcache\\") returned 0x3d [0260.355] SysReAllocStringLen (in: pbstr=0x73fd1c*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\Windows\\INetCache\\", psz="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\inetcache\\", len=0x3d | out: pbstr=0x73fd1c*="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\inetcache\\") returned 1 [0260.355] SysReAllocStringLen (in: pbstr=0x25227b8*=0x0, psz="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\inetcache\\", len=0x3d | out: pbstr=0x25227b8*="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\windows\\inetcache\\") returned 1 [0260.355] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x2531d8c | out: pszPath="C:\\Users\\OqXZRaykm\\AppData\\Roaming") returned 0x0 [0260.358] SysReAllocStringLen (in: pbstr=0x73fd0c*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Roaming", len=0x22 | out: pbstr=0x73fd0c*="C:\\Users\\OqXZRaykm\\AppData\\Roaming") returned 1 [0260.358] SysReAllocStringLen (in: pbstr=0x73fd10*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\", len=0x23 | out: pbstr=0x73fd10*="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\") returned 1 [0260.358] GetThreadLocale () returned 0x409 [0260.358] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0260.358] GetThreadLocale () returned 0x409 [0260.358] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0260.358] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\", nBufferLength=0x104, lpBuffer=0x73fa7c, lpFilePart=0x73fa78 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\", lpFilePart=0x73fa78*=0x0) returned 0x23 [0260.358] SysReAllocStringLen (in: pbstr=0x73fd10*="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\", psz="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\", len=0x23 | out: pbstr=0x73fd10*="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\") returned 1 [0260.358] SysReAllocStringLen (in: pbstr=0x73fca8*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\", len=0x23 | out: pbstr=0x73fca8*="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\") returned 1 [0260.358] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\", cchLength=0x23 | out: lpsz="c:\\users\\oqxzraykm\\appdata\\roaming\\") returned 0x23 [0260.358] SysReAllocStringLen (in: pbstr=0x73fd10*="C:\\Users\\OqXZRaykm\\AppData\\Roaming\\", psz="c:\\users\\oqxzraykm\\appdata\\roaming\\", len=0x23 | out: pbstr=0x73fd10*="c:\\users\\oqxzraykm\\appdata\\roaming\\") returned 1 [0260.358] SysReAllocStringLen (in: pbstr=0x25227bc*=0x0, psz="c:\\users\\oqxzraykm\\appdata\\roaming\\", len=0x23 | out: pbstr=0x25227bc*="c:\\users\\oqxzraykm\\appdata\\roaming\\") returned 1 [0260.358] VirtualFree (lpAddress=0x2534000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0260.412] GetVersion () returned 0x23f00206 [0260.412] GetCurrentProcessId () returned 0x1428 [0260.412] GetCurrentProcess () returned 0xffffffff [0260.412] GetCommandLineA () returned="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe\" " [0260.412] GetCommandLineA () returned="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe\" " [0260.412] GetCommandLineW () returned="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe\" " [0260.413] GetCommandLineW () returned="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe\" " [0260.413] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0260.413] RtlDosPathNameToNtPathName_U (in: DosPathName="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe", NtPathName=0x73fcc0, NtFileNamePart=0x0, DirectoryInfo=0x0 | out: NtPathName="\\??\\c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe", NtFileNamePart=0x0, DirectoryInfo=0x0) returned 1 [0260.413] NtCreateFile (in: FileHandle=0x73fcd0, DesiredAccess=0x80100080, ObjectAttributes=0x73fca4*(Length=0x18, RootDirectory=0x0, ObjectName="\\??\\c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe"), Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), IoStatusBlock=0x73fcc8, AllocationSize=0x0, FileAttributes=0x80, ShareAccess=0x1, CreateDisposition=0x1, CreateOptions=0x60, EaBuffer=0x0, EaLength=0x0 | out: FileHandle=0x73fcd0*=0x25c, IoStatusBlock=0x73fcc8*(Status=0x0, Pointer=0x0, Information=0x1)) returned 0x0 [0260.414] RtlFreeAnsiString (AnsiString="\\") [0260.437] NtSetInformationFile (FileHandle=0x25c, IoStatusBlock=0x73fccc, FileInformation=0x73fcc4, Length=0x8, FileInformationClass=0xe) returned 0x0 [0260.460] NtReadFile (in: FileHandle=0x25c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x73fcc8, Buffer=0x73fed8, BufferLength=0x40, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x73fcc8, Buffer=0x73fed8*) returned 0x0 [0260.461] NtSetInformationFile (FileHandle=0x25c, IoStatusBlock=0x73fccc, FileInformation=0x73fcc4, Length=0x8, FileInformationClass=0xe) returned 0x0 [0260.461] NtReadFile (in: FileHandle=0x25c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x73fcc8, Buffer=0x73fec4, BufferLength=0x14, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x73fcc8, Buffer=0x73fec4*) returned 0x0 [0260.461] NtSetInformationFile (FileHandle=0x25c, IoStatusBlock=0x73fccc, FileInformation=0x73fcc4, Length=0x8, FileInformationClass=0xe) returned 0x0 [0260.461] NtReadFile (in: FileHandle=0x25c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x73fcc8, Buffer=0x73fde4, BufferLength=0xe0, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x73fcc8, Buffer=0x73fde4*) returned 0x0 [0260.461] NtSetInformationFile (FileHandle=0x25c, IoStatusBlock=0x73fccc, FileInformation=0x73fcc4, Length=0x8, FileInformationClass=0xe) returned 0x0 [0260.462] NtReadFile (in: FileHandle=0x25c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x73fcc8, Buffer=0x73fdbc, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x73fcc8, Buffer=0x73fdbc*) returned 0x0 [0260.462] NtReadFile (in: FileHandle=0x25c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x73fcc8, Buffer=0x73fdbc, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x73fcc8, Buffer=0x73fdbc*) returned 0x0 [0260.462] NtReadFile (in: FileHandle=0x25c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x73fcc8, Buffer=0x73fdbc, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x73fcc8, Buffer=0x73fdbc*) returned 0x0 [0260.462] NtReadFile (in: FileHandle=0x25c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x73fcc8, Buffer=0x73fdbc, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x73fcc8, Buffer=0x73fdbc*) returned 0x0 [0260.462] NtReadFile (in: FileHandle=0x25c, Event=0x0, UserApcRoutine=0x0, UserApcContext=0x0, IoStatusBlock=0x73fcc8, Buffer=0x73fdbc, BufferLength=0x28, ByteOffset=0x0, Key=0x0 | out: IoStatusBlock=0x73fcc8, Buffer=0x73fdbc*) returned 0x0 [0260.478] NtClose (Handle=0x25c) returned 0x0 [0260.479] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0260.479] GetProcAddress (hModule=0x75ce0000, lpProcName="GetVersionExA") returned 0x75d016c0 [0260.479] GetVersionExA (in: lpVersionInformation=0x73fc44*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x92a850, dwMinorVersion=0x73fc70, dwBuildNumber=0x76cbec77, dwPlatformId=0x77a1fec4, szCSDVersion="P¨\x92") | out: lpVersionInformation=0x73fc44*(dwOSVersionInfoSize=0x94, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0260.705] GetCurrentThreadId () returned 0xfe0 [0260.705] VirtualAlloc (lpAddress=0x2534000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x40) returned 0x2534000 [0260.711] GetTickCount () returned 0x19d2409 [0260.711] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722846406893) returned 1 [0260.711] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722846413886) returned 1 [0260.711] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722846420685) returned 1 [0260.711] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722846427025) returned 1 [0260.711] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722846434438) returned 1 [0260.711] Sleep (dwMilliseconds=0x0) [0260.758] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722851104067) returned 1 [0260.758] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722851111875) returned 1 [0260.758] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722851118286) returned 1 [0260.758] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722851124927) returned 1 [0260.758] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722851131753) returned 1 [0260.758] Sleep (dwMilliseconds=0x0) [0260.804] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722855662464) returned 1 [0260.804] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722855669958) returned 1 [0260.804] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722855676363) returned 1 [0260.804] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722855682811) returned 1 [0260.804] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722855689767) returned 1 [0260.804] Sleep (dwMilliseconds=0x0) [0260.845] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722859815308) returned 1 [0260.845] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722859823225) returned 1 [0260.845] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722859829640) returned 1 [0260.845] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722859835905) returned 1 [0260.845] QueryPerformanceCounter (in: lpPerformanceCount=0x73fe90 | out: lpPerformanceCount=0x73fe90*=2722859842841) returned 1 [0260.845] Sleep (dwMilliseconds=0x0) [0261.038] GetTickCount () returned 0x19d2551 [0261.038] VirtualFree (lpAddress=0x2554000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0261.315] VirtualAlloc (lpAddress=0x2554000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0x2554000 [0261.386] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73ee14, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0261.387] RtlUnwind (TargetFrame=0x73fec4, TargetIp=0x47944, ExceptionRecord=0x73f354, ReturnValue=0x0) [0261.387] RtlUnwind (TargetFrame=0x73fec4, TargetIp=0x47944, ExceptionRecord=0x73f354, ReturnValue=0x0) [0261.388] RtlUnwind (TargetFrame=0x73fec4, TargetIp=0x47944, ExceptionRecord=0x73f354, ReturnValue=0x0) [0261.389] RtlUnwind (TargetFrame=0x73fec4, TargetIp=0x47944, ExceptionRecord=0x73f354, ReturnValue=0x0) [0261.389] RtlUnwind (TargetFrame=0x73fec4, TargetIp=0x47944, ExceptionRecord=0x73f354, ReturnValue=0x0) [0261.390] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73ee14, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0261.390] RtlUnwind (TargetFrame=0x73fec4, TargetIp=0x47944, ExceptionRecord=0x73f354, ReturnValue=0x0) [0261.390] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73ee14, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0261.390] RtlUnwind (TargetFrame=0x73fec4, TargetIp=0x47944, ExceptionRecord=0x73f354, ReturnValue=0x0) [0261.391] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73ee14, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0261.391] RtlUnwind (TargetFrame=0x73fec4, TargetIp=0x47944, ExceptionRecord=0x73f354, ReturnValue=0x0) [0261.655] VirtualAlloc (lpAddress=0x2564000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0x2564000 [0261.750] VirtualFree (lpAddress=0x2564000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0261.821] GetCurrentThreadId () returned 0xfe0 [0261.821] GetCurrentThreadId () returned 0xfe0 [0261.821] GetCurrentThreadId () returned 0xfe0 [0261.821] GetCurrentThreadId () returned 0xfe0 [0261.821] GetCurrentThreadId () returned 0xfe0 [0261.822] GetCurrentThreadId () returned 0xfe0 [0261.822] GetCurrentThreadId () returned 0xfe0 [0261.822] GetCurrentThreadId () returned 0xfe0 [0261.822] GetCurrentThreadId () returned 0xfe0 [0261.822] GetCurrentThreadId () returned 0xfe0 [0261.822] GetCurrentThreadId () returned 0xfe0 [0261.822] GetCurrentThreadId () returned 0xfe0 [0261.822] GetCurrentThreadId () returned 0xfe0 [0261.822] GetCurrentThreadId () returned 0xfe0 [0261.822] GetCurrentThreadId () returned 0xfe0 [0261.822] VirtualFree (lpAddress=0x2554000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0261.864] GetLocalTime (in: lpSystemTime=0x73fe8c | out: lpSystemTime=0x73fe8c*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0xb, wMinute=0x28, wSecond=0x2d, wMilliseconds=0x2b4)) [0261.864] GetTimeZoneInformation (in: lpTimeZoneInformation=0x73fddc | out: lpTimeZoneInformation=0x73fddc) returned 0x2 [0261.871] GetLocalTime (in: lpSystemTime=0x73fe8c | out: lpSystemTime=0x73fe8c*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0xb, wMinute=0x28, wSecond=0x2d, wMilliseconds=0x2be)) [0261.871] GetTimeZoneInformation (in: lpTimeZoneInformation=0x73fddc | out: lpTimeZoneInformation=0x73fddc) returned 0x2 [0261.871] GetTickCount () returned 0x19d288e [0261.871] GetTickCount () returned 0x19d288e [0261.875] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0261.875] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0261.876] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0261.876] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0261.876] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0261.877] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0261.877] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0261.877] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0261.877] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0261.878] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0261.878] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0261.878] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0261.878] GetModuleFileNameW (in: hModule=0x20000, lpFilename=0x921504, nSize=0x104 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0261.878] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x104, lpBuffer=0x73f9f0, lpFilePart=0x73f9ec | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x73f9ec*="gesf.exe") returned 0x35 [0261.879] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe"), lpFindFileData=0x73fc48 | out: lpFindFileData=0x73fc48*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d7469be, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x6d805560, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xe5e7750c, ftLastWriteTime.dwHighDateTime=0x1da8528, nFileSizeHigh=0x0, nFileSizeLow=0x11bc00, dwReserved0=0x0, dwReserved1=0x0, cFileName="gesf.exe", cAlternateFileName="")) returned 0x91da70 [0261.879] FileTimeToLocalFileTime (in: lpFileTime=0x73fc5c, lpLocalFileTime=0x73fbe4 | out: lpLocalFileTime=0x73fbe4) returned 1 [0261.879] FileTimeToDosDateTime (in: lpFileTime=0x73fbe4, lpFatDate=0x73fc2a, lpFatTime=0x73fc28 | out: lpFatDate=0x73fc2a, lpFatTime=0x73fc28) returned 1 [0261.879] SysReAllocStringLen (in: pbstr=0x73fc20*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2d | out: pbstr=0x73fc20*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0261.879] SysReAllocStringLen (in: pbstr=0x73fc18*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x35 | out: pbstr=0x73fc18*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0261.879] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", cchLength=0x35 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\gesf.exe") returned 0x35 [0261.879] SysReAllocStringLen (in: pbstr=0x73ff04*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\gesf.exe", len=0x35 | out: pbstr=0x73ff04*="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\gesf.exe") returned 1 [0261.879] SysReAllocStringLen (in: pbstr=0x18057c*=0x0, psz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\gesf.exe", len=0x35 | out: pbstr=0x18057c*="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\gesf.exe") returned 1 [0261.906] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0261.931] GetProcAddress (hModule=0x77d40000, lpProcName="NtSetInformationThread") returned 0x77db1160 [0261.931] GetCurrentThread () returned 0xfffffffe [0261.931] NtSetInformationThread (ThreadHandle=0xfffffffe, ThreadInformationClass=0x11, ThreadInformation=0x0, ThreadInformationLength=0x0) returned 0x0 [0261.941] VirtualQuery (in: lpAddress=0x22000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x22000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0261.941] VirtualQuery (in: lpAddress=0x3e000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x3e000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0261.941] VirtualQuery (in: lpAddress=0x40000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x40000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0261.941] VirtualQuery (in: lpAddress=0x20000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x20000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0261.941] GetUserNameA (in: lpBuffer=0x18033c, pcbBuffer=0x180338 | out: lpBuffer="OqXZRaykm", pcbBuffer=0x180338) returned 1 [0261.959] GetComputerNameA (in: lpBuffer=0x180450, nSize=0x18044c | out: lpBuffer="PXTHFFRYO7", nSize=0x18044c) returned 1 [0261.960] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr="Software\\Enigma Protector\\%.8x%.8x-%.8x%.8x", cbMultiByte=43, lpWideCharStr=0x73ee88, cchWideChar=2047 | out: lpWideCharStr="Software\\Enigma Protector\\%.8x%.8x-%.8x%.8x") returned 43 [0261.960] SysReAllocStringLen (in: pbstr=0x2531d78*=0x0, psz="Software\\Enigma Protector\\29AEB4A0365755F6-B862CAE984EA4D0E", len=0x3b | out: pbstr=0x2531d78*="Software\\Enigma Protector\\29AEB4A0365755F6-B862CAE984EA4D0E") returned 1 [0261.960] VirtualQuery (in: lpAddress=0x22000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x22000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0261.960] VirtualQuery (in: lpAddress=0x3e000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x3e000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0261.960] VirtualQuery (in: lpAddress=0x40000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x40000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0261.961] VirtualQuery (in: lpAddress=0x20000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x20000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0261.989] GetWindowsDirectoryA (in: lpBuffer=0x73fd43, uSize=0x105 | out: lpBuffer="C:\\Windows") returned 0xa [0261.990] CreateFileA (lpFileName="\\\\.\\C:" (normalized: "c:"), dwDesiredAccess=0x0, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x280 [0261.990] DeviceIoControl (in: hDevice=0x280, dwIoControlCode=0x2d1400, lpInBuffer=0x73fe48*, nInBufferSize=0xc, lpOutBuffer=0x2560114, nOutBufferSize=0x2710, lpBytesReturned=0x73fe58, lpOverlapped=0x0 | out: lpInBuffer=0x73fe48*, lpOutBuffer=0x2560114*, lpBytesReturned=0x73fe58*=0x18c, lpOverlapped=0x0) returned 1 [0261.991] CloseHandle (hObject=0x280) returned 1 [0262.044] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0262.044] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0262.045] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0262.045] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0262.045] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0262.046] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0262.046] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0262.072] GetCurrentProcessId () returned 0x1428 [0262.072] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.073] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateToolhelp32Snapshot") returned 0x75d04080 [0262.073] GetProcAddress (hModule=0x75ce0000, lpProcName="Heap32ListFirst") returned 0x75d3a2c0 [0262.073] GetProcAddress (hModule=0x75ce0000, lpProcName="Heap32ListNext") returned 0x75d3a370 [0262.073] GetProcAddress (hModule=0x75ce0000, lpProcName="Heap32First") returned 0x75d3a080 [0262.073] GetProcAddress (hModule=0x75ce0000, lpProcName="Heap32Next") returned 0x75d3a410 [0262.073] GetProcAddress (hModule=0x75ce0000, lpProcName="Toolhelp32ReadProcessMemory") returned 0x75d15320 [0262.074] GetProcAddress (hModule=0x75ce0000, lpProcName="Process32First") returned 0x75cf9140 [0262.074] GetProcAddress (hModule=0x75ce0000, lpProcName="Process32Next") returned 0x75cf78b0 [0262.074] GetProcAddress (hModule=0x75ce0000, lpProcName="Process32FirstW") returned 0x75d01b60 [0262.074] GetProcAddress (hModule=0x75ce0000, lpProcName="Process32NextW") returned 0x75d006e0 [0262.074] GetProcAddress (hModule=0x75ce0000, lpProcName="Thread32First") returned 0x75d3a9d0 [0262.074] GetProcAddress (hModule=0x75ce0000, lpProcName="Thread32Next") returned 0x75d3aa80 [0262.075] GetProcAddress (hModule=0x75ce0000, lpProcName="Module32First") returned 0x75d3a660 [0262.075] GetProcAddress (hModule=0x75ce0000, lpProcName="Module32Next") returned 0x75d3a800 [0262.075] GetProcAddress (hModule=0x75ce0000, lpProcName="Module32FirstW") returned 0x75d3a750 [0262.075] GetProcAddress (hModule=0x75ce0000, lpProcName="Module32NextW") returned 0x75d3a8f0 [0262.075] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x1428) returned 0x284 [0262.080] Module32First (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.081] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.081] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.082] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.083] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.084] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.086] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.087] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.088] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.088] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.089] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.090] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.091] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.092] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.093] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.093] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.094] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.095] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.096] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.097] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.097] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.098] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.099] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.101] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.101] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.102] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.103] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.104] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.105] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.106] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.106] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 1 [0262.107] Module32Next (hSnapshot=0x284, lpme=0x73fc68) returned 0 [0262.108] CloseHandle (hObject=0x284) returned 1 [0262.134] VirtualQuery (in: lpAddress=0x22000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x22000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0262.134] VirtualQuery (in: lpAddress=0x3e000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x3e000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0262.135] VirtualQuery (in: lpAddress=0x40000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x40000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0262.135] VirtualQuery (in: lpAddress=0x20000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x20000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0262.188] VirtualQuery (in: lpAddress=0x22000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x22000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0262.188] VirtualQuery (in: lpAddress=0x3e000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x3e000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0262.188] VirtualQuery (in: lpAddress=0x40000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x40000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0262.188] VirtualQuery (in: lpAddress=0x20000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x20000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0262.267] WideCharToMultiByte (in: CodePage=0x3, dwFlags=0x0, lpWideCharStr="SOFTWARE\\EnigmaDevelopers", cchWideChar=25, lpMultiByteStr=0x73edc8, cbMultiByte=4095, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SOFTWARE\\EnigmaDevelopersòs", lpUsedDefaultChar=0x0) returned 25 [0262.267] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="SOFTWARE\\EnigmaDevelopers", ulOptions=0x0, samDesired=0x20019, phkResult=0x73fdcc | out: phkResult=0x73fdcc*=0x0) returned 0x2 [0262.297] GetLocalTime (in: lpSystemTime=0x73fdec | out: lpSystemTime=0x73fdec*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0xb, wMinute=0x28, wSecond=0x2e, wMilliseconds=0x80)) [0262.297] GetLocalTime (in: lpSystemTime=0x73fdec | out: lpSystemTime=0x73fdec*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0xb, wMinute=0x28, wSecond=0x2e, wMilliseconds=0x80)) [0262.297] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr="80EB2F5C", cbMultiByte=8, lpWideCharStr=0x73edf8, cchWideChar=2047 | out: lpWideCharStr="80EB2F5C䕁㑂ぁ㘳㜵㔵㙆䈭㘸䌲䕁㠹䔴㑁い居㈰う䘱㔵䄳ㄱ䐲䕃〭䌰䐹㍂䌸㠱㕄䑆쀱s") returned 8 [0262.366] GetLocalTime (in: lpSystemTime=0x73fd48 | out: lpSystemTime=0x73fd48*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0xb, wMinute=0x28, wSecond=0x2e, wMilliseconds=0xca)) [0262.367] GetLocalTime (in: lpSystemTime=0x73fd48 | out: lpSystemTime=0x73fd48*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0xb, wMinute=0x28, wSecond=0x2e, wMilliseconds=0xca)) [0262.367] GetLocalTime (in: lpSystemTime=0x73fd48 | out: lpSystemTime=0x73fd48*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0xb, wMinute=0x28, wSecond=0x2e, wMilliseconds=0xca)) [0262.367] RegOpenKeyExA (in: hKey=0x80000001, lpSubKey="Software\\Enigma Protector\\29AEB4A0365755F6-B862CAE984EA4D0E\\02F01F553A112DCE-00C9DB38C18D5FD1", ulOptions=0x0, samDesired=0x20019, phkResult=0x73fd04 | out: phkResult=0x73fd04*=0x0) returned 0x2 [0262.367] CreateFileW (lpFileName="c:\\users\\oqxzraykm\\appdata\\local\\temp\\80EB2F5C" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\80eb2f5c"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0262.368] GetLocalTime (in: lpSystemTime=0x73fd44 | out: lpSystemTime=0x73fd44*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0xb, wMinute=0x28, wSecond=0x2e, wMilliseconds=0xca)) [0262.368] GetLocalTime (in: lpSystemTime=0x73fe74 | out: lpSystemTime=0x73fe74*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0xb, wMinute=0x28, wSecond=0x2e, wMilliseconds=0xca)) [0262.368] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x109a80, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x73fe98 | out: lpThreadId=0x73fe98*=0x1078) returned 0x284 [0262.459] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0262.459] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0262.467] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0262.467] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0262.467] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0262.468] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0262.468] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0262.468] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0262.469] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0262.469] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0262.469] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0262.470] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0262.470] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0262.470] GetCurrentProcessId () returned 0x1428 [0262.470] CreateToolhelp32Snapshot (dwFlags=0x8, th32ProcessID=0x1428) returned 0x288 [0262.474] Module32First (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.476] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.477] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.477] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.477] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.478] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.478] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.478] GetModuleFileNameA (in: hModule=0x75ce0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNEL32.DLL" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0262.482] GetCurrentProcess () returned 0xffffffff [0262.482] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d72ee0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.482] GetCurrentProcess () returned 0xffffffff [0262.482] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d72ee0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.482] GetCurrentProcess () returned 0xffffffff [0262.482] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d72fd4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.483] GetCurrentProcess () returned 0xffffffff [0262.483] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d72fd4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.483] GetCurrentProcess () returned 0xffffffff [0262.483] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d72fd8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.484] GetCurrentProcess () returned 0xffffffff [0262.484] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d72fd8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.484] GetCurrentProcess () returned 0xffffffff [0262.484] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d72fe8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.484] GetCurrentProcess () returned 0xffffffff [0262.484] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d72fe8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.485] GetCurrentProcess () returned 0xffffffff [0262.485] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d72ff4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.485] GetCurrentProcess () returned 0xffffffff [0262.485] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d72ff4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.485] GetCurrentProcess () returned 0xffffffff [0262.485] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73374, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.486] GetCurrentProcess () returned 0xffffffff [0262.486] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73374, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.486] GetCurrentProcess () returned 0xffffffff [0262.486] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73384, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.487] GetCurrentProcess () returned 0xffffffff [0262.487] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73384, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.487] GetCurrentProcess () returned 0xffffffff [0262.487] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73420, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.487] GetCurrentProcess () returned 0xffffffff [0262.488] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73420, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.488] GetCurrentProcess () returned 0xffffffff [0262.488] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73424, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.488] GetCurrentProcess () returned 0xffffffff [0262.488] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73424, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.489] GetCurrentProcess () returned 0xffffffff [0262.489] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73524, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.489] GetCurrentProcess () returned 0xffffffff [0262.489] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73524, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.489] GetCurrentProcess () returned 0xffffffff [0262.489] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73528, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.490] GetCurrentProcess () returned 0xffffffff [0262.490] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73528, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.490] GetCurrentProcess () returned 0xffffffff [0262.490] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d735f4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.491] GetCurrentProcess () returned 0xffffffff [0262.491] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d735f4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.492] GetCurrentProcess () returned 0xffffffff [0262.492] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d7369c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.492] GetCurrentProcess () returned 0xffffffff [0262.492] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d7369c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.492] GetCurrentProcess () returned 0xffffffff [0262.492] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d736a8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.493] GetCurrentProcess () returned 0xffffffff [0262.493] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d736a8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.493] GetCurrentProcess () returned 0xffffffff [0262.493] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73780, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.494] GetCurrentProcess () returned 0xffffffff [0262.494] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73780, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.494] GetCurrentProcess () returned 0xffffffff [0262.494] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d7392c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.494] GetCurrentProcess () returned 0xffffffff [0262.494] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d7392c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.495] GetCurrentProcess () returned 0xffffffff [0262.495] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73bcc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.495] GetCurrentProcess () returned 0xffffffff [0262.495] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73bcc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.495] GetCurrentProcess () returned 0xffffffff [0262.495] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73bd0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.496] GetCurrentProcess () returned 0xffffffff [0262.496] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73bd0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.496] GetCurrentProcess () returned 0xffffffff [0262.496] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73bd4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.497] GetCurrentProcess () returned 0xffffffff [0262.497] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73bd4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.497] GetCurrentProcess () returned 0xffffffff [0262.497] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73bd8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.497] GetCurrentProcess () returned 0xffffffff [0262.497] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73bd8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.498] GetCurrentProcess () returned 0xffffffff [0262.498] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73c34, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.498] GetCurrentProcess () returned 0xffffffff [0262.498] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73c34, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.498] GetCurrentProcess () returned 0xffffffff [0262.498] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73c40, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.499] GetCurrentProcess () returned 0xffffffff [0262.499] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73c40, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.499] GetCurrentProcess () returned 0xffffffff [0262.499] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73c44, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.500] GetCurrentProcess () returned 0xffffffff [0262.500] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73c44, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.500] GetCurrentProcess () returned 0xffffffff [0262.500] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73e8c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.500] GetCurrentProcess () returned 0xffffffff [0262.500] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d73e8c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d73000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.501] GetCurrentProcess () returned 0xffffffff [0262.501] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d74148, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d74000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.501] GetCurrentProcess () returned 0xffffffff [0262.501] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d74148, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d74000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.502] GetCurrentProcess () returned 0xffffffff [0262.502] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d74384, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d74000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.502] GetCurrentProcess () returned 0xffffffff [0262.502] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75d74384, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75d74000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.502] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.503] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.503] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.503] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0262.504] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.505] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.505] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.805] GetModuleFileNameA (in: hModule=0x75b80000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0262.805] GetCurrentProcess () returned 0xffffffff [0262.805] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75bff10c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75bff000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.806] GetCurrentProcess () returned 0xffffffff [0262.806] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75bff10c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75bff000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.806] GetCurrentProcess () returned 0xffffffff [0262.806] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75bff114, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75bff000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.806] GetCurrentProcess () returned 0xffffffff [0262.806] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75bff114, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75bff000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.807] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.808] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.808] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.808] GetModuleFileNameA (in: hModule=0x769d0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0262.808] GetCurrentProcess () returned 0xffffffff [0262.808] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76a723d4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76a72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.809] GetCurrentProcess () returned 0xffffffff [0262.809] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76a723d4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76a72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.809] GetCurrentProcess () returned 0xffffffff [0262.809] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76a723d8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76a72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.809] GetCurrentProcess () returned 0xffffffff [0262.809] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76a723d8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76a72000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.810] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.811] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.811] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.811] GetModuleFileNameA (in: hModule=0x77ab0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\win32u.dll" (normalized: "c:\\windows\\syswow64\\win32u.dll")) returned 0x1e [0262.811] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.812] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.812] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.812] GetModuleFileNameA (in: hModule=0x767c0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0262.812] GetCurrentProcess () returned 0xffffffff [0262.812] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x767dd048, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x767dd000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.813] GetCurrentProcess () returned 0xffffffff [0262.813] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x767dd048, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x767dd000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.813] GetCurrentProcess () returned 0xffffffff [0262.813] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x767dd04c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x767dd000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.814] GetCurrentProcess () returned 0xffffffff [0262.814] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x767dd04c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x767dd000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.814] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.815] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.815] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.815] GetModuleFileNameA (in: hModule=0x774a0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\gdi32full.dll" (normalized: "c:\\windows\\syswow64\\gdi32full.dll")) returned 0x21 [0262.816] GetCurrentProcess () returned 0xffffffff [0262.816] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7755c314, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7755c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.816] GetCurrentProcess () returned 0xffffffff [0262.816] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7755c314, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7755c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.816] GetCurrentProcess () returned 0xffffffff [0262.816] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7755c318, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7755c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.817] GetCurrentProcess () returned 0xffffffff [0262.817] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7755c318, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7755c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.818] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.818] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.818] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.818] GetModuleFileNameA (in: hModule=0x76740000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\syswow64\\msvcp_win.dll")) returned 0x21 [0262.819] GetCurrentProcess () returned 0xffffffff [0262.819] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x767b20b4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x767b2000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.820] GetCurrentProcess () returned 0xffffffff [0262.820] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x767b20b4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x767b2000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.820] GetCurrentProcess () returned 0xffffffff [0262.820] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x767b20b8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x767b2000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.820] GetCurrentProcess () returned 0xffffffff [0262.820] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x767b20b8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x767b2000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.821] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.821] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.821] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.821] GetModuleFileNameA (in: hModule=0x77380000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll")) returned 0x20 [0262.822] GetCurrentProcess () returned 0xffffffff [0262.822] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x774921a4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x77492000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.822] GetCurrentProcess () returned 0xffffffff [0262.822] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x774921a4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x77492000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.822] GetCurrentProcess () returned 0xffffffff [0262.822] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x774921dc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x77492000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.823] GetCurrentProcess () returned 0xffffffff [0262.823] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x774921dc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x77492000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.823] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.824] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.824] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.824] GetModuleFileNameA (in: hModule=0x75ff0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0262.824] GetCurrentProcess () returned 0xffffffff [0262.824] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c28c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.824] GetCurrentProcess () returned 0xffffffff [0262.824] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c28c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.825] GetCurrentProcess () returned 0xffffffff [0262.825] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c294, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.825] GetCurrentProcess () returned 0xffffffff [0262.825] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c294, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.825] GetCurrentProcess () returned 0xffffffff [0262.825] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c01c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.826] GetCurrentProcess () returned 0xffffffff [0262.826] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c01c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.826] GetCurrentProcess () returned 0xffffffff [0262.826] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c020, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.827] GetCurrentProcess () returned 0xffffffff [0262.827] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c020, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.827] GetCurrentProcess () returned 0xffffffff [0262.827] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c02c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.827] GetCurrentProcess () returned 0xffffffff [0262.827] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c02c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.828] GetCurrentProcess () returned 0xffffffff [0262.828] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c040, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.828] GetCurrentProcess () returned 0xffffffff [0262.828] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c040, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.828] GetCurrentProcess () returned 0xffffffff [0262.828] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c048, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.829] GetCurrentProcess () returned 0xffffffff [0262.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c048, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.829] GetCurrentProcess () returned 0xffffffff [0262.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c058, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.829] GetCurrentProcess () returned 0xffffffff [0262.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c058, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.830] GetCurrentProcess () returned 0xffffffff [0262.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c05c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.830] GetCurrentProcess () returned 0xffffffff [0262.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c05c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.830] GetCurrentProcess () returned 0xffffffff [0262.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c074, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.831] GetCurrentProcess () returned 0xffffffff [0262.831] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c074, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.831] GetCurrentProcess () returned 0xffffffff [0262.831] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c07c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.832] GetCurrentProcess () returned 0xffffffff [0262.832] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c07c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.832] GetCurrentProcess () returned 0xffffffff [0262.832] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c088, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.833] GetCurrentProcess () returned 0xffffffff [0262.833] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c088, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.833] GetCurrentProcess () returned 0xffffffff [0262.833] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c08c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.833] GetCurrentProcess () returned 0xffffffff [0262.833] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c08c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.834] GetCurrentProcess () returned 0xffffffff [0262.834] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c0dc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.834] GetCurrentProcess () returned 0xffffffff [0262.834] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c0dc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.835] GetCurrentProcess () returned 0xffffffff [0262.835] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c0e0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.835] GetCurrentProcess () returned 0xffffffff [0262.835] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c0e0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.836] GetCurrentProcess () returned 0xffffffff [0262.836] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c0f8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.836] GetCurrentProcess () returned 0xffffffff [0262.836] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c0f8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.836] GetCurrentProcess () returned 0xffffffff [0262.837] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c124, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.885] GetCurrentProcess () returned 0xffffffff [0262.885] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c124, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.886] GetCurrentProcess () returned 0xffffffff [0262.886] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c174, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.886] GetCurrentProcess () returned 0xffffffff [0262.886] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7605c174, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7605c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.887] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.887] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.888] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.888] GetModuleFileNameA (in: hModule=0x77ad0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0262.888] GetCurrentProcess () returned 0xffffffff [0262.888] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x77b88204, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x77b88000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.888] GetCurrentProcess () returned 0xffffffff [0262.889] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x77b88204, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x77b88000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.889] GetCurrentProcess () returned 0xffffffff [0262.889] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x77b88218, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x77b88000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.889] GetCurrentProcess () returned 0xffffffff [0262.889] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x77b88218, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x77b88000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.890] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.891] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.891] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.891] GetModuleFileNameA (in: hModule=0x76c20000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0262.891] GetCurrentProcess () returned 0xffffffff [0262.891] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76c8a230, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76c8a000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.892] GetCurrentProcess () returned 0xffffffff [0262.892] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76c8a230, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76c8a000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.892] GetCurrentProcess () returned 0xffffffff [0262.892] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76c8a248, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76c8a000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.893] GetCurrentProcess () returned 0xffffffff [0262.893] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76c8a248, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76c8a000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.893] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.894] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.894] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.894] GetModuleFileNameA (in: hModule=0x75c20000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0262.894] GetCurrentProcess () returned 0xffffffff [0262.894] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75ccb0ec, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75ccb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.895] GetCurrentProcess () returned 0xffffffff [0262.895] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75ccb0ec, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75ccb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.895] GetCurrentProcess () returned 0xffffffff [0262.895] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75ccb0f4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75ccb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.896] GetCurrentProcess () returned 0xffffffff [0262.896] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75ccb0f4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75ccb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.896] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.897] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.897] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.897] GetModuleFileNameA (in: hModule=0x76ca0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0262.897] GetCurrentProcess () returned 0xffffffff [0262.897] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76d2f180, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76d2f000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.898] GetCurrentProcess () returned 0xffffffff [0262.898] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76d2f180, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76d2f000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.898] GetCurrentProcess () returned 0xffffffff [0262.898] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76d2f184, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76d2f000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.900] GetCurrentProcess () returned 0xffffffff [0262.900] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76d2f184, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76d2f000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.900] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.901] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.901] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.901] GetModuleFileNameA (in: hModule=0x777e0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0262.902] GetCurrentProcess () returned 0xffffffff [0262.902] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x77a223c8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x77a22000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.902] GetCurrentProcess () returned 0xffffffff [0262.902] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x77a223c8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x77a22000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.903] GetCurrentProcess () returned 0xffffffff [0262.903] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x77a223d4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x77a22000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.903] GetCurrentProcess () returned 0xffffffff [0262.903] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x77a223d4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x77a22000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.904] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.904] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.904] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.905] GetModuleFileNameA (in: hModule=0x76090000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0262.905] GetCurrentProcess () returned 0xffffffff [0262.905] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x765cea44, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x765ce000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.906] GetCurrentProcess () returned 0xffffffff [0262.906] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x765cea44, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x765ce000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.906] GetCurrentProcess () returned 0xffffffff [0262.906] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x765cea50, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x765ce000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.907] GetCurrentProcess () returned 0xffffffff [0262.907] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x765cea50, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x765ce000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.907] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.908] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.908] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.908] GetModuleFileNameA (in: hModule=0x752b0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0262.908] GetCurrentProcess () returned 0xffffffff [0262.908] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x752b50bc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x752b5000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.909] GetCurrentProcess () returned 0xffffffff [0262.909] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x752b50bc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x752b5000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.909] GetCurrentProcess () returned 0xffffffff [0262.909] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x752b50c8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x752b5000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.910] GetCurrentProcess () returned 0xffffffff [0262.910] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x752b50c8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x752b5000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.910] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0262.911] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0262.911] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0262.911] GetModuleFileNameA (in: hModule=0x700a0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0262.912] GetCurrentProcess () returned 0xffffffff [0262.912] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb010, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.967] GetCurrentProcess () returned 0xffffffff [0262.968] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb010, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.968] GetCurrentProcess () returned 0xffffffff [0262.968] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb018, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.969] GetCurrentProcess () returned 0xffffffff [0262.969] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb018, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.969] GetCurrentProcess () returned 0xffffffff [0262.969] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb03c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.970] GetCurrentProcess () returned 0xffffffff [0262.970] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb03c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.970] GetCurrentProcess () returned 0xffffffff [0262.970] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb040, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.970] GetCurrentProcess () returned 0xffffffff [0262.971] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb040, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.971] GetCurrentProcess () returned 0xffffffff [0262.971] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb048, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.971] GetCurrentProcess () returned 0xffffffff [0262.971] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb048, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.972] GetCurrentProcess () returned 0xffffffff [0262.972] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb04c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.972] GetCurrentProcess () returned 0xffffffff [0262.972] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb04c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.973] GetCurrentProcess () returned 0xffffffff [0262.973] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb050, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.973] GetCurrentProcess () returned 0xffffffff [0262.973] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb050, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.974] GetCurrentProcess () returned 0xffffffff [0262.974] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb054, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0262.974] GetCurrentProcess () returned 0xffffffff [0262.974] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb054, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0262.975] GetCurrentProcess () returned 0xffffffff [0262.975] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb06c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.025] GetCurrentProcess () returned 0xffffffff [0263.025] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb06c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.025] GetCurrentProcess () returned 0xffffffff [0263.025] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb084, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.026] GetCurrentProcess () returned 0xffffffff [0263.026] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb084, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.026] GetCurrentProcess () returned 0xffffffff [0263.026] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb08c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.026] GetCurrentProcess () returned 0xffffffff [0263.026] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb08c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.026] GetCurrentProcess () returned 0xffffffff [0263.027] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb090, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.027] GetCurrentProcess () returned 0xffffffff [0263.027] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb090, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.027] GetCurrentProcess () returned 0xffffffff [0263.027] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb0a0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.028] GetCurrentProcess () returned 0xffffffff [0263.028] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb0a0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.028] GetCurrentProcess () returned 0xffffffff [0263.028] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb13c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.028] GetCurrentProcess () returned 0xffffffff [0263.028] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb13c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.029] GetCurrentProcess () returned 0xffffffff [0263.029] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb154, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.029] GetCurrentProcess () returned 0xffffffff [0263.029] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb154, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.029] GetCurrentProcess () returned 0xffffffff [0263.029] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb1a0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.030] GetCurrentProcess () returned 0xffffffff [0263.030] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb1a0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.030] GetCurrentProcess () returned 0xffffffff [0263.030] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb1ac, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.031] GetCurrentProcess () returned 0xffffffff [0263.031] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x700eb1ac, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x700eb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.031] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0263.032] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.032] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.032] GetModuleFileNameA (in: hModule=0x75ec0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0263.032] GetCurrentProcess () returned 0xffffffff [0263.032] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb028, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.032] GetCurrentProcess () returned 0xffffffff [0263.033] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb028, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.033] GetCurrentProcess () returned 0xffffffff [0263.033] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb030, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.033] GetCurrentProcess () returned 0xffffffff [0263.033] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb030, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.034] GetCurrentProcess () returned 0xffffffff [0263.034] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb044, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.034] GetCurrentProcess () returned 0xffffffff [0263.034] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb044, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.035] GetCurrentProcess () returned 0xffffffff [0263.035] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb04c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.036] GetCurrentProcess () returned 0xffffffff [0263.036] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb04c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.036] GetCurrentProcess () returned 0xffffffff [0263.036] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb050, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.036] GetCurrentProcess () returned 0xffffffff [0263.037] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb050, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.037] GetCurrentProcess () returned 0xffffffff [0263.037] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb054, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.038] GetCurrentProcess () returned 0xffffffff [0263.038] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb054, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.039] GetCurrentProcess () returned 0xffffffff [0263.039] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb0a4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.039] GetCurrentProcess () returned 0xffffffff [0263.039] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb0a4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.039] GetCurrentProcess () returned 0xffffffff [0263.039] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb0a8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.040] GetCurrentProcess () returned 0xffffffff [0263.040] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb0a8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.041] GetCurrentProcess () returned 0xffffffff [0263.042] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb0b8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.042] GetCurrentProcess () returned 0xffffffff [0263.042] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb0b8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.042] GetCurrentProcess () returned 0xffffffff [0263.042] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb0bc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.043] GetCurrentProcess () returned 0xffffffff [0263.043] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x75edb0bc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x75edb000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.043] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0263.045] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.045] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.045] GetModuleFileNameA (in: hModule=0x77290000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0263.045] GetCurrentProcess () returned 0xffffffff [0263.045] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7734d61c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7734d000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.045] GetCurrentProcess () returned 0xffffffff [0263.045] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7734d61c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7734d000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.046] GetCurrentProcess () returned 0xffffffff [0263.046] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7734d63c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7734d000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.046] GetCurrentProcess () returned 0xffffffff [0263.046] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7734d63c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7734d000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.047] GetCurrentProcess () returned 0xffffffff [0263.047] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7734d164, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7734d000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.048] GetCurrentProcess () returned 0xffffffff [0263.048] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7734d164, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x7734d000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.048] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0263.049] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.049] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.049] GetModuleFileNameA (in: hModule=0x703e0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1_none_92e69152510a8cb1\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.1_none_92e69152510a8cb1\\comctl32.dll")) returned 0x78 [0263.049] GetCurrentProcess () returned 0xffffffff [0263.049] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7045618c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.050] GetCurrentProcess () returned 0xffffffff [0263.050] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7045618c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.051] GetCurrentProcess () returned 0xffffffff [0263.051] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70456194, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.051] GetCurrentProcess () returned 0xffffffff [0263.051] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70456194, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.051] GetCurrentProcess () returned 0xffffffff [0263.051] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7045619c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.053] GetCurrentProcess () returned 0xffffffff [0263.053] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7045619c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.053] GetCurrentProcess () returned 0xffffffff [0263.053] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704561a0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.053] GetCurrentProcess () returned 0xffffffff [0263.053] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704561a0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.054] GetCurrentProcess () returned 0xffffffff [0263.054] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704561d0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.054] GetCurrentProcess () returned 0xffffffff [0263.054] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704561d0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.054] GetCurrentProcess () returned 0xffffffff [0263.054] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704561dc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.056] GetCurrentProcess () returned 0xffffffff [0263.056] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704561dc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.056] GetCurrentProcess () returned 0xffffffff [0263.056] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704561e0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.057] GetCurrentProcess () returned 0xffffffff [0263.057] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704561e0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.057] GetCurrentProcess () returned 0xffffffff [0263.057] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704561e4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.058] GetCurrentProcess () returned 0xffffffff [0263.058] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704561e4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.059] GetCurrentProcess () returned 0xffffffff [0263.059] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7045621c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.059] GetCurrentProcess () returned 0xffffffff [0263.059] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7045621c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.059] GetCurrentProcess () returned 0xffffffff [0263.059] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70456290, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.060] GetCurrentProcess () returned 0xffffffff [0263.060] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70456290, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.061] GetCurrentProcess () returned 0xffffffff [0263.061] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70456294, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.061] GetCurrentProcess () returned 0xffffffff [0263.062] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70456294, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.062] GetCurrentProcess () returned 0xffffffff [0263.062] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70456298, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.062] GetCurrentProcess () returned 0xffffffff [0263.062] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70456298, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.062] GetCurrentProcess () returned 0xffffffff [0263.062] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7045629c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.064] GetCurrentProcess () returned 0xffffffff [0263.064] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x7045629c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.064] GetCurrentProcess () returned 0xffffffff [0263.064] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704562a0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.064] GetCurrentProcess () returned 0xffffffff [0263.065] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704562a0, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.065] GetCurrentProcess () returned 0xffffffff [0263.065] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704562d8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.065] GetCurrentProcess () returned 0xffffffff [0263.065] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x704562d8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.065] GetCurrentProcess () returned 0xffffffff [0263.065] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70456300, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.095] GetCurrentProcess () returned 0xffffffff [0263.095] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70456300, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.095] GetCurrentProcess () returned 0xffffffff [0263.095] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70456360, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.095] GetCurrentProcess () returned 0xffffffff [0263.095] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70456360, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70456000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.096] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0263.097] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.097] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.097] GetModuleFileNameA (in: hModule=0x70090000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHFolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll")) returned 0x20 [0263.097] GetCurrentProcess () returned 0xffffffff [0263.097] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70093024, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70093000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.098] GetCurrentProcess () returned 0xffffffff [0263.098] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70093024, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70093000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.098] GetCurrentProcess () returned 0xffffffff [0263.098] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70093028, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70093000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.098] GetCurrentProcess () returned 0xffffffff [0263.099] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x70093028, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x70093000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.099] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0263.099] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.100] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.100] GetModuleFileNameA (in: hModule=0x76bd0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0263.100] GetCurrentProcess () returned 0xffffffff [0263.100] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76c0c178, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76c0c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.100] GetCurrentProcess () returned 0xffffffff [0263.100] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76c0c178, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76c0c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.100] GetCurrentProcess () returned 0xffffffff [0263.100] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76c0c184, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76c0c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.101] GetCurrentProcess () returned 0xffffffff [0263.101] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x76c0c184, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x76c0c000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.101] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0263.102] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.102] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.102] GetModuleFileNameA (in: hModule=0x74e80000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0263.102] GetCurrentProcess () returned 0xffffffff [0263.102] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x74eea48c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x74eea000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.103] GetCurrentProcess () returned 0xffffffff [0263.103] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x74eea48c, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x74eea000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.103] GetCurrentProcess () returned 0xffffffff [0263.103] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x74eea4b4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x74eea000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.103] GetCurrentProcess () returned 0xffffffff [0263.103] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x74eea4b4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x74eea000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.104] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0263.104] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.104] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.104] GetModuleFileNameA (in: hModule=0x733d0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0263.104] GetCurrentProcess () returned 0xffffffff [0263.105] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x73966394, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x73966000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.105] GetCurrentProcess () returned 0xffffffff [0263.105] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x73966394, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x73966000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.105] GetCurrentProcess () returned 0xffffffff [0263.105] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x739663cc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x73966000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.106] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0263.107] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.107] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.107] GetModuleFileNameA (in: hModule=0x733a0000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\Wldp.dll" (normalized: "c:\\windows\\syswow64\\wldp.dll")) returned 0x1c [0263.108] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0263.109] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.109] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.109] GetModuleFileNameA (in: hModule=0x76640000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\SHCORE.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0263.110] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0263.110] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.110] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.110] GetModuleFileNameA (in: hModule=0x72f20000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0263.112] GetCurrentProcess () returned 0xffffffff [0263.112] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x72f330dc, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x72f33000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.112] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 1 [0263.113] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.113] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.113] GetModuleFileNameA (in: hModule=0x73c00000, lpFilename=0x73fb1c, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0263.113] GetCurrentProcess () returned 0xffffffff [0263.113] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x73c1b0e8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x73c1b000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.114] GetCurrentProcess () returned 0xffffffff [0263.114] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x73c1b0e8, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x73c1b000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.114] GetCurrentProcess () returned 0xffffffff [0263.114] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x73c1b0f4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x4, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x73c1b000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x2) returned 0x0 [0263.115] GetCurrentProcess () returned 0xffffffff [0263.115] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fc20*=0x73c1b0f4, NumberOfBytesToProtect=0x73fc24, NewAccessProtection=0x2, OldAccessProtection=0x73fc58 | out: BaseAddress=0x73fc20*=0x73c1b000, NumberOfBytesToProtect=0x73fc24, OldAccessProtection=0x73fc58*=0x4) returned 0x0 [0263.115] Module32Next (hSnapshot=0x288, lpme=0x73fc74) returned 0 [0263.115] CloseHandle (hObject=0x288) returned 1 [0263.116] VirtualAlloc (lpAddress=0x2554000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x40) returned 0x2554000 [0263.118] VirtualFree (lpAddress=0x255c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0263.119] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr="mscoree.dll", cbMultiByte=11, lpWideCharStr=0x73edec, cchWideChar=2047 | out: lpWideCharStr="mscoree.dllssss慠矜sﹼss罗矚sᓬ矛羐矚s") returned 11 [0263.119] WideCharToMultiByte (in: CodePage=0x3, dwFlags=0x0, lpWideCharStr="mscoree.dll", cchWideChar=11, lpMultiByteStr=0x73edec, cbMultiByte=4095, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mscoree.dll", lpUsedDefaultChar=0x0) returned 11 [0263.120] RtlInitString (in: DestinationString=0x73fdc4, SourceString="_CorExeMain" | out: DestinationString="_CorExeMain") [0263.120] LdrGetProcedureAddress (in: BaseAddress=0x700a0000, Name="_CorExeMain", Ordinal=0x0, ProcedureAddress=0x73fdcc | out: ProcedureAddress=0x73fdcc*=0x700b4330) returned 0x0 [0263.120] VirtualFree (lpAddress=0x2554000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0263.120] VirtualFree (lpAddress=0x2558000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0263.121] VirtualAlloc (lpAddress=0x2564000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0x2564000 [0263.124] VirtualFree (lpAddress=0x2564000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0263.150] VirtualAlloc (lpAddress=0x2564000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0x2564000 [0263.153] VirtualFree (lpAddress=0x2564000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0263.156] VirtualQuery (in: lpAddress=0x22000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x22000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0263.156] VirtualQuery (in: lpAddress=0x3e000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x3e000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0263.156] VirtualQuery (in: lpAddress=0x40000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x40000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0263.156] VirtualQuery (in: lpAddress=0x20000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x20000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0263.156] VirtualQuery (in: lpAddress=0x22000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x22000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0263.156] VirtualQuery (in: lpAddress=0x3e000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x3e000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x6000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0263.156] VirtualQuery (in: lpAddress=0x40000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x40000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x4000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0263.156] VirtualQuery (in: lpAddress=0x20000, lpBuffer=0x73fe70, dwLength=0x1c | out: lpBuffer=0x73fe70*(BaseAddress=0x20000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0263.156] VirtualAlloc (lpAddress=0x2564000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x40) returned 0x2564000 [0263.165] VirtualFree (lpAddress=0x2564000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0263.168] VirtualAlloc (lpAddress=0x2564000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x40) returned 0x2564000 [0263.171] VirtualFree (lpAddress=0x2564000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0263.174] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0263.175] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0263.175] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0263.176] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0263.176] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0263.176] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0263.176] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0263.177] LoadStringA (in: hInstance=0x44000, uID=0xffdf, lpBuffer=0x73edcc, cchBufferMax=1024 | out: lpBuffer="External exception %x") returned 0x15 [0263.177] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0263.177] RtlUnwind (TargetFrame=0x73fe7c, TargetIp=0x47944, ExceptionRecord=0x73f30c, ReturnValue=0x0) [0263.177] VirtualAlloc (lpAddress=0x2564000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x40) returned 0x2564000 [0263.178] VirtualProtect (in: lpAddress=0x20000, dwSize=0x400, flNewProtect=0x4, lpflOldProtect=0x73fe88 | out: lpflOldProtect=0x73fe88*=0x2) returned 1 [0263.179] VirtualProtect (in: lpAddress=0x20000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x73fe8c | out: lpflOldProtect=0x73fe8c*=0x4) returned 1 [0263.179] VirtualProtect (in: lpAddress=0x20000, dwSize=0x400, flNewProtect=0x40, lpflOldProtect=0x73fe8c | out: lpflOldProtect=0x73fe8c*=0x2) returned 1 [0263.179] VirtualProtect (in: lpAddress=0x20000, dwSize=0x400, flNewProtect=0x2, lpflOldProtect=0x73fe8c | out: lpflOldProtect=0x73fe8c*=0x40) returned 1 [0263.180] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x481e0, lpParameter=0x252266c, dwCreationFlags=0x4, lpThreadId=0x2573b28 | out: lpThreadId=0x2573b28*=0x1198) returned 0x288 [0263.181] GetLocalTime (in: lpSystemTime=0x73fe64 | out: lpSystemTime=0x73fe64*(wYear=0x7e8, wMonth=0x4, wDayOfWeek=0x6, wDay=0x6, wHour=0xb, wMinute=0x28, wSecond=0x2f, wMilliseconds=0xb)) [0263.181] ResumeThread (hThread=0x288) returned 0x1 [0263.181] SetTimer (hWnd=0x0, nIDEvent=0x1, uElapse=0xced, lpTimerFunc=0x131eb8) returned 0x7f55 [0263.181] VirtualQuery (in: lpAddress=0x22000, lpBuffer=0x73fe7c, dwLength=0x1c | out: lpBuffer=0x73fe7c*(BaseAddress=0x22000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x1b000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0263.181] VirtualQuery (in: lpAddress=0x3e000, lpBuffer=0x73fe7c, dwLength=0x1c | out: lpBuffer=0x73fe7c*(BaseAddress=0x3e000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0263.181] VirtualQuery (in: lpAddress=0x40000, lpBuffer=0x73fe7c, dwLength=0x1c | out: lpBuffer=0x73fe7c*(BaseAddress=0x40000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0263.181] VirtualQuery (in: lpAddress=0x20000, lpBuffer=0x73fe7c, dwLength=0x1c | out: lpBuffer=0x73fe7c*(BaseAddress=0x20000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0263.181] VirtualFree (lpAddress=0x2574000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0263.184] VirtualQuery (in: lpAddress=0x22000, lpBuffer=0x73fe7c, dwLength=0x1c | out: lpBuffer=0x73fe7c*(BaseAddress=0x22000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x1b000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0263.184] VirtualQuery (in: lpAddress=0x3e000, lpBuffer=0x73fe7c, dwLength=0x1c | out: lpBuffer=0x73fe7c*(BaseAddress=0x3e000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x2000, State=0x1000, Protect=0x80, Type=0x1000000)) returned 0x1c [0263.184] VirtualQuery (in: lpAddress=0x40000, lpBuffer=0x73fe7c, dwLength=0x1c | out: lpBuffer=0x73fe7c*(BaseAddress=0x40000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x1000000)) returned 0x1c [0263.185] VirtualQuery (in: lpAddress=0x20000, lpBuffer=0x73fe7c, dwLength=0x1c | out: lpBuffer=0x73fe7c*(BaseAddress=0x20000, AllocationBase=0x20000, AllocationProtect=0x80, RegionSize=0x1000, State=0x1000, Protect=0x2, Type=0x1000000)) returned 0x1c [0263.212] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr="ADVAPI32.dll", cbMultiByte=12, lpWideCharStr=0x73eb68, cchWideChar=2047 | out: lpWideCharStr="ADVAPI32.dllss쬨젾뀀\x19") returned 12 [0263.212] SysReAllocStringLen (in: pbstr=0x73fb6c*=0x0, psz="ADVAPI32.dll", len=0xc | out: pbstr=0x73fb6c*="ADVAPI32.dll") returned 1 [0263.212] CharLowerBuffW (in: lpsz="ADVAPI32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0263.212] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ff0000 [0263.212] GetLastError () returned 0x0 [0263.213] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.213] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.213] GetModuleFileNameA (in: hModule=0x75ff0000, lpFilename=0x73fa54, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0263.213] GetCurrentProcess () returned 0xffffffff [0263.213] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c28c, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x4, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x2) returned 0x0 [0263.213] GetCurrentProcess () returned 0xffffffff [0263.213] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c28c, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x2, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x4) returned 0x0 [0263.214] GetCurrentProcess () returned 0xffffffff [0263.214] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c294, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x4, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x2) returned 0x0 [0263.214] GetCurrentProcess () returned 0xffffffff [0263.214] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c294, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x2, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x4) returned 0x0 [0263.214] GetCurrentProcess () returned 0xffffffff [0263.214] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c01c, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x4, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x2) returned 0x0 [0263.215] GetCurrentProcess () returned 0xffffffff [0263.215] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c01c, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x2, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x4) returned 0x0 [0263.215] GetCurrentProcess () returned 0xffffffff [0263.215] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c020, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x4, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x2) returned 0x0 [0263.215] GetCurrentProcess () returned 0xffffffff [0263.215] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c020, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x2, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x4) returned 0x0 [0263.216] GetCurrentProcess () returned 0xffffffff [0263.216] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c02c, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x4, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x2) returned 0x0 [0263.216] GetCurrentProcess () returned 0xffffffff [0263.216] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c02c, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x2, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x4) returned 0x0 [0263.216] GetCurrentProcess () returned 0xffffffff [0263.216] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c048, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x4, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x2) returned 0x0 [0263.216] GetCurrentProcess () returned 0xffffffff [0263.217] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c048, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x2, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x4) returned 0x0 [0263.217] GetCurrentProcess () returned 0xffffffff [0263.217] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c074, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x4, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x2) returned 0x0 [0263.217] GetCurrentProcess () returned 0xffffffff [0263.217] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c074, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x2, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x4) returned 0x0 [0263.217] GetCurrentProcess () returned 0xffffffff [0263.217] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c0dc, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x4, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x2) returned 0x0 [0263.218] GetCurrentProcess () returned 0xffffffff [0263.218] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c0dc, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x2, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x4) returned 0x0 [0263.218] GetCurrentProcess () returned 0xffffffff [0263.218] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c0e0, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x4, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x2) returned 0x0 [0263.218] GetCurrentProcess () returned 0xffffffff [0263.218] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c0e0, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x2, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x4) returned 0x0 [0263.219] GetCurrentProcess () returned 0xffffffff [0263.219] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c0f8, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x4, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x2) returned 0x0 [0263.219] GetCurrentProcess () returned 0xffffffff [0263.219] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c0f8, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x2, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x4) returned 0x0 [0263.219] GetCurrentProcess () returned 0xffffffff [0263.219] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c124, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x4, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x2) returned 0x0 [0263.220] GetCurrentProcess () returned 0xffffffff [0263.220] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb58*=0x7605c124, NumberOfBytesToProtect=0x73fb5c, NewAccessProtection=0x2, OldAccessProtection=0x73fb90 | out: BaseAddress=0x73fb58*=0x7605c000, NumberOfBytesToProtect=0x73fb5c, OldAccessProtection=0x73fb90*=0x4) returned 0x0 [0263.220] SetLastError (dwErrCode=0x0) [0263.220] GetProcAddress (hModule=0x75ff0000, lpProcName="RegOpenKeyExW") returned 0x7600dea0 [0263.221] GetProcAddress (hModule=0x75ff0000, lpProcName="RegQueryInfoKeyW") returned 0x7600dff0 [0263.222] GetProcAddress (hModule=0x75ff0000, lpProcName="RegEnumKeyExW") returned 0x7600dfc0 [0263.224] GetProcAddress (hModule=0x75ff0000, lpProcName="RegEnumValueW") returned 0x7600e090 [0263.225] GetProcAddress (hModule=0x75ff0000, lpProcName="RegCloseKey") returned 0x7600e010 [0263.227] GetProcAddress (hModule=0x75ff0000, lpProcName="RegQueryValueExW") returned 0x7600ddd0 [0263.231] SysReAllocStringLen (in: pbstr=0x73fa38*=0x0, psz="mscoreei.dll", len=0xc | out: pbstr=0x73fa38*="mscoreei.dll") returned 1 [0263.231] CharLowerBuffW (in: lpsz="mscoreei.dll", cchLength=0xc | out: lpsz="mscoreei.dll") returned 0xc [0263.231] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", hFile=0x0, dwFlags=0x8) returned 0x77580000 [0263.242] SysReAllocStringLen (in: pbstr=0x73f554*=0x0, psz="api-ms-win-core-synch-l1-2-0", len=0x1c | out: pbstr=0x73f554*="api-ms-win-core-synch-l1-2-0") returned 1 [0263.242] CharLowerBuffW (in: lpsz="api-ms-win-core-synch-l1-2-0", cchLength=0x1c | out: lpsz="api-ms-win-core-synch-l1-2-0") returned 0x1c [0263.242] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0263.242] GetLastError () returned 0x0 [0263.242] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.243] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.243] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73f438, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0263.243] SetLastError (dwErrCode=0x0) [0263.243] GetProcAddress (hModule=0x77580000, lpProcName="InitializeCriticalSectionEx") returned 0x776a1900 [0263.243] SysReAllocStringLen (in: pbstr=0x73f564*=0x0, psz="api-ms-win-core-fibers-l1-1-1", len=0x1d | out: pbstr=0x73f564*="api-ms-win-core-fibers-l1-1-1") returned 1 [0263.243] CharLowerBuffW (in: lpsz="api-ms-win-core-fibers-l1-1-1", cchLength=0x1d | out: lpsz="api-ms-win-core-fibers-l1-1-1") returned 0x1d [0263.243] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0263.244] GetLastError () returned 0x0 [0263.244] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.244] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.244] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73f448, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0263.244] SetLastError (dwErrCode=0x0) [0263.244] GetProcAddress (hModule=0x77580000, lpProcName="FlsAlloc") returned 0x776a7280 [0263.245] GetProcAddress (hModule=0x77580000, lpProcName="FlsSetValue") returned 0x77699870 [0263.245] SysReAllocStringLen (in: pbstr=0x73f538*=0x0, psz="api-ms-win-core-synch-l1-2-0", len=0x1c | out: pbstr=0x73f538*="api-ms-win-core-synch-l1-2-0") returned 1 [0263.245] CharLowerBuffW (in: lpsz="api-ms-win-core-synch-l1-2-0", cchLength=0x1c | out: lpsz="api-ms-win-core-synch-l1-2-0") returned 0x1c [0263.245] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0263.245] GetLastError () returned 0x0 [0263.245] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.245] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.245] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73f41c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0263.246] SetLastError (dwErrCode=0x0) [0263.246] GetProcAddress (hModule=0x77580000, lpProcName="InitializeCriticalSectionEx") returned 0x776a1900 [0263.246] SysReAllocStringLen (in: pbstr=0x73f548*=0x0, psz="api-ms-win-core-fibers-l1-1-1", len=0x1d | out: pbstr=0x73f548*="api-ms-win-core-fibers-l1-1-1") returned 1 [0263.246] CharLowerBuffW (in: lpsz="api-ms-win-core-fibers-l1-1-1", cchLength=0x1d | out: lpsz="api-ms-win-core-fibers-l1-1-1") returned 0x1d [0263.247] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0263.247] GetLastError () returned 0x0 [0263.247] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.247] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.247] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73f42c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0263.247] SetLastError (dwErrCode=0x0) [0263.247] GetProcAddress (hModule=0x77580000, lpProcName="FlsAlloc") returned 0x776a7280 [0263.248] GetProcAddress (hModule=0x77580000, lpProcName="FlsGetValue") returned 0x77691270 [0263.248] GetProcAddress (hModule=0x77580000, lpProcName="FlsSetValue") returned 0x77699870 [0263.283] SysReAllocStringLen (in: pbstr=0x73eae8*=0x0, psz="api-ms-win-core-localization-l1-2-1", len=0x23 | out: pbstr=0x73eae8*="api-ms-win-core-localization-l1-2-1") returned 1 [0263.283] CharLowerBuffW (in: lpsz="api-ms-win-core-localization-l1-2-1", cchLength=0x23 | out: lpsz="api-ms-win-core-localization-l1-2-1") returned 0x23 [0263.283] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0263.284] GetLastError () returned 0x0 [0263.284] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.284] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.284] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73e9cc, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0263.284] SetLastError (dwErrCode=0x0) [0263.285] GetProcAddress (hModule=0x77580000, lpProcName="LCMapStringEx") returned 0x7768ab10 [0263.287] SysReAllocStringLen (in: pbstr=0x73f53c*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x73f53c*="KERNEL32.DLL") returned 1 [0263.287] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0263.287] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75ce0000 [0263.290] GetProcAddress (hModule=0x75ce0000, lpProcName="AcquireSRWLockExclusive") returned 0x77d8a150 [0263.292] GetProcAddress (hModule=0x75ce0000, lpProcName="ReleaseSRWLockExclusive") returned 0x77d8a2f0 [0263.293] SysReAllocStringLen (in: pbstr=0x73f544*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73f544*="kernel32.dll") returned 1 [0263.293] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0263.293] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.296] GetProcAddress (hModule=0x75ce0000, lpProcName="AddDllDirectory") returned 0x7772d7c0 [0263.296] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr="ADVAPI32.dll", cbMultiByte=12, lpWideCharStr=0x73e51c, cchWideChar=2047 | out: lpWideCharStr="ADVAPI32.dll\x03") returned 12 [0263.296] SysReAllocStringLen (in: pbstr=0x73f520*=0x0, psz="ADVAPI32.dll", len=0xc | out: pbstr=0x73f520*="ADVAPI32.dll") returned 1 [0263.296] CharLowerBuffW (in: lpsz="ADVAPI32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0263.296] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x800) returned 0x75ff0000 [0263.296] GetLastError () returned 0x0 [0263.296] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.297] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.297] GetModuleFileNameA (in: hModule=0x75ff0000, lpFilename=0x73f408, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0263.297] GetCurrentProcess () returned 0xffffffff [0263.297] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c28c, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x4, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x2) returned 0x0 [0263.297] GetCurrentProcess () returned 0xffffffff [0263.297] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c28c, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x2, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x4) returned 0x0 [0263.297] GetCurrentProcess () returned 0xffffffff [0263.298] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c294, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x4, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x2) returned 0x0 [0263.298] GetCurrentProcess () returned 0xffffffff [0263.298] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c294, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x2, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x4) returned 0x0 [0263.298] GetCurrentProcess () returned 0xffffffff [0263.298] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c01c, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x4, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x2) returned 0x0 [0263.298] GetCurrentProcess () returned 0xffffffff [0263.298] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c01c, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x2, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x4) returned 0x0 [0263.299] GetCurrentProcess () returned 0xffffffff [0263.299] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c020, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x4, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x2) returned 0x0 [0263.300] GetCurrentProcess () returned 0xffffffff [0263.300] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c020, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x2, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x4) returned 0x0 [0263.300] GetCurrentProcess () returned 0xffffffff [0263.300] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c02c, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x4, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x2) returned 0x0 [0263.301] GetCurrentProcess () returned 0xffffffff [0263.301] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c02c, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x2, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x4) returned 0x0 [0263.301] GetCurrentProcess () returned 0xffffffff [0263.301] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c048, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x4, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x2) returned 0x0 [0263.301] GetCurrentProcess () returned 0xffffffff [0263.301] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c048, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x2, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x4) returned 0x0 [0263.301] GetCurrentProcess () returned 0xffffffff [0263.302] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c074, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x4, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x2) returned 0x0 [0263.302] GetCurrentProcess () returned 0xffffffff [0263.302] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c074, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x2, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x4) returned 0x0 [0263.302] GetCurrentProcess () returned 0xffffffff [0263.302] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c0dc, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x4, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x2) returned 0x0 [0263.302] GetCurrentProcess () returned 0xffffffff [0263.302] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c0dc, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x2, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x4) returned 0x0 [0263.303] GetCurrentProcess () returned 0xffffffff [0263.303] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c0e0, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x4, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x2) returned 0x0 [0263.303] GetCurrentProcess () returned 0xffffffff [0263.303] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c0e0, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x2, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x4) returned 0x0 [0263.303] GetCurrentProcess () returned 0xffffffff [0263.303] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c0f8, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x4, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x2) returned 0x0 [0263.304] GetCurrentProcess () returned 0xffffffff [0263.304] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c0f8, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x2, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x4) returned 0x0 [0263.304] GetCurrentProcess () returned 0xffffffff [0263.304] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c124, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x4, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x2) returned 0x0 [0263.304] GetCurrentProcess () returned 0xffffffff [0263.304] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f50c*=0x7605c124, NumberOfBytesToProtect=0x73f510, NewAccessProtection=0x2, OldAccessProtection=0x73f544 | out: BaseAddress=0x73f50c*=0x7605c000, NumberOfBytesToProtect=0x73f510, OldAccessProtection=0x73f544*=0x4) returned 0x0 [0263.305] SetLastError (dwErrCode=0x0) [0263.305] GetProcAddress (hModule=0x75ff0000, lpProcName="EventRegister") returned 0x77d8d530 [0263.306] GetProcAddress (hModule=0x77580000, lpProcName="EventSetInformation") returned 0x77d902e0 [0263.306] FreeLibrary (hLibModule=0x77580000) returned 1 [0263.306] SysReAllocStringLen (in: pbstr=0x73f62c*=0x0, psz="mscoree.dll", len=0xb | out: pbstr=0x73f62c*="mscoree.dll") returned 1 [0263.306] CharLowerBuffW (in: lpsz="mscoree.dll", cchLength=0xb | out: lpsz="mscoree.dll") returned 0xb [0263.307] GetModuleHandleW (lpModuleName="mscoree.dll") returned 0x700a0000 [0263.308] GetProcAddress (hModule=0x700a0000, lpProcName=0x8e) returned 0x700adf60 [0263.309] GetProcAddress (hModule=0x75ff0000, lpProcName="RegOpenKeyExW") returned 0x7600dea0 [0263.310] GetProcAddress (hModule=0x75ff0000, lpProcName="RegQueryValueExW") returned 0x7600ddd0 [0263.311] GetProcAddress (hModule=0x75ff0000, lpProcName="RegCloseKey") returned 0x7600e010 [0263.312] GetLastError () returned 0xcb [0263.312] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.312] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.312] GetModuleFileNameA (in: hModule=0x70000000, lpFilename=0x73f91c, nSize=0x105 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0263.312] GetCurrentProcess () returned 0xffffffff [0263.312] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084010, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.312] GetCurrentProcess () returned 0xffffffff [0263.312] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084010, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.313] GetCurrentProcess () returned 0xffffffff [0263.313] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084014, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.313] GetCurrentProcess () returned 0xffffffff [0263.313] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084014, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.313] GetCurrentProcess () returned 0xffffffff [0263.313] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084018, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.314] GetCurrentProcess () returned 0xffffffff [0263.314] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084018, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.314] GetCurrentProcess () returned 0xffffffff [0263.314] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x7008402c, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.315] GetCurrentProcess () returned 0xffffffff [0263.315] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x7008402c, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.315] GetCurrentProcess () returned 0xffffffff [0263.315] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084048, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.316] GetCurrentProcess () returned 0xffffffff [0263.316] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084048, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.316] GetCurrentProcess () returned 0xffffffff [0263.316] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084050, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.316] GetCurrentProcess () returned 0xffffffff [0263.316] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084050, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.317] GetCurrentProcess () returned 0xffffffff [0263.317] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084074, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.317] GetCurrentProcess () returned 0xffffffff [0263.317] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084074, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.317] GetCurrentProcess () returned 0xffffffff [0263.317] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700840a4, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.318] GetCurrentProcess () returned 0xffffffff [0263.318] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700840a4, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.318] GetCurrentProcess () returned 0xffffffff [0263.318] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700840a8, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.318] GetCurrentProcess () returned 0xffffffff [0263.318] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700840a8, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.319] GetCurrentProcess () returned 0xffffffff [0263.319] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700840ac, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.319] GetCurrentProcess () returned 0xffffffff [0263.319] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700840ac, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.319] GetCurrentProcess () returned 0xffffffff [0263.319] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700840b4, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.320] GetCurrentProcess () returned 0xffffffff [0263.320] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700840b4, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.320] GetCurrentProcess () returned 0xffffffff [0263.320] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700840c0, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.321] GetCurrentProcess () returned 0xffffffff [0263.321] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700840c0, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.321] GetCurrentProcess () returned 0xffffffff [0263.321] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700840d4, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.321] GetCurrentProcess () returned 0xffffffff [0263.321] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700840d4, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.321] GetCurrentProcess () returned 0xffffffff [0263.321] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x7008414c, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.322] GetCurrentProcess () returned 0xffffffff [0263.322] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x7008414c, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.322] GetCurrentProcess () returned 0xffffffff [0263.322] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084170, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.322] GetCurrentProcess () returned 0xffffffff [0263.322] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084170, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.323] GetCurrentProcess () returned 0xffffffff [0263.323] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700841fc, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.323] GetCurrentProcess () returned 0xffffffff [0263.323] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x700841fc, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.323] GetCurrentProcess () returned 0xffffffff [0263.323] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084200, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x4, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x2) returned 0x0 [0263.324] GetCurrentProcess () returned 0xffffffff [0263.324] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fa20*=0x70084200, NumberOfBytesToProtect=0x73fa24, NewAccessProtection=0x2, OldAccessProtection=0x73fa58 | out: BaseAddress=0x73fa20*=0x70084000, NumberOfBytesToProtect=0x73fa24, OldAccessProtection=0x73fa58*=0x4) returned 0x0 [0263.324] SetLastError (dwErrCode=0xcb) [0263.324] GetProcAddress (hModule=0x70000000, lpProcName="RegisterShimImplCallback") returned 0x700014d0 [0263.324] GetProcAddress (hModule=0x70000000, lpProcName="RegisterShimImplCleanupCallback") returned 0x0 [0263.324] GetProcAddress (hModule=0x70000000, lpProcName="SetShellShimInstance") returned 0x0 [0263.325] GetProcAddress (hModule=0x70000000, lpProcName="OnShimDllMainCalled") returned 0x70009630 [0263.325] GetProcAddress (hModule=0x70000000, lpProcName=0x700a611c) returned 0x0 [0263.325] GetProcAddress (hModule=0x70000000, lpProcName="_CorExeMain") returned 0x7000fa20 [0263.328] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v1.0.3705\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0263.328] GetLastError () returned 0x2 [0263.328] SysReAllocStringLen (in: pbstr=0x73f30c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", len=0x35 | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll") returned 1 [0263.328] GetThreadLocale () returned 0x409 [0263.328] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0263.328] GetThreadLocale () returned 0x409 [0263.328] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0263.328] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", nBufferLength=0x104, lpBuffer=0x73f090, lpFilePart=0x73f08c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", lpFilePart=0x73f08c*="clr.dll") returned 0x34 [0263.328] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", len=0x34 | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll") returned 1 [0263.328] SysReAllocStringLen (in: pbstr=0x73f2bc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", len=0x34 | out: pbstr=0x73f2bc*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll") returned 1 [0263.328] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", cchLength=0x34 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\clr.dll") returned 0x34 [0263.328] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\clr.dll", len=0x34 | out: pbstr=0x73f30c*="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\clr.dll") returned 1 [0263.328] SetLastError (dwErrCode=0x2) [0263.329] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v1.0.3705\\mscorwks.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0263.329] GetLastError () returned 0x2 [0263.329] SysReAllocStringLen (in: pbstr=0x73f30c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", len=0x3a | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll") returned 1 [0263.329] GetThreadLocale () returned 0x409 [0263.329] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0263.329] GetThreadLocale () returned 0x409 [0263.329] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0263.329] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", nBufferLength=0x104, lpBuffer=0x73f090, lpFilePart=0x73f08c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", lpFilePart=0x73f08c*="mscorwks.dll") returned 0x39 [0263.329] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.0.3705\\mscorwks.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", len=0x39 | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll") returned 1 [0263.329] SysReAllocStringLen (in: pbstr=0x73f2bc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", len=0x39 | out: pbstr=0x73f2bc*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll") returned 1 [0263.329] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", cchLength=0x39 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\mscorwks.dll") returned 0x39 [0263.329] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorwks.dll", psz="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\mscorwks.dll", len=0x39 | out: pbstr=0x73f30c*="c:\\windows\\microsoft.net\\framework\\v1.0.3705\\mscorwks.dll") returned 1 [0263.329] SetLastError (dwErrCode=0x2) [0263.330] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v1.1.4322\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0263.330] GetLastError () returned 0x2 [0263.339] SysReAllocStringLen (in: pbstr=0x73f30c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", len=0x35 | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll") returned 1 [0263.339] GetThreadLocale () returned 0x409 [0263.339] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0263.339] GetThreadLocale () returned 0x409 [0263.339] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0263.339] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", nBufferLength=0x104, lpBuffer=0x73f090, lpFilePart=0x73f08c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", lpFilePart=0x73f08c*="clr.dll") returned 0x34 [0263.340] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", len=0x34 | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll") returned 1 [0263.340] SysReAllocStringLen (in: pbstr=0x73f2bc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", len=0x34 | out: pbstr=0x73f2bc*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll") returned 1 [0263.340] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", cchLength=0x34 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\clr.dll") returned 0x34 [0263.340] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\clr.dll", len=0x34 | out: pbstr=0x73f30c*="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\clr.dll") returned 1 [0263.340] SetLastError (dwErrCode=0x2) [0263.340] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v1.1.4322\\mscorwks.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0263.340] GetLastError () returned 0x2 [0263.340] SysReAllocStringLen (in: pbstr=0x73f30c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", len=0x3a | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll") returned 1 [0263.340] GetThreadLocale () returned 0x409 [0263.340] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0263.340] GetThreadLocale () returned 0x409 [0263.340] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0263.340] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", nBufferLength=0x104, lpBuffer=0x73f090, lpFilePart=0x73f08c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", lpFilePart=0x73f08c*="mscorwks.dll") returned 0x39 [0263.340] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v1.1.4322\\mscorwks.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", len=0x39 | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll") returned 1 [0263.341] SysReAllocStringLen (in: pbstr=0x73f2bc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", len=0x39 | out: pbstr=0x73f2bc*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll") returned 1 [0263.341] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", cchLength=0x39 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\mscorwks.dll") returned 0x39 [0263.341] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v1.1.4322\\mscorwks.dll", psz="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\mscorwks.dll", len=0x39 | out: pbstr=0x73f30c*="c:\\windows\\microsoft.net\\framework\\v1.1.4322\\mscorwks.dll") returned 1 [0263.341] SetLastError (dwErrCode=0x2) [0263.341] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0263.341] GetLastError () returned 0x2 [0263.341] SysReAllocStringLen (in: pbstr=0x73f30c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", len=0x36 | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll") returned 1 [0263.341] GetThreadLocale () returned 0x409 [0263.341] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0263.341] GetThreadLocale () returned 0x409 [0263.342] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0263.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", nBufferLength=0x104, lpBuffer=0x73f090, lpFilePart=0x73f08c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", lpFilePart=0x73f08c*="clr.dll") returned 0x35 [0263.342] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", len=0x35 | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll") returned 1 [0263.342] SysReAllocStringLen (in: pbstr=0x73f2bc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", len=0x35 | out: pbstr=0x73f2bc*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll") returned 1 [0263.342] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", cchLength=0x35 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\clr.dll") returned 0x35 [0263.342] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\clr.dll", len=0x35 | out: pbstr=0x73f30c*="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\clr.dll") returned 1 [0263.342] SetLastError (dwErrCode=0x2) [0263.342] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0xffffffff [0263.342] GetLastError () returned 0x2 [0263.342] SysReAllocStringLen (in: pbstr=0x73f30c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", len=0x3b | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll") returned 1 [0263.342] GetThreadLocale () returned 0x409 [0263.342] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0263.342] GetThreadLocale () returned 0x409 [0263.342] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0263.342] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", nBufferLength=0x104, lpBuffer=0x73f090, lpFilePart=0x73f08c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", lpFilePart=0x73f08c*="mscorwks.dll") returned 0x3a [0263.342] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v2.0.50727\\mscorwks.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", len=0x3a | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll") returned 1 [0263.343] SysReAllocStringLen (in: pbstr=0x73f2bc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", len=0x3a | out: pbstr=0x73f2bc*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll") returned 1 [0263.343] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", cchLength=0x3a | out: lpsz="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") returned 0x3a [0263.343] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", psz="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll", len=0x3a | out: pbstr=0x73f30c*="c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll") returned 1 [0263.343] SetLastError (dwErrCode=0x2) [0263.343] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0x294 [0263.343] GetLastError () returned 0x0 [0263.343] SysReAllocStringLen (in: pbstr=0x73f30c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", len=0x36 | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll") returned 1 [0263.344] GetThreadLocale () returned 0x409 [0263.344] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0263.344] GetThreadLocale () returned 0x409 [0263.344] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0263.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", nBufferLength=0x104, lpBuffer=0x73f090, lpFilePart=0x73f08c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", lpFilePart=0x73f08c*="clr.dll") returned 0x35 [0263.344] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\\\v4.0.30319\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0263.344] SysReAllocStringLen (in: pbstr=0x73f2bc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x73f2bc*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0263.344] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", cchLength=0x35 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") returned 0x35 [0263.344] SysReAllocStringLen (in: pbstr=0x73f30c*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x73f30c*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") returned 1 [0263.344] SetLastError (dwErrCode=0x0) [0263.344] GetCurrentThreadId () returned 0xfe0 [0263.344] ResetEvent (hEvent=0x1f4) returned 1 [0263.344] GetCurrentThreadId () returned 0xfe0 [0263.344] GetCurrentThreadId () returned 0xfe0 [0263.344] GetCurrentThreadId () returned 0xfe0 [0263.344] ResetEvent (hEvent=0x1f4) returned 1 [0263.344] GetCurrentThreadId () returned 0xfe0 [0263.344] GetCurrentThreadId () returned 0xfe0 [0263.344] SetEvent (hEvent=0x1f8) returned 1 [0263.344] SetEvent (hEvent=0x1f4) returned 1 [0263.344] CloseHandle (hObject=0x294) returned 1 [0263.346] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr="SHLWAPI.dll", cbMultiByte=11, lpWideCharStr=0x73e2a8, cchWideChar=2047 | out: lpWideCharStr="SHLWAPI.dlls") returned 11 [0263.347] SysReAllocStringLen (in: pbstr=0x73f2ac*=0x0, psz="SHLWAPI.dll", len=0xb | out: pbstr=0x73f2ac*="SHLWAPI.dll") returned 1 [0263.347] CharLowerBuffW (in: lpsz="SHLWAPI.dll", cchLength=0xb | out: lpsz="shlwapi.dll") returned 0xb [0263.347] LoadLibraryExA (lpLibFileName="SHLWAPI.dll", hFile=0x0, dwFlags=0x800) returned 0x76bd0000 [0263.347] GetLastError () returned 0x0 [0263.347] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.347] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.347] GetModuleFileNameA (in: hModule=0x76bd0000, lpFilename=0x73f194, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0263.347] GetCurrentProcess () returned 0xffffffff [0263.347] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f298*=0x76c0c178, NumberOfBytesToProtect=0x73f29c, NewAccessProtection=0x4, OldAccessProtection=0x73f2d0 | out: BaseAddress=0x73f298*=0x76c0c000, NumberOfBytesToProtect=0x73f29c, OldAccessProtection=0x73f2d0*=0x2) returned 0x0 [0263.348] GetCurrentProcess () returned 0xffffffff [0263.348] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f298*=0x76c0c178, NumberOfBytesToProtect=0x73f29c, NewAccessProtection=0x2, OldAccessProtection=0x73f2d0 | out: BaseAddress=0x73f298*=0x76c0c000, NumberOfBytesToProtect=0x73f29c, OldAccessProtection=0x73f2d0*=0x4) returned 0x0 [0263.348] GetCurrentProcess () returned 0xffffffff [0263.348] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f298*=0x76c0c184, NumberOfBytesToProtect=0x73f29c, NewAccessProtection=0x4, OldAccessProtection=0x73f2d0 | out: BaseAddress=0x73f298*=0x76c0c000, NumberOfBytesToProtect=0x73f29c, OldAccessProtection=0x73f2d0*=0x2) returned 0x0 [0263.348] GetCurrentProcess () returned 0xffffffff [0263.348] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f298*=0x76c0c184, NumberOfBytesToProtect=0x73f29c, NewAccessProtection=0x2, OldAccessProtection=0x73f2d0 | out: BaseAddress=0x73f298*=0x76c0c000, NumberOfBytesToProtect=0x73f29c, OldAccessProtection=0x73f2d0*=0x4) returned 0x0 [0263.349] SetLastError (dwErrCode=0x0) [0263.349] GetProcAddress (hModule=0x76bd0000, lpProcName="UrlIsW") returned 0x76be4360 [0263.349] CreateFileW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0263.350] GetLastError () returned 0x2 [0263.350] SysReAllocStringLen (in: pbstr=0x73f324*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", len=0x3c | out: pbstr=0x73f324*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config") returned 1 [0263.350] GetThreadLocale () returned 0x409 [0263.350] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0263.350] GetThreadLocale () returned 0x409 [0263.350] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0263.350] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", nBufferLength=0x104, lpBuffer=0x73f0a8, lpFilePart=0x73f0a4 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", lpFilePart=0x73f0a4*="gesf.exe.config") returned 0x3c [0263.350] SysReAllocStringLen (in: pbstr=0x73f324*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", len=0x3c | out: pbstr=0x73f324*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config") returned 1 [0263.350] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", nBufferLength=0x104, lpBuffer=0x73edf0, lpFilePart=0x73edec | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", lpFilePart=0x73edec*="gesf.exe.config") returned 0x3c [0263.350] SysReAllocStringLen (in: pbstr=0x73f030*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f030*="C:") returned 1 [0263.350] SysReAllocStringLen (in: pbstr=0x73efec*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73efec*="C:\\") returned 1 [0263.350] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.350] SysReAllocStringLen (in: pbstr=0x73efe8*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2d | out: pbstr=0x73efe8*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0263.351] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", cchLength=0x2d | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\") returned 0x2d [0263.351] SetLastError (dwErrCode=0x0) [0263.351] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\", cchCount1=45, lpString2="c:\\", cchCount2=3) returned 3 [0263.351] GetLastError () returned 0x0 [0263.351] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73f054 | out: lpFindFileData=0x73f054*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x9204b8, ftLastAccessTime.dwHighDateTime=0x1, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x20015, nFileSizeHigh=0x92aee8, nFileSizeLow=0x92af98, dwReserved0=0x9204a8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="뱜\x92x")) returned 0xffffffff [0263.351] GetLastError () returned 0x2 [0263.351] SysReAllocStringLen (in: pbstr=0x73f028*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2d | out: pbstr=0x73f028*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0263.351] SysReAllocStringLen (in: pbstr=0x73f2ac*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", len=0x2c | out: pbstr=0x73f2ac*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0263.351] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", nBufferLength=0x104, lpBuffer=0x73eb38, lpFilePart=0x73eb34 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", lpFilePart=0x73eb34*="RarSFX1") returned 0x2c [0263.351] SysReAllocStringLen (in: pbstr=0x73ed78*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ed78*="C:") returned 1 [0263.351] SysReAllocStringLen (in: pbstr=0x73ed34*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ed34*="C:\\") returned 1 [0263.351] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.352] SysReAllocStringLen (in: pbstr=0x73ed30*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73ed30*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0263.352] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", cchLength=0x25 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\") returned 0x25 [0263.352] SetLastError (dwErrCode=0x0) [0263.352] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\", cchCount1=37, lpString2="c:\\", cchCount2=3) returned 3 [0263.352] GetLastError () returned 0x0 [0263.352] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73ed9c | out: lpFindFileData=0x73ed9c*(dwFileAttributes=0x91e898, ftCreationTime.dwLowDateTime=0x91e8a0, ftCreationTime.dwHighDateTime=0x900000, ftLastAccessTime.dwLowDateTime=0x5000005, ftLastAccessTime.dwHighDateTime=0x5, ftLastWriteTime.dwLowDateTime=0x73ede4, ftLastWriteTime.dwHighDateTime=0x77d92f90, nFileSizeHigh=0x1, nFileSizeLow=0x91e8a0, dwReserved0=0x5, dwReserved1=0x5, cFileName="\x91", cAlternateFileName="垤\x93X")) returned 0xffffffff [0263.352] GetLastError () returned 0x2 [0263.352] SysReAllocStringLen (in: pbstr=0x73ed70*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73ed70*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0263.352] SysReAllocStringLen (in: pbstr=0x73eff4*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", len=0x24 | out: pbstr=0x73eff4*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp") returned 1 [0263.352] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x73e880, lpFilePart=0x73e87c | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", lpFilePart=0x73e87c*="Temp") returned 0x24 [0263.352] SysReAllocStringLen (in: pbstr=0x73eac0*=0x0, psz="C:", len=0x2 | out: pbstr=0x73eac0*="C:") returned 1 [0263.352] SysReAllocStringLen (in: pbstr=0x73ea7c*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ea7c*="C:\\") returned 1 [0263.352] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.352] SysReAllocStringLen (in: pbstr=0x73ea78*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73ea78*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0263.353] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\") returned 0x20 [0263.353] SetLastError (dwErrCode=0x0) [0263.353] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0263.353] GetLastError () returned 0x0 [0263.353] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73eae4 | out: lpFindFileData=0x73eae4*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x3b0c68, ftLastAccessTime.dwLowDateTime=0x3b0c60, ftLastAccessTime.dwHighDateTime=0x8, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0xa0000, nFileSizeHigh=0x926900, nFileSizeLow=0x926be8, dwReserved0=0x920408, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="沜\x92H")) returned 0xffffffff [0263.353] GetLastError () returned 0x2 [0263.353] SysReAllocStringLen (in: pbstr=0x73eab8*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73eab8*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0263.353] SysReAllocStringLen (in: pbstr=0x73ed3c*="C:\\Users\\OQXZRA~1\\AppData\\Local\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local", len=0x1f | out: pbstr=0x73ed3c*="C:\\Users\\OQXZRA~1\\AppData\\Local") returned 1 [0263.353] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x73e5c8, lpFilePart=0x73e5c4 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local", lpFilePart=0x73e5c4*="Local") returned 0x1f [0263.353] SysReAllocStringLen (in: pbstr=0x73e808*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e808*="C:") returned 1 [0263.353] SysReAllocStringLen (in: pbstr=0x73e7c4*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e7c4*="C:\\") returned 1 [0263.353] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.353] SysReAllocStringLen (in: pbstr=0x73e7c0*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73e7c0*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0263.353] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\oqxzra~1\\appdata\\") returned 0x1a [0263.354] SetLastError (dwErrCode=0x0) [0263.354] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0263.354] GetLastError () returned 0x0 [0263.354] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73e82c | out: lpFindFileData=0x73e82c*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x9205d0, ftLastAccessTime.dwHighDateTime=0x25, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x2d0029, nFileSizeHigh=0x935898, nFileSizeLow=0x936580, dwReserved0=0x9205c0, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="擔\x93>")) returned 0xffffffff [0263.354] GetLastError () returned 0x2 [0263.354] SysReAllocStringLen (in: pbstr=0x73e800*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73e800*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0263.354] SysReAllocStringLen (in: pbstr=0x73ea84*="C:\\Users\\OQXZRA~1\\AppData\\", psz="C:\\Users\\OQXZRA~1\\AppData", len=0x19 | out: pbstr=0x73ea84*="C:\\Users\\OQXZRA~1\\AppData") returned 1 [0263.354] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData", nBufferLength=0x104, lpBuffer=0x73e310, lpFilePart=0x73e30c | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData", lpFilePart=0x73e30c*="AppData") returned 0x19 [0263.354] SysReAllocStringLen (in: pbstr=0x73e550*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e550*="C:") returned 1 [0263.354] SysReAllocStringLen (in: pbstr=0x73e50c*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e50c*="C:\\") returned 1 [0263.354] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.354] SysReAllocStringLen (in: pbstr=0x73e508*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73e508*="C:\\Users\\OQXZRA~1\\") returned 1 [0263.354] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\", cchLength=0x12 | out: lpsz="c:\\users\\oqxzra~1\\") returned 0x12 [0263.354] SetLastError (dwErrCode=0x0) [0263.355] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0263.355] GetLastError () returned 0x0 [0263.355] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73e574 | out: lpFindFileData=0x73e574*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x90b1f8, ftLastAccessTime.dwHighDateTime=0x19, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x20015, nFileSizeHigh=0x9248e8, nFileSizeLow=0x925020, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="䮤\x922")) returned 0xffffffff [0263.355] GetLastError () returned 0x2 [0263.355] SysReAllocStringLen (in: pbstr=0x73e548*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73e548*="C:\\Users\\OQXZRA~1\\") returned 1 [0263.355] SysReAllocStringLen (in: pbstr=0x73e7cc*="C:\\Users\\OQXZRA~1\\", psz="C:\\Users\\OQXZRA~1", len=0x11 | out: pbstr=0x73e7cc*="C:\\Users\\OQXZRA~1") returned 1 [0263.355] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1", nBufferLength=0x104, lpBuffer=0x73e058, lpFilePart=0x73e054 | out: lpBuffer="C:\\Users\\OQXZRA~1", lpFilePart=0x73e054*="OQXZRA~1") returned 0x11 [0263.355] SysReAllocStringLen (in: pbstr=0x73e298*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e298*="C:") returned 1 [0263.355] SysReAllocStringLen (in: pbstr=0x73e254*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e254*="C:\\") returned 1 [0263.355] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.355] SysReAllocStringLen (in: pbstr=0x73e250*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e250*="C:\\Users\\") returned 1 [0263.355] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0263.355] SetLastError (dwErrCode=0x0) [0263.355] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0263.355] GetLastError () returned 0x0 [0263.356] FindFirstFileW (in: lpFileName="C:\\Users\\" (normalized: "c:\\users"), lpFindFileData=0x73e2bc | out: lpFindFileData=0x73e2bc*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x90b1f8, ftLastAccessTime.dwHighDateTime=0xc, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x190016, nFileSizeHigh=0x9248e8, nFileSizeLow=0x924c78, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="羴\x92\"")) returned 0xffffffff [0263.356] GetLastError () returned 0x2 [0263.356] SysReAllocStringLen (in: pbstr=0x73e290*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e290*="C:\\Users\\") returned 1 [0263.356] SysReAllocStringLen (in: pbstr=0x73e514*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x73e514*="C:\\Users") returned 1 [0263.356] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x73dda0, lpFilePart=0x73dd9c | out: lpBuffer="C:\\Users", lpFilePart=0x73dd9c*="Users") returned 0x8 [0263.356] SysReAllocStringLen (in: pbstr=0x73dfe0*=0x0, psz="C:", len=0x2 | out: pbstr=0x73dfe0*="C:") returned 1 [0263.356] SysReAllocStringLen (in: pbstr=0x73df9c*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73df9c*="C:\\") returned 1 [0263.356] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.356] SysReAllocStringLen (in: pbstr=0x73df98*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73df98*="C:\\") returned 1 [0263.356] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.356] SetLastError (dwErrCode=0x0) [0263.356] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0263.356] GetLastError () returned 0x0 [0263.357] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x73e004 | out: lpFindFileData=0x73e004*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x29a50bc2, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x9204d0, dwReserved1=0x900000, cFileName="Users", cAlternateFileName="")) returned 0x91deb0 [0263.357] FileTimeToLocalFileTime (in: lpFileTime=0x73e018, lpLocalFileTime=0x73df88 | out: lpLocalFileTime=0x73df88) returned 1 [0263.357] FileTimeToDosDateTime (in: lpFileTime=0x73df88, lpFatDate=0x73dfe6, lpFatTime=0x73dfe4 | out: lpFatDate=0x73dfe6, lpFatTime=0x73dfe4) returned 1 [0263.357] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0263.357] SysReAllocStringLen (in: pbstr=0x73e514*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x73e514*="C:\\Users") returned 1 [0263.357] SysReAllocStringLen (in: pbstr=0x73e288*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x73e288*="C:\\Users") returned 1 [0263.357] SysReAllocStringLen (in: pbstr=0x73e514*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e514*="C:\\Users\\") returned 1 [0263.357] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73e2bc | out: lpFindFileData=0x73e2bc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29c66c9e, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="OqXZRaykm", cAlternateFileName="OQXZRA~1")) returned 0x91d970 [0263.357] FileTimeToLocalFileTime (in: lpFileTime=0x73e2d0, lpLocalFileTime=0x73e240 | out: lpLocalFileTime=0x73e240) returned 1 [0263.357] FileTimeToDosDateTime (in: lpFileTime=0x73e240, lpFatDate=0x73e29e, lpFatTime=0x73e29c | out: lpFatDate=0x73e29e, lpFatTime=0x73e29c) returned 1 [0263.358] FindClose (in: hFindFile=0x91d970 | out: hFindFile=0x91d970) returned 1 [0263.358] SysReAllocStringLen (in: pbstr=0x73e7cc*="C:\\Users\\OQXZRA~1", psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73e7cc*="C:\\Users\\OqXZRaykm") returned 1 [0263.358] SysReAllocStringLen (in: pbstr=0x73e540*=0x0, psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73e540*="C:\\Users\\OqXZRaykm") returned 1 [0263.358] SysReAllocStringLen (in: pbstr=0x73e7cc*="C:\\Users\\OqXZRaykm", psz="C:\\Users\\OqXZRaykm\\", len=0x13 | out: pbstr=0x73e7cc*="C:\\Users\\OqXZRaykm\\") returned 1 [0263.358] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73e574 | out: lpFindFileData=0x73e574*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29de43c9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="AppData", cAlternateFileName="")) returned 0x91dcb0 [0263.359] FileTimeToLocalFileTime (in: lpFileTime=0x73e588, lpLocalFileTime=0x73e4f8 | out: lpLocalFileTime=0x73e4f8) returned 1 [0263.359] FileTimeToDosDateTime (in: lpFileTime=0x73e4f8, lpFatDate=0x73e556, lpFatTime=0x73e554 | out: lpFatDate=0x73e556, lpFatTime=0x73e554) returned 1 [0263.359] FindClose (in: hFindFile=0x91dcb0 | out: hFindFile=0x91dcb0) returned 1 [0263.359] SysReAllocStringLen (in: pbstr=0x73ea84*="C:\\Users\\OQXZRA~1\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73ea84*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0263.359] SysReAllocStringLen (in: pbstr=0x73e7f8*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73e7f8*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0263.359] SysReAllocStringLen (in: pbstr=0x73ea84*="C:\\Users\\OqXZRaykm\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData\\", len=0x1b | out: pbstr=0x73ea84*="C:\\Users\\OqXZRaykm\\AppData\\") returned 1 [0263.359] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73e82c | out: lpFindFileData=0x73e82c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2deab81f, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7e8773d3, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x9205c0, dwReserved1=0x900000, cFileName="Local", cAlternateFileName="")) returned 0x91dcb0 [0263.359] FileTimeToLocalFileTime (in: lpFileTime=0x73e840, lpLocalFileTime=0x73e7b0 | out: lpLocalFileTime=0x73e7b0) returned 1 [0263.359] FileTimeToDosDateTime (in: lpFileTime=0x73e7b0, lpFatDate=0x73e80e, lpFatTime=0x73e80c | out: lpFatDate=0x73e80e, lpFatTime=0x73e80c) returned 1 [0263.360] FindClose (in: hFindFile=0x91dcb0 | out: hFindFile=0x91dcb0) returned 1 [0263.360] SysReAllocStringLen (in: pbstr=0x73ed3c*="C:\\Users\\OQXZRA~1\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73ed3c*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0263.360] SysReAllocStringLen (in: pbstr=0x73eab0*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73eab0*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0263.360] SysReAllocStringLen (in: pbstr=0x73ed3c*="C:\\Users\\OqXZRaykm\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\", len=0x21 | out: pbstr=0x73ed3c*="C:\\Users\\OqXZRaykm\\AppData\\Local\\") returned 1 [0263.360] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73eae4 | out: lpFindFileData=0x73eae4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6d556de9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d556de9, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x920408, dwReserved1=0x900000, cFileName="Temp", cAlternateFileName="")) returned 0x91e030 [0263.360] FileTimeToLocalFileTime (in: lpFileTime=0x73eaf8, lpLocalFileTime=0x73ea68 | out: lpLocalFileTime=0x73ea68) returned 1 [0263.360] FileTimeToDosDateTime (in: lpFileTime=0x73ea68, lpFatDate=0x73eac6, lpFatTime=0x73eac4 | out: lpFatDate=0x73eac6, lpFatTime=0x73eac4) returned 1 [0263.360] FindClose (in: hFindFile=0x91e030 | out: hFindFile=0x91e030) returned 1 [0263.361] SysReAllocStringLen (in: pbstr=0x73eff4*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73eff4*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0263.361] SysReAllocStringLen (in: pbstr=0x73ed68*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73ed68*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0263.361] SysReAllocStringLen (in: pbstr=0x73eff4*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\", len=0x26 | out: pbstr=0x73eff4*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\") returned 1 [0263.361] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73ed9c | out: lpFindFileData=0x73ed9c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6d556de9, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x6d7469be, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d7469be, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x5, dwReserved1=0x5, cFileName="RarSFX1", cAlternateFileName="")) returned 0x91dcb0 [0263.361] FileTimeToLocalFileTime (in: lpFileTime=0x73edb0, lpLocalFileTime=0x73ed20 | out: lpLocalFileTime=0x73ed20) returned 1 [0263.362] FileTimeToDosDateTime (in: lpFileTime=0x73ed20, lpFatDate=0x73ed7e, lpFatTime=0x73ed7c | out: lpFatDate=0x73ed7e, lpFatTime=0x73ed7c) returned 1 [0263.362] FindClose (in: hFindFile=0x91dcb0 | out: hFindFile=0x91dcb0) returned 1 [0263.362] SysReAllocStringLen (in: pbstr=0x73f2ac*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73f2ac*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0263.362] SysReAllocStringLen (in: pbstr=0x73f020*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73f020*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0263.362] SysReAllocStringLen (in: pbstr=0x73f2ac*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2e | out: pbstr=0x73f2ac*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0263.362] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe.config"), lpFindFileData=0x73f054 | out: lpFindFileData=0x73f054*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x9204b8, ftLastAccessTime.dwHighDateTime=0x1, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x20015, nFileSizeHigh=0x92aee8, nFileSizeLow=0x92af98, dwReserved0=0x9204a8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="뱜\x92x")) returned 0xffffffff [0263.363] GetLastError () returned 0x2 [0263.363] SysReAllocStringLen (in: pbstr=0x73f324*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", len=0x3c | out: pbstr=0x73f324*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config") returned 1 [0263.363] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1")) returned 0x10 [0263.363] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", nBufferLength=0x104, lpBuffer=0x73edf0, lpFilePart=0x73edec | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", lpFilePart=0x73edec*="RarSFX1") returned 0x2c [0263.363] SysReAllocStringLen (in: pbstr=0x73f030*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f030*="C:") returned 1 [0263.363] SysReAllocStringLen (in: pbstr=0x73efec*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73efec*="C:\\") returned 1 [0263.363] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.364] SysReAllocStringLen (in: pbstr=0x73efe8*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73efe8*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0263.364] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", cchLength=0x25 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\") returned 0x25 [0263.364] SetLastError (dwErrCode=0x0) [0263.364] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\", cchCount1=37, lpString2="c:\\", cchCount2=3) returned 3 [0263.364] GetLastError () returned 0x0 [0263.364] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73f054 | out: lpFindFileData=0x73f054*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0263.364] GetLastError () returned 0x2 [0263.364] SysReAllocStringLen (in: pbstr=0x73f028*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73f028*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0263.364] SysReAllocStringLen (in: pbstr=0x73f2ac*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", len=0x24 | out: pbstr=0x73f2ac*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp") returned 1 [0263.364] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x73eb38, lpFilePart=0x73eb34 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", lpFilePart=0x73eb34*="Temp") returned 0x24 [0263.364] SysReAllocStringLen (in: pbstr=0x73ed78*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ed78*="C:") returned 1 [0263.364] SysReAllocStringLen (in: pbstr=0x73ed34*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ed34*="C:\\") returned 1 [0263.364] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.365] SysReAllocStringLen (in: pbstr=0x73ed30*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73ed30*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0263.365] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\") returned 0x20 [0263.365] SetLastError (dwErrCode=0x0) [0263.365] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0263.365] GetLastError () returned 0x0 [0263.365] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73ed9c | out: lpFindFileData=0x73ed9c*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x9205a8, ftLastAccessTime.dwHighDateTime=0xb, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x80011, nFileSizeHigh=0x935090, nFileSizeLow=0x935530, dwReserved0=0x920598, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="먼\x92H")) returned 0xffffffff [0263.365] GetLastError () returned 0x2 [0263.365] SysReAllocStringLen (in: pbstr=0x73ed70*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73ed70*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0263.365] SysReAllocStringLen (in: pbstr=0x73eff4*="C:\\Users\\OQXZRA~1\\AppData\\Local\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local", len=0x1f | out: pbstr=0x73eff4*="C:\\Users\\OQXZRA~1\\AppData\\Local") returned 1 [0263.365] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x73e880, lpFilePart=0x73e87c | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local", lpFilePart=0x73e87c*="Local") returned 0x1f [0263.365] SysReAllocStringLen (in: pbstr=0x73eac0*=0x0, psz="C:", len=0x2 | out: pbstr=0x73eac0*="C:") returned 1 [0263.365] SysReAllocStringLen (in: pbstr=0x73ea7c*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ea7c*="C:\\") returned 1 [0263.365] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.365] SysReAllocStringLen (in: pbstr=0x73ea78*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73ea78*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0263.365] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\oqxzra~1\\appdata\\") returned 0x1a [0263.366] SetLastError (dwErrCode=0x0) [0263.366] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0263.366] GetLastError () returned 0x0 [0263.366] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73eae4 | out: lpFindFileData=0x73eae4*(dwFileAttributes=0x9370f8, ftCreationTime.dwLowDateTime=0x937100, ftCreationTime.dwHighDateTime=0x900000, ftLastAccessTime.dwLowDateTime=0x77d8f6d5, ftLastAccessTime.dwHighDateTime=0x15d, ftLastWriteTime.dwLowDateTime=0x73eb2c, ftLastWriteTime.dwHighDateTime=0x77d92f90, nFileSizeHigh=0x1, nFileSizeLow=0x937100, dwReserved0=0x1dd, dwReserved1=0x1dd, cFileName="炠\x93", cAlternateFileName="毬\x92>")) returned 0xffffffff [0263.366] GetLastError () returned 0x2 [0263.366] SysReAllocStringLen (in: pbstr=0x73eab8*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73eab8*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0263.366] SysReAllocStringLen (in: pbstr=0x73ed3c*="C:\\Users\\OQXZRA~1\\AppData\\", psz="C:\\Users\\OQXZRA~1\\AppData", len=0x19 | out: pbstr=0x73ed3c*="C:\\Users\\OQXZRA~1\\AppData") returned 1 [0263.366] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData", nBufferLength=0x104, lpBuffer=0x73e5c8, lpFilePart=0x73e5c4 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData", lpFilePart=0x73e5c4*="AppData") returned 0x19 [0263.366] SysReAllocStringLen (in: pbstr=0x73e808*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e808*="C:") returned 1 [0263.366] SysReAllocStringLen (in: pbstr=0x73e7c4*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e7c4*="C:\\") returned 1 [0263.366] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.366] SysReAllocStringLen (in: pbstr=0x73e7c0*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73e7c0*="C:\\Users\\OQXZRA~1\\") returned 1 [0263.366] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\", cchLength=0x12 | out: lpsz="c:\\users\\oqxzra~1\\") returned 0x12 [0263.366] SetLastError (dwErrCode=0x0) [0263.366] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0263.367] GetLastError () returned 0x0 [0263.367] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73e82c | out: lpFindFileData=0x73e82c*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x90b1f8, ftLastAccessTime.dwHighDateTime=0x1d, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0xf0015, nFileSizeHigh=0x9248e8, nFileSizeLow=0x925140, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="伄\x922")) returned 0xffffffff [0263.367] GetLastError () returned 0x2 [0263.367] SysReAllocStringLen (in: pbstr=0x73e800*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73e800*="C:\\Users\\OQXZRA~1\\") returned 1 [0263.367] SysReAllocStringLen (in: pbstr=0x73ea84*="C:\\Users\\OQXZRA~1\\", psz="C:\\Users\\OQXZRA~1", len=0x11 | out: pbstr=0x73ea84*="C:\\Users\\OQXZRA~1") returned 1 [0263.367] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1", nBufferLength=0x104, lpBuffer=0x73e310, lpFilePart=0x73e30c | out: lpBuffer="C:\\Users\\OQXZRA~1", lpFilePart=0x73e30c*="OQXZRA~1") returned 0x11 [0263.367] SysReAllocStringLen (in: pbstr=0x73e550*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e550*="C:") returned 1 [0263.367] SysReAllocStringLen (in: pbstr=0x73e50c*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e50c*="C:\\") returned 1 [0263.367] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.367] SysReAllocStringLen (in: pbstr=0x73e508*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e508*="C:\\Users\\") returned 1 [0263.367] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0263.367] SetLastError (dwErrCode=0x0) [0263.367] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0263.367] GetLastError () returned 0x0 [0263.368] FindFirstFileW (in: lpFileName="C:\\Users\\" (normalized: "c:\\users"), lpFindFileData=0x73e574 | out: lpFindFileData=0x73e574*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x90b1f8, ftLastAccessTime.dwHighDateTime=0x9, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x1d0016, nFileSizeHigh=0x9248e8, nFileSizeLow=0x924ba0, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="堄\x92\"")) returned 0xffffffff [0263.368] GetLastError () returned 0x2 [0263.368] SysReAllocStringLen (in: pbstr=0x73e548*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e548*="C:\\Users\\") returned 1 [0263.368] SysReAllocStringLen (in: pbstr=0x73e7cc*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x73e7cc*="C:\\Users") returned 1 [0263.368] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x73e058, lpFilePart=0x73e054 | out: lpBuffer="C:\\Users", lpFilePart=0x73e054*="Users") returned 0x8 [0263.368] SysReAllocStringLen (in: pbstr=0x73e298*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e298*="C:") returned 1 [0263.368] SysReAllocStringLen (in: pbstr=0x73e254*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e254*="C:\\") returned 1 [0263.368] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.368] SysReAllocStringLen (in: pbstr=0x73e250*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e250*="C:\\") returned 1 [0263.368] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.368] SetLastError (dwErrCode=0x0) [0263.368] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0263.368] GetLastError () returned 0x0 [0263.369] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x73e2bc | out: lpFindFileData=0x73e2bc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x29a50bc2, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x9204d0, dwReserved1=0x900000, cFileName="Users", cAlternateFileName="")) returned 0x91d930 [0263.369] FileTimeToLocalFileTime (in: lpFileTime=0x73e2d0, lpLocalFileTime=0x73e240 | out: lpLocalFileTime=0x73e240) returned 1 [0263.369] FileTimeToDosDateTime (in: lpFileTime=0x73e240, lpFatDate=0x73e29e, lpFatTime=0x73e29c | out: lpFatDate=0x73e29e, lpFatTime=0x73e29c) returned 1 [0263.369] FindClose (in: hFindFile=0x91d930 | out: hFindFile=0x91d930) returned 1 [0263.369] SysReAllocStringLen (in: pbstr=0x73e7cc*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x73e7cc*="C:\\Users") returned 1 [0263.369] SysReAllocStringLen (in: pbstr=0x73e540*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x73e540*="C:\\Users") returned 1 [0263.369] SysReAllocStringLen (in: pbstr=0x73e7cc*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e7cc*="C:\\Users\\") returned 1 [0263.369] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73e574 | out: lpFindFileData=0x73e574*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29c66c9e, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="OqXZRaykm", cAlternateFileName="OQXZRA~1")) returned 0x91dcb0 [0263.369] FileTimeToLocalFileTime (in: lpFileTime=0x73e588, lpLocalFileTime=0x73e4f8 | out: lpLocalFileTime=0x73e4f8) returned 1 [0263.370] FileTimeToDosDateTime (in: lpFileTime=0x73e4f8, lpFatDate=0x73e556, lpFatTime=0x73e554 | out: lpFatDate=0x73e556, lpFatTime=0x73e554) returned 1 [0263.370] FindClose (in: hFindFile=0x91dcb0 | out: hFindFile=0x91dcb0) returned 1 [0263.370] SysReAllocStringLen (in: pbstr=0x73ea84*="C:\\Users\\OQXZRA~1", psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73ea84*="C:\\Users\\OqXZRaykm") returned 1 [0263.370] SysReAllocStringLen (in: pbstr=0x73e7f8*=0x0, psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73e7f8*="C:\\Users\\OqXZRaykm") returned 1 [0263.370] SysReAllocStringLen (in: pbstr=0x73ea84*="C:\\Users\\OqXZRaykm", psz="C:\\Users\\OqXZRaykm\\", len=0x13 | out: pbstr=0x73ea84*="C:\\Users\\OqXZRaykm\\") returned 1 [0263.370] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73e82c | out: lpFindFileData=0x73e82c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29de43c9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="AppData", cAlternateFileName="")) returned 0x91e030 [0263.370] FileTimeToLocalFileTime (in: lpFileTime=0x73e840, lpLocalFileTime=0x73e7b0 | out: lpLocalFileTime=0x73e7b0) returned 1 [0263.370] FileTimeToDosDateTime (in: lpFileTime=0x73e7b0, lpFatDate=0x73e80e, lpFatTime=0x73e80c | out: lpFatDate=0x73e80e, lpFatTime=0x73e80c) returned 1 [0263.370] FindClose (in: hFindFile=0x91e030 | out: hFindFile=0x91e030) returned 1 [0263.371] SysReAllocStringLen (in: pbstr=0x73ed3c*="C:\\Users\\OQXZRA~1\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73ed3c*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0263.371] SysReAllocStringLen (in: pbstr=0x73eab0*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73eab0*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0263.371] SysReAllocStringLen (in: pbstr=0x73ed3c*="C:\\Users\\OqXZRaykm\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData\\", len=0x1b | out: pbstr=0x73ed3c*="C:\\Users\\OqXZRaykm\\AppData\\") returned 1 [0263.371] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73eae4 | out: lpFindFileData=0x73eae4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2deab81f, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7e8773d3, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x1dd, dwReserved1=0x1dd, cFileName="Local", cAlternateFileName="")) returned 0x91d970 [0263.371] FileTimeToLocalFileTime (in: lpFileTime=0x73eaf8, lpLocalFileTime=0x73ea68 | out: lpLocalFileTime=0x73ea68) returned 1 [0263.371] FileTimeToDosDateTime (in: lpFileTime=0x73ea68, lpFatDate=0x73eac6, lpFatTime=0x73eac4 | out: lpFatDate=0x73eac6, lpFatTime=0x73eac4) returned 1 [0263.371] FindClose (in: hFindFile=0x91d970 | out: hFindFile=0x91d970) returned 1 [0263.372] SysReAllocStringLen (in: pbstr=0x73eff4*="C:\\Users\\OQXZRA~1\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73eff4*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0263.372] SysReAllocStringLen (in: pbstr=0x73ed68*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73ed68*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0263.372] SysReAllocStringLen (in: pbstr=0x73eff4*="C:\\Users\\OqXZRaykm\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\", len=0x21 | out: pbstr=0x73eff4*="C:\\Users\\OqXZRaykm\\AppData\\Local\\") returned 1 [0263.372] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73ed9c | out: lpFindFileData=0x73ed9c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6d556de9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d556de9, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x920598, dwReserved1=0x900000, cFileName="Temp", cAlternateFileName="")) returned 0x91e030 [0263.372] FileTimeToLocalFileTime (in: lpFileTime=0x73edb0, lpLocalFileTime=0x73ed20 | out: lpLocalFileTime=0x73ed20) returned 1 [0263.372] FileTimeToDosDateTime (in: lpFileTime=0x73ed20, lpFatDate=0x73ed7e, lpFatTime=0x73ed7c | out: lpFatDate=0x73ed7e, lpFatTime=0x73ed7c) returned 1 [0263.372] FindClose (in: hFindFile=0x91e030 | out: hFindFile=0x91e030) returned 1 [0263.373] SysReAllocStringLen (in: pbstr=0x73f2ac*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73f2ac*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0263.373] SysReAllocStringLen (in: pbstr=0x73f020*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73f020*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0263.373] SysReAllocStringLen (in: pbstr=0x73f2ac*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\", len=0x26 | out: pbstr=0x73f2ac*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\") returned 1 [0263.373] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73f054 | out: lpFindFileData=0x73f054*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6d556de9, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x6d7469be, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d7469be, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RarSFX1", cAlternateFileName="")) returned 0x91dcf0 [0263.373] FileTimeToLocalFileTime (in: lpFileTime=0x73f068, lpLocalFileTime=0x73efd8 | out: lpLocalFileTime=0x73efd8) returned 1 [0263.373] FileTimeToDosDateTime (in: lpFileTime=0x73efd8, lpFatDate=0x73f036, lpFatTime=0x73f034 | out: lpFatDate=0x73f036, lpFatTime=0x73f034) returned 1 [0263.373] FindClose (in: hFindFile=0x91dcf0 | out: hFindFile=0x91dcf0) returned 1 [0263.374] SysReAllocStringLen (in: pbstr=0x73f2f0*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73f2f0*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0263.375] SysReAllocStringLen (in: pbstr=0x73f324*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", len=0x3d | out: pbstr=0x73f324*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config") returned 1 [0263.375] SysReAllocStringLen (in: pbstr=0x73f2d4*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", len=0x3d | out: pbstr=0x73f2d4*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config") returned 1 [0263.375] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", cchLength=0x3d | out: lpsz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe.config") returned 0x3d [0263.375] SysReAllocStringLen (in: pbstr=0x73f324*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe.config", len=0x3d | out: pbstr=0x73f324*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe.config") returned 1 [0263.376] CreateFileW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x294 [0263.376] GetLastError () returned 0x0 [0263.377] SysReAllocStringLen (in: pbstr=0x73f334*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x35 | out: pbstr=0x73f334*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0263.379] GetThreadLocale () returned 0x409 [0263.379] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0263.379] GetThreadLocale () returned 0x409 [0263.379] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0263.379] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x104, lpBuffer=0x73f0b8, lpFilePart=0x73f0b4 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x73f0b4*="gesf.exe") returned 0x35 [0263.379] SysReAllocStringLen (in: pbstr=0x73f334*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x35 | out: pbstr=0x73f334*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0263.379] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x104, lpBuffer=0x73ee00, lpFilePart=0x73edfc | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x73edfc*="gesf.exe") returned 0x35 [0263.380] SysReAllocStringLen (in: pbstr=0x73f040*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f040*="C:") returned 1 [0263.380] SysReAllocStringLen (in: pbstr=0x73effc*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73effc*="C:\\") returned 1 [0263.380] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.380] SysReAllocStringLen (in: pbstr=0x73eff8*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2d | out: pbstr=0x73eff8*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0263.380] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", cchLength=0x2d | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\") returned 0x2d [0263.380] SetLastError (dwErrCode=0x0) [0263.380] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\", cchCount1=45, lpString2="c:\\", cchCount2=3) returned 3 [0263.380] GetLastError () returned 0x0 [0263.380] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73f064 | out: lpFindFileData=0x73f064*(dwFileAttributes=0x3, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x9204b8, ftLastAccessTime.dwHighDateTime=0x19, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x70014, nFileSizeHigh=0x92aee8, nFileSizeLow=0x92bc58, dwReserved0=0x9204a8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="먼\x92j")) returned 0xffffffff [0263.380] GetLastError () returned 0x2 [0263.380] SysReAllocStringLen (in: pbstr=0x73f038*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2d | out: pbstr=0x73f038*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0263.380] SysReAllocStringLen (in: pbstr=0x73f2bc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", len=0x2c | out: pbstr=0x73f2bc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0263.380] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", nBufferLength=0x104, lpBuffer=0x73eb48, lpFilePart=0x73eb44 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", lpFilePart=0x73eb44*="RarSFX1") returned 0x2c [0263.381] SysReAllocStringLen (in: pbstr=0x73ed88*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ed88*="C:") returned 1 [0263.381] SysReAllocStringLen (in: pbstr=0x73ed44*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ed44*="C:\\") returned 1 [0263.381] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.381] SysReAllocStringLen (in: pbstr=0x73ed40*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73ed40*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0263.381] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", cchLength=0x25 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\") returned 0x25 [0263.381] SetLastError (dwErrCode=0x0) [0263.381] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\", cchCount1=37, lpString2="c:\\", cchCount2=3) returned 3 [0263.381] GetLastError () returned 0x0 [0263.381] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73edac | out: lpFindFileData=0x73edac*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x9204b8, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x190015, nFileSizeHigh=0x92aee8, nFileSizeLow=0x92af10, dwReserved0=0x9204a8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="匬\x93X")) returned 0xffffffff [0263.381] GetLastError () returned 0x2 [0263.381] SysReAllocStringLen (in: pbstr=0x73ed80*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73ed80*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0263.381] SysReAllocStringLen (in: pbstr=0x73f004*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", len=0x24 | out: pbstr=0x73f004*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp") returned 1 [0263.381] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x73e890, lpFilePart=0x73e88c | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", lpFilePart=0x73e88c*="Temp") returned 0x24 [0263.382] SysReAllocStringLen (in: pbstr=0x73ead0*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ead0*="C:") returned 1 [0263.382] SysReAllocStringLen (in: pbstr=0x73ea8c*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ea8c*="C:\\") returned 1 [0263.382] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.382] SysReAllocStringLen (in: pbstr=0x73ea88*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73ea88*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0263.382] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\") returned 0x20 [0263.382] SetLastError (dwErrCode=0x0) [0263.382] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0263.382] GetLastError () returned 0x0 [0263.382] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73eaf4 | out: lpFindFileData=0x73eaf4*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x3b0c68, ftLastAccessTime.dwLowDateTime=0x3b0c60, ftLastAccessTime.dwHighDateTime=0x7, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0xa0000, nFileSizeHigh=0x926900, nFileSizeLow=0x926b90, dwReserved0=0x920408, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="沜\x92H")) returned 0xffffffff [0263.382] GetLastError () returned 0x2 [0263.382] SysReAllocStringLen (in: pbstr=0x73eac8*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73eac8*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0263.382] SysReAllocStringLen (in: pbstr=0x73ed4c*="C:\\Users\\OQXZRA~1\\AppData\\Local\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local", len=0x1f | out: pbstr=0x73ed4c*="C:\\Users\\OQXZRA~1\\AppData\\Local") returned 1 [0263.382] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x73e5d8, lpFilePart=0x73e5d4 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local", lpFilePart=0x73e5d4*="Local") returned 0x1f [0263.383] SysReAllocStringLen (in: pbstr=0x73e818*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e818*="C:") returned 1 [0263.383] SysReAllocStringLen (in: pbstr=0x73e7d4*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e7d4*="C:\\") returned 1 [0263.383] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.383] SysReAllocStringLen (in: pbstr=0x73e7d0*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73e7d0*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0263.383] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\oqxzra~1\\appdata\\") returned 0x1a [0263.383] SetLastError (dwErrCode=0x0) [0263.383] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0263.383] GetLastError () returned 0x0 [0263.383] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73e83c | out: lpFindFileData=0x73e83c*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x9205d0, ftLastAccessTime.dwHighDateTime=0x17, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0xc0029, nFileSizeHigh=0x935898, nFileSizeLow=0x9360b0, dwReserved0=0x9205c0, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="媄\x93>")) returned 0xffffffff [0263.383] GetLastError () returned 0x2 [0263.383] SysReAllocStringLen (in: pbstr=0x73e810*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73e810*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0263.383] SysReAllocStringLen (in: pbstr=0x73ea94*="C:\\Users\\OQXZRA~1\\AppData\\", psz="C:\\Users\\OQXZRA~1\\AppData", len=0x19 | out: pbstr=0x73ea94*="C:\\Users\\OQXZRA~1\\AppData") returned 1 [0263.383] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData", nBufferLength=0x104, lpBuffer=0x73e320, lpFilePart=0x73e31c | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData", lpFilePart=0x73e31c*="AppData") returned 0x19 [0263.384] SysReAllocStringLen (in: pbstr=0x73e560*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e560*="C:") returned 1 [0263.384] SysReAllocStringLen (in: pbstr=0x73e51c*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e51c*="C:\\") returned 1 [0263.384] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.384] SysReAllocStringLen (in: pbstr=0x73e518*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73e518*="C:\\Users\\OQXZRA~1\\") returned 1 [0263.384] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\", cchLength=0x12 | out: lpsz="c:\\users\\oqxzra~1\\") returned 0x12 [0263.384] SetLastError (dwErrCode=0x0) [0263.384] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0263.384] GetLastError () returned 0x0 [0263.384] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73e584 | out: lpFindFileData=0x73e584*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x90b1f8, ftLastAccessTime.dwHighDateTime=0xa, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x160015, nFileSizeHigh=0x9248e8, nFileSizeLow=0x924be8, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="䧴\x922")) returned 0xffffffff [0263.384] GetLastError () returned 0x2 [0263.384] SysReAllocStringLen (in: pbstr=0x73e558*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73e558*="C:\\Users\\OQXZRA~1\\") returned 1 [0263.384] SysReAllocStringLen (in: pbstr=0x73e7dc*="C:\\Users\\OQXZRA~1\\", psz="C:\\Users\\OQXZRA~1", len=0x11 | out: pbstr=0x73e7dc*="C:\\Users\\OQXZRA~1") returned 1 [0263.384] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1", nBufferLength=0x104, lpBuffer=0x73e068, lpFilePart=0x73e064 | out: lpBuffer="C:\\Users\\OQXZRA~1", lpFilePart=0x73e064*="OQXZRA~1") returned 0x11 [0263.385] SysReAllocStringLen (in: pbstr=0x73e2a8*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e2a8*="C:") returned 1 [0263.385] SysReAllocStringLen (in: pbstr=0x73e264*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e264*="C:\\") returned 1 [0263.385] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.385] SysReAllocStringLen (in: pbstr=0x73e260*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e260*="C:\\Users\\") returned 1 [0263.385] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0263.385] SetLastError (dwErrCode=0x0) [0263.385] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0263.385] GetLastError () returned 0x0 [0263.385] FindFirstFileW (in: lpFileName="C:\\Users\\" (normalized: "c:\\users"), lpFindFileData=0x73e2cc | out: lpFindFileData=0x73e2cc*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x90b1f8, ftLastAccessTime.dwHighDateTime=0x15, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0xa0016, nFileSizeHigh=0x9248e8, nFileSizeLow=0x924f00, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="䮤\x92\"")) returned 0xffffffff [0263.385] GetLastError () returned 0x2 [0263.385] SysReAllocStringLen (in: pbstr=0x73e2a0*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e2a0*="C:\\Users\\") returned 1 [0263.385] SysReAllocStringLen (in: pbstr=0x73e524*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x73e524*="C:\\Users") returned 1 [0263.385] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x73ddb0, lpFilePart=0x73ddac | out: lpBuffer="C:\\Users", lpFilePart=0x73ddac*="Users") returned 0x8 [0263.385] SysReAllocStringLen (in: pbstr=0x73dff0*=0x0, psz="C:", len=0x2 | out: pbstr=0x73dff0*="C:") returned 1 [0263.386] SysReAllocStringLen (in: pbstr=0x73dfac*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73dfac*="C:\\") returned 1 [0263.386] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.386] SysReAllocStringLen (in: pbstr=0x73dfa8*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73dfa8*="C:\\") returned 1 [0263.386] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.386] SetLastError (dwErrCode=0x0) [0263.386] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0263.386] GetLastError () returned 0x0 [0263.386] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x73e014 | out: lpFindFileData=0x73e014*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x29a50bc2, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x9204d0, dwReserved1=0x900000, cFileName="Users", cAlternateFileName="")) returned 0x91dcb0 [0263.386] FileTimeToLocalFileTime (in: lpFileTime=0x73e028, lpLocalFileTime=0x73df98 | out: lpLocalFileTime=0x73df98) returned 1 [0263.386] FileTimeToDosDateTime (in: lpFileTime=0x73df98, lpFatDate=0x73dff6, lpFatTime=0x73dff4 | out: lpFatDate=0x73dff6, lpFatTime=0x73dff4) returned 1 [0263.386] FindClose (in: hFindFile=0x91dcb0 | out: hFindFile=0x91dcb0) returned 1 [0263.386] SysReAllocStringLen (in: pbstr=0x73e524*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x73e524*="C:\\Users") returned 1 [0263.386] SysReAllocStringLen (in: pbstr=0x73e298*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x73e298*="C:\\Users") returned 1 [0263.387] SysReAllocStringLen (in: pbstr=0x73e524*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e524*="C:\\Users\\") returned 1 [0263.387] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73e2cc | out: lpFindFileData=0x73e2cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29c66c9e, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="OqXZRaykm", cAlternateFileName="OQXZRA~1")) returned 0x91dcb0 [0263.387] FileTimeToLocalFileTime (in: lpFileTime=0x73e2e0, lpLocalFileTime=0x73e250 | out: lpLocalFileTime=0x73e250) returned 1 [0263.387] FileTimeToDosDateTime (in: lpFileTime=0x73e250, lpFatDate=0x73e2ae, lpFatTime=0x73e2ac | out: lpFatDate=0x73e2ae, lpFatTime=0x73e2ac) returned 1 [0263.387] FindClose (in: hFindFile=0x91dcb0 | out: hFindFile=0x91dcb0) returned 1 [0263.387] SysReAllocStringLen (in: pbstr=0x73e7dc*="C:\\Users\\OQXZRA~1", psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73e7dc*="C:\\Users\\OqXZRaykm") returned 1 [0263.387] SysReAllocStringLen (in: pbstr=0x73e550*=0x0, psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73e550*="C:\\Users\\OqXZRaykm") returned 1 [0263.387] SysReAllocStringLen (in: pbstr=0x73e7dc*="C:\\Users\\OqXZRaykm", psz="C:\\Users\\OqXZRaykm\\", len=0x13 | out: pbstr=0x73e7dc*="C:\\Users\\OqXZRaykm\\") returned 1 [0263.387] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73e584 | out: lpFindFileData=0x73e584*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29de43c9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="AppData", cAlternateFileName="")) returned 0x91dcb0 [0263.388] FileTimeToLocalFileTime (in: lpFileTime=0x73e598, lpLocalFileTime=0x73e508 | out: lpLocalFileTime=0x73e508) returned 1 [0263.388] FileTimeToDosDateTime (in: lpFileTime=0x73e508, lpFatDate=0x73e566, lpFatTime=0x73e564 | out: lpFatDate=0x73e566, lpFatTime=0x73e564) returned 1 [0263.388] FindClose (in: hFindFile=0x91dcb0 | out: hFindFile=0x91dcb0) returned 1 [0263.388] SysReAllocStringLen (in: pbstr=0x73ea94*="C:\\Users\\OQXZRA~1\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73ea94*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0263.388] SysReAllocStringLen (in: pbstr=0x73e808*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73e808*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0263.388] SysReAllocStringLen (in: pbstr=0x73ea94*="C:\\Users\\OqXZRaykm\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData\\", len=0x1b | out: pbstr=0x73ea94*="C:\\Users\\OqXZRaykm\\AppData\\") returned 1 [0263.388] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73e83c | out: lpFindFileData=0x73e83c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2deab81f, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7e8773d3, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x9205c0, dwReserved1=0x900000, cFileName="Local", cAlternateFileName="")) returned 0x91dcb0 [0263.388] FileTimeToLocalFileTime (in: lpFileTime=0x73e850, lpLocalFileTime=0x73e7c0 | out: lpLocalFileTime=0x73e7c0) returned 1 [0263.388] FileTimeToDosDateTime (in: lpFileTime=0x73e7c0, lpFatDate=0x73e81e, lpFatTime=0x73e81c | out: lpFatDate=0x73e81e, lpFatTime=0x73e81c) returned 1 [0263.389] FindClose (in: hFindFile=0x91dcb0 | out: hFindFile=0x91dcb0) returned 1 [0263.389] SysReAllocStringLen (in: pbstr=0x73ed4c*="C:\\Users\\OQXZRA~1\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73ed4c*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0263.389] SysReAllocStringLen (in: pbstr=0x73eac0*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73eac0*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0263.389] SysReAllocStringLen (in: pbstr=0x73ed4c*="C:\\Users\\OqXZRaykm\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\", len=0x21 | out: pbstr=0x73ed4c*="C:\\Users\\OqXZRaykm\\AppData\\Local\\") returned 1 [0263.389] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73eaf4 | out: lpFindFileData=0x73eaf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6d556de9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d556de9, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x920408, dwReserved1=0x900000, cFileName="Temp", cAlternateFileName="")) returned 0x91dcb0 [0263.389] FileTimeToLocalFileTime (in: lpFileTime=0x73eb08, lpLocalFileTime=0x73ea78 | out: lpLocalFileTime=0x73ea78) returned 1 [0263.389] FileTimeToDosDateTime (in: lpFileTime=0x73ea78, lpFatDate=0x73ead6, lpFatTime=0x73ead4 | out: lpFatDate=0x73ead6, lpFatTime=0x73ead4) returned 1 [0263.389] FindClose (in: hFindFile=0x91dcb0 | out: hFindFile=0x91dcb0) returned 1 [0263.390] SysReAllocStringLen (in: pbstr=0x73f004*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73f004*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0263.390] SysReAllocStringLen (in: pbstr=0x73ed78*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73ed78*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0263.390] SysReAllocStringLen (in: pbstr=0x73f004*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\", len=0x26 | out: pbstr=0x73f004*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\") returned 1 [0263.390] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73edac | out: lpFindFileData=0x73edac*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6d556de9, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x6d7469be, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d7469be, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x9204a8, dwReserved1=0x900000, cFileName="RarSFX1", cAlternateFileName="")) returned 0x91dcb0 [0263.390] FileTimeToLocalFileTime (in: lpFileTime=0x73edc0, lpLocalFileTime=0x73ed30 | out: lpLocalFileTime=0x73ed30) returned 1 [0263.390] FileTimeToDosDateTime (in: lpFileTime=0x73ed30, lpFatDate=0x73ed8e, lpFatTime=0x73ed8c | out: lpFatDate=0x73ed8e, lpFatTime=0x73ed8c) returned 1 [0263.390] FindClose (in: hFindFile=0x91dcb0 | out: hFindFile=0x91dcb0) returned 1 [0263.390] SysReAllocStringLen (in: pbstr=0x73f2bc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73f2bc*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0263.391] SysReAllocStringLen (in: pbstr=0x73f030*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73f030*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0263.391] SysReAllocStringLen (in: pbstr=0x73f2bc*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2e | out: pbstr=0x73f2bc*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0263.391] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe"), lpFindFileData=0x73f064 | out: lpFindFileData=0x73f064*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d7469be, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x6d805560, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xe5e7750c, ftLastWriteTime.dwHighDateTime=0x1da8528, nFileSizeHigh=0x0, nFileSizeLow=0x11bc00, dwReserved0=0x9204a8, dwReserved1=0x900000, cFileName="gesf.exe", cAlternateFileName="")) returned 0x91dcb0 [0263.391] FileTimeToLocalFileTime (in: lpFileTime=0x73f078, lpLocalFileTime=0x73efe8 | out: lpLocalFileTime=0x73efe8) returned 1 [0263.391] FileTimeToDosDateTime (in: lpFileTime=0x73efe8, lpFatDate=0x73f046, lpFatTime=0x73f044 | out: lpFatDate=0x73f046, lpFatTime=0x73f044) returned 1 [0263.391] FindClose (in: hFindFile=0x91dcb0 | out: hFindFile=0x91dcb0) returned 1 [0263.391] SysReAllocStringLen (in: pbstr=0x73f334*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x36 | out: pbstr=0x73f334*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0263.391] SysReAllocStringLen (in: pbstr=0x73f2e4*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x36 | out: pbstr=0x73f2e4*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0263.391] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", cchLength=0x36 | out: lpsz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe") returned 0x36 [0263.391] SysReAllocStringLen (in: pbstr=0x73f334*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe", len=0x36 | out: pbstr=0x73f334*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe") returned 1 [0263.392] GetCurrentThreadId () returned 0xfe0 [0263.392] ResetEvent (hEvent=0x1f4) returned 1 [0263.392] GetCurrentThreadId () returned 0xfe0 [0263.392] GetCurrentThreadId () returned 0xfe0 [0263.392] GetCurrentThreadId () returned 0xfe0 [0263.392] GetCurrentThreadId () returned 0xfe0 [0263.392] ResetEvent (hEvent=0x1f4) returned 1 [0263.392] GetCurrentThreadId () returned 0xfe0 [0263.392] GetCurrentThreadId () returned 0xfe0 [0263.392] SetEvent (hEvent=0x1f8) returned 1 [0263.392] SetEvent (hEvent=0x1f4) returned 1 [0263.392] SetLastError (dwErrCode=0x0) [0263.392] GetCurrentThreadId () returned 0xfe0 [0263.392] GetCurrentThreadId () returned 0xfe0 [0263.392] GetCurrentThreadId () returned 0xfe0 [0263.392] GetCurrentThreadId () returned 0xfe0 [0263.392] GetCurrentThreadId () returned 0xfe0 [0263.392] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0263.395] GetCurrentThreadId () returned 0xfe0 [0263.395] GetCurrentThreadId () returned 0xfe0 [0263.395] GetCurrentThreadId () returned 0xfe0 [0263.395] SetEvent (hEvent=0x1f8) returned 1 [0263.395] CreateFileMappingW (hFile=0x294, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x298 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] ResetEvent (hEvent=0x1f4) returned 1 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] ResetEvent (hEvent=0x1f4) returned 1 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] SetEvent (hEvent=0x1f8) returned 1 [0263.396] SetEvent (hEvent=0x1f4) returned 1 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] GetCurrentThreadId () returned 0xfe0 [0263.396] SetEvent (hEvent=0x1f8) returned 1 [0263.397] GetCurrentThreadId () returned 0xfe0 [0263.397] ResetEvent (hEvent=0x1f4) returned 1 [0263.397] GetCurrentThreadId () returned 0xfe0 [0263.397] GetCurrentThreadId () returned 0xfe0 [0263.397] GetCurrentThreadId () returned 0xfe0 [0263.397] GetCurrentThreadId () returned 0xfe0 [0263.397] ResetEvent (hEvent=0x1f4) returned 1 [0263.397] GetCurrentThreadId () returned 0xfe0 [0263.397] GetCurrentThreadId () returned 0xfe0 [0263.397] SetEvent (hEvent=0x1f8) returned 1 [0263.397] SetEvent (hEvent=0x1f4) returned 1 [0263.397] CloseHandle (hObject=0x294) returned 1 [0263.397] GetCurrentThreadId () returned 0xfe0 [0263.397] ResetEvent (hEvent=0x1f4) returned 1 [0263.398] GetCurrentThreadId () returned 0xfe0 [0263.398] GetCurrentThreadId () returned 0xfe0 [0263.398] GetCurrentThreadId () returned 0xfe0 [0263.398] GetCurrentThreadId () returned 0xfe0 [0263.398] ResetEvent (hEvent=0x1f4) returned 1 [0263.398] GetCurrentThreadId () returned 0xfe0 [0263.398] GetCurrentThreadId () returned 0xfe0 [0263.398] SetEvent (hEvent=0x1f8) returned 1 [0263.398] SetEvent (hEvent=0x1f4) returned 1 [0263.398] CloseHandle (hObject=0x298) returned 1 [0263.398] CreateFileW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000000, hTemplateFile=0x0) returned 0x298 [0263.398] GetLastError () returned 0x0 [0263.398] SysReAllocStringLen (in: pbstr=0x73f334*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x35 | out: pbstr=0x73f334*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0263.398] GetThreadLocale () returned 0x409 [0263.398] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0263.398] GetThreadLocale () returned 0x409 [0263.398] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0263.398] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x104, lpBuffer=0x73f0b8, lpFilePart=0x73f0b4 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x73f0b4*="gesf.exe") returned 0x35 [0263.398] SysReAllocStringLen (in: pbstr=0x73f334*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x35 | out: pbstr=0x73f334*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0263.398] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x104, lpBuffer=0x73ee00, lpFilePart=0x73edfc | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x73edfc*="gesf.exe") returned 0x35 [0263.399] SysReAllocStringLen (in: pbstr=0x73f040*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f040*="C:") returned 1 [0263.399] SysReAllocStringLen (in: pbstr=0x73effc*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73effc*="C:\\") returned 1 [0263.399] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.399] SysReAllocStringLen (in: pbstr=0x73eff8*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2d | out: pbstr=0x73eff8*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0263.399] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", cchLength=0x2d | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\") returned 0x2d [0263.399] SetLastError (dwErrCode=0x0) [0263.399] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\", cchCount1=45, lpString2="c:\\", cchCount2=3) returned 3 [0263.399] GetLastError () returned 0x0 [0263.399] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73f064 | out: lpFindFileData=0x73f064*(dwFileAttributes=0x3, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x9204b8, ftLastAccessTime.dwHighDateTime=0x18, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x180014, nFileSizeHigh=0x92aee8, nFileSizeLow=0x92bbd0, dwReserved0=0x9204a8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="먼\x92j")) returned 0xffffffff [0263.399] GetLastError () returned 0x2 [0263.399] SysReAllocStringLen (in: pbstr=0x73f038*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2d | out: pbstr=0x73f038*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0263.399] SysReAllocStringLen (in: pbstr=0x73f2bc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", len=0x2c | out: pbstr=0x73f2bc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0263.400] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", nBufferLength=0x104, lpBuffer=0x73eb48, lpFilePart=0x73eb44 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", lpFilePart=0x73eb44*="RarSFX1") returned 0x2c [0263.400] SysReAllocStringLen (in: pbstr=0x73ed88*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ed88*="C:") returned 1 [0263.400] SysReAllocStringLen (in: pbstr=0x73ed44*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ed44*="C:\\") returned 1 [0263.400] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.400] SysReAllocStringLen (in: pbstr=0x73ed40*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73ed40*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0263.400] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", cchLength=0x25 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\") returned 0x25 [0263.400] SetLastError (dwErrCode=0x0) [0263.400] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\", cchCount1=37, lpString2="c:\\", cchCount2=3) returned 3 [0263.400] GetLastError () returned 0x0 [0263.400] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73edac | out: lpFindFileData=0x73edac*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x9204b8, ftLastAccessTime.dwHighDateTime=0x11, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x180015, nFileSizeHigh=0x92aee8, nFileSizeLow=0x92b818, dwReserved0=0x9204a8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="叼\x93X")) returned 0xffffffff [0263.400] GetLastError () returned 0x2 [0263.400] SysReAllocStringLen (in: pbstr=0x73ed80*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73ed80*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0263.400] SysReAllocStringLen (in: pbstr=0x73f004*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", len=0x24 | out: pbstr=0x73f004*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp") returned 1 [0263.401] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x73e890, lpFilePart=0x73e88c | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", lpFilePart=0x73e88c*="Temp") returned 0x24 [0263.401] SysReAllocStringLen (in: pbstr=0x73ead0*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ead0*="C:") returned 1 [0263.401] SysReAllocStringLen (in: pbstr=0x73ea8c*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ea8c*="C:\\") returned 1 [0263.401] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.401] SysReAllocStringLen (in: pbstr=0x73ea88*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73ea88*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0263.401] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\") returned 0x20 [0263.401] SetLastError (dwErrCode=0x0) [0263.401] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0263.401] GetLastError () returned 0x0 [0263.401] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73eaf4 | out: lpFindFileData=0x73eaf4*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x3b0c68, ftLastAccessTime.dwLowDateTime=0x3b0c60, ftLastAccessTime.dwHighDateTime=0x8, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x70000, nFileSizeHigh=0x926900, nFileSizeLow=0x926be8, dwReserved0=0x920408, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="殔\x92H")) returned 0xffffffff [0263.401] GetLastError () returned 0x2 [0263.401] SysReAllocStringLen (in: pbstr=0x73eac8*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73eac8*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0263.401] SysReAllocStringLen (in: pbstr=0x73ed4c*="C:\\Users\\OQXZRA~1\\AppData\\Local\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local", len=0x1f | out: pbstr=0x73ed4c*="C:\\Users\\OQXZRA~1\\AppData\\Local") returned 1 [0263.401] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x73e5d8, lpFilePart=0x73e5d4 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local", lpFilePart=0x73e5d4*="Local") returned 0x1f [0263.402] SysReAllocStringLen (in: pbstr=0x73e818*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e818*="C:") returned 1 [0263.402] SysReAllocStringLen (in: pbstr=0x73e7d4*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e7d4*="C:\\") returned 1 [0263.402] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.402] SysReAllocStringLen (in: pbstr=0x73e7d0*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73e7d0*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0263.402] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\oqxzra~1\\appdata\\") returned 0x1a [0263.402] SetLastError (dwErrCode=0x0) [0263.402] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0263.402] GetLastError () returned 0x0 [0263.402] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73e83c | out: lpFindFileData=0x73e83c*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x920620, ftLastAccessTime.dwHighDateTime=0xf, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x70029, nFileSizeHigh=0x935898, nFileSizeLow=0x935df0, dwReserved0=0x920610, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="幌\x93>")) returned 0xffffffff [0263.402] GetLastError () returned 0x2 [0263.402] SysReAllocStringLen (in: pbstr=0x73e810*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73e810*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0263.402] SysReAllocStringLen (in: pbstr=0x73ea94*="C:\\Users\\OQXZRA~1\\AppData\\", psz="C:\\Users\\OQXZRA~1\\AppData", len=0x19 | out: pbstr=0x73ea94*="C:\\Users\\OQXZRA~1\\AppData") returned 1 [0263.402] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData", nBufferLength=0x104, lpBuffer=0x73e320, lpFilePart=0x73e31c | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData", lpFilePart=0x73e31c*="AppData") returned 0x19 [0263.403] SysReAllocStringLen (in: pbstr=0x73e560*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e560*="C:") returned 1 [0263.403] SysReAllocStringLen (in: pbstr=0x73e51c*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e51c*="C:\\") returned 1 [0263.403] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.403] SysReAllocStringLen (in: pbstr=0x73e518*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73e518*="C:\\Users\\OQXZRA~1\\") returned 1 [0263.403] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\", cchLength=0x12 | out: lpsz="c:\\users\\oqxzra~1\\") returned 0x12 [0263.403] SetLastError (dwErrCode=0x0) [0263.403] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0263.403] GetLastError () returned 0x0 [0263.403] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73e584 | out: lpFindFileData=0x73e584*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x90b1f8, ftLastAccessTime.dwHighDateTime=0x10, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0xf0015, nFileSizeHigh=0x9248e8, nFileSizeLow=0x924d98, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="値\x922")) returned 0xffffffff [0263.403] GetLastError () returned 0x2 [0263.403] SysReAllocStringLen (in: pbstr=0x73e558*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73e558*="C:\\Users\\OQXZRA~1\\") returned 1 [0263.403] SysReAllocStringLen (in: pbstr=0x73e7dc*="C:\\Users\\OQXZRA~1\\", psz="C:\\Users\\OQXZRA~1", len=0x11 | out: pbstr=0x73e7dc*="C:\\Users\\OQXZRA~1") returned 1 [0263.403] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1", nBufferLength=0x104, lpBuffer=0x73e068, lpFilePart=0x73e064 | out: lpBuffer="C:\\Users\\OQXZRA~1", lpFilePart=0x73e064*="OQXZRA~1") returned 0x11 [0263.404] SysReAllocStringLen (in: pbstr=0x73e2a8*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e2a8*="C:") returned 1 [0263.404] SysReAllocStringLen (in: pbstr=0x73e264*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e264*="C:\\") returned 1 [0263.404] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.404] SysReAllocStringLen (in: pbstr=0x73e260*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e260*="C:\\Users\\") returned 1 [0263.404] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0263.404] SetLastError (dwErrCode=0x0) [0263.404] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0263.404] GetLastError () returned 0x0 [0263.404] FindFirstFileW (in: lpFileName="C:\\Users\\" (normalized: "c:\\users"), lpFindFileData=0x73e2cc | out: lpFindFileData=0x73e2cc*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x90b1f8, ftLastAccessTime.dwHighDateTime=0x3, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x100016, nFileSizeHigh=0x9248e8, nFileSizeLow=0x9249f0, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="ss蚆矘\n", cAlternateFileName="凔\x92\"")) returned 0xffffffff [0263.404] GetLastError () returned 0x2 [0263.404] SysReAllocStringLen (in: pbstr=0x73e2a0*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e2a0*="C:\\Users\\") returned 1 [0263.404] SysReAllocStringLen (in: pbstr=0x73e524*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x73e524*="C:\\Users") returned 1 [0263.404] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x73ddb0, lpFilePart=0x73ddac | out: lpBuffer="C:\\Users", lpFilePart=0x73ddac*="Users") returned 0x8 [0263.405] SysReAllocStringLen (in: pbstr=0x73dff0*=0x0, psz="C:", len=0x2 | out: pbstr=0x73dff0*="C:") returned 1 [0263.405] SysReAllocStringLen (in: pbstr=0x73dfac*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73dfac*="C:\\") returned 1 [0263.405] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.405] SysReAllocStringLen (in: pbstr=0x73dfa8*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73dfa8*="C:\\") returned 1 [0263.405] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0263.405] SetLastError (dwErrCode=0x0) [0263.405] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0263.405] GetLastError () returned 0x0 [0263.405] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x73e014 | out: lpFindFileData=0x73e014*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x29a50bc2, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x9204d0, dwReserved1=0x900000, cFileName="Users", cAlternateFileName="")) returned 0x91e030 [0263.405] FileTimeToLocalFileTime (in: lpFileTime=0x73e028, lpLocalFileTime=0x73df98 | out: lpLocalFileTime=0x73df98) returned 1 [0263.405] FileTimeToDosDateTime (in: lpFileTime=0x73df98, lpFatDate=0x73dff6, lpFatTime=0x73dff4 | out: lpFatDate=0x73dff6, lpFatTime=0x73dff4) returned 1 [0263.405] FindClose (in: hFindFile=0x91e030 | out: hFindFile=0x91e030) returned 1 [0263.406] SysReAllocStringLen (in: pbstr=0x73e524*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x73e524*="C:\\Users") returned 1 [0263.406] SysReAllocStringLen (in: pbstr=0x73e298*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x73e298*="C:\\Users") returned 1 [0263.406] SysReAllocStringLen (in: pbstr=0x73e524*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e524*="C:\\Users\\") returned 1 [0263.406] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73e2cc | out: lpFindFileData=0x73e2cc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29c66c9e, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="OqXZRaykm", cAlternateFileName="OQXZRA~1")) returned 0x91d930 [0263.406] FileTimeToLocalFileTime (in: lpFileTime=0x73e2e0, lpLocalFileTime=0x73e250 | out: lpLocalFileTime=0x73e250) returned 1 [0263.406] FileTimeToDosDateTime (in: lpFileTime=0x73e250, lpFatDate=0x73e2ae, lpFatTime=0x73e2ac | out: lpFatDate=0x73e2ae, lpFatTime=0x73e2ac) returned 1 [0263.406] FindClose (in: hFindFile=0x91d930 | out: hFindFile=0x91d930) returned 1 [0263.406] SysReAllocStringLen (in: pbstr=0x73e7dc*="C:\\Users\\OQXZRA~1", psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73e7dc*="C:\\Users\\OqXZRaykm") returned 1 [0263.406] SysReAllocStringLen (in: pbstr=0x73e550*=0x0, psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73e550*="C:\\Users\\OqXZRaykm") returned 1 [0263.407] SysReAllocStringLen (in: pbstr=0x73e7dc*="C:\\Users\\OqXZRaykm", psz="C:\\Users\\OqXZRaykm\\", len=0x13 | out: pbstr=0x73e7dc*="C:\\Users\\OqXZRaykm\\") returned 1 [0263.407] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73e584 | out: lpFindFileData=0x73e584*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29de43c9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x90b1e8, dwReserved1=0x900000, cFileName="AppData", cAlternateFileName="")) returned 0x91d930 [0263.407] FileTimeToLocalFileTime (in: lpFileTime=0x73e598, lpLocalFileTime=0x73e508 | out: lpLocalFileTime=0x73e508) returned 1 [0263.407] FileTimeToDosDateTime (in: lpFileTime=0x73e508, lpFatDate=0x73e566, lpFatTime=0x73e564 | out: lpFatDate=0x73e566, lpFatTime=0x73e564) returned 1 [0263.407] FindClose (in: hFindFile=0x91d930 | out: hFindFile=0x91d930) returned 1 [0263.407] SysReAllocStringLen (in: pbstr=0x73ea94*="C:\\Users\\OQXZRA~1\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73ea94*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0263.407] SysReAllocStringLen (in: pbstr=0x73e808*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73e808*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0263.407] SysReAllocStringLen (in: pbstr=0x73ea94*="C:\\Users\\OqXZRaykm\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData\\", len=0x1b | out: pbstr=0x73ea94*="C:\\Users\\OqXZRaykm\\AppData\\") returned 1 [0263.407] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73e83c | out: lpFindFileData=0x73e83c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2deab81f, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7e8773d3, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x920610, dwReserved1=0x900000, cFileName="Local", cAlternateFileName="")) returned 0x91dcb0 [0263.408] FileTimeToLocalFileTime (in: lpFileTime=0x73e850, lpLocalFileTime=0x73e7c0 | out: lpLocalFileTime=0x73e7c0) returned 1 [0263.408] FileTimeToDosDateTime (in: lpFileTime=0x73e7c0, lpFatDate=0x73e81e, lpFatTime=0x73e81c | out: lpFatDate=0x73e81e, lpFatTime=0x73e81c) returned 1 [0263.408] FindClose (in: hFindFile=0x91dcb0 | out: hFindFile=0x91dcb0) returned 1 [0263.409] SysReAllocStringLen (in: pbstr=0x73ed4c*="C:\\Users\\OQXZRA~1\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73ed4c*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0263.409] SysReAllocStringLen (in: pbstr=0x73eac0*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73eac0*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0263.409] SysReAllocStringLen (in: pbstr=0x73ed4c*="C:\\Users\\OqXZRaykm\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\", len=0x21 | out: pbstr=0x73ed4c*="C:\\Users\\OqXZRaykm\\AppData\\Local\\") returned 1 [0263.409] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73eaf4 | out: lpFindFileData=0x73eaf4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6d556de9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d556de9, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x920408, dwReserved1=0x900000, cFileName="Temp", cAlternateFileName="")) returned 0x91deb0 [0263.409] FileTimeToLocalFileTime (in: lpFileTime=0x73eb08, lpLocalFileTime=0x73ea78 | out: lpLocalFileTime=0x73ea78) returned 1 [0263.409] FileTimeToDosDateTime (in: lpFileTime=0x73ea78, lpFatDate=0x73ead6, lpFatTime=0x73ead4 | out: lpFatDate=0x73ead6, lpFatTime=0x73ead4) returned 1 [0263.409] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0263.410] SysReAllocStringLen (in: pbstr=0x73f004*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73f004*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0263.410] SysReAllocStringLen (in: pbstr=0x73ed78*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73ed78*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0263.410] SysReAllocStringLen (in: pbstr=0x73f004*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\", len=0x26 | out: pbstr=0x73f004*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\") returned 1 [0263.410] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73edac | out: lpFindFileData=0x73edac*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6d556de9, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x6d7469be, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d7469be, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x9204a8, dwReserved1=0x900000, cFileName="RarSFX1", cAlternateFileName="")) returned 0x91deb0 [0263.410] FileTimeToLocalFileTime (in: lpFileTime=0x73edc0, lpLocalFileTime=0x73ed30 | out: lpLocalFileTime=0x73ed30) returned 1 [0263.410] FileTimeToDosDateTime (in: lpFileTime=0x73ed30, lpFatDate=0x73ed8e, lpFatTime=0x73ed8c | out: lpFatDate=0x73ed8e, lpFatTime=0x73ed8c) returned 1 [0263.410] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0263.410] SysReAllocStringLen (in: pbstr=0x73f2bc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73f2bc*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0263.410] SysReAllocStringLen (in: pbstr=0x73f030*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73f030*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0263.410] SysReAllocStringLen (in: pbstr=0x73f2bc*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2e | out: pbstr=0x73f2bc*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0263.411] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe"), lpFindFileData=0x73f064 | out: lpFindFileData=0x73f064*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d7469be, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x6d805560, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xe5e7750c, ftLastWriteTime.dwHighDateTime=0x1da8528, nFileSizeHigh=0x0, nFileSizeLow=0x11bc00, dwReserved0=0x9204a8, dwReserved1=0x900000, cFileName="gesf.exe", cAlternateFileName="")) returned 0x91dcb0 [0263.411] FileTimeToLocalFileTime (in: lpFileTime=0x73f078, lpLocalFileTime=0x73efe8 | out: lpLocalFileTime=0x73efe8) returned 1 [0263.411] FileTimeToDosDateTime (in: lpFileTime=0x73efe8, lpFatDate=0x73f046, lpFatTime=0x73f044 | out: lpFatDate=0x73f046, lpFatTime=0x73f044) returned 1 [0263.411] FindClose (in: hFindFile=0x91dcb0 | out: hFindFile=0x91dcb0) returned 1 [0263.411] SysReAllocStringLen (in: pbstr=0x73f334*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x36 | out: pbstr=0x73f334*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0263.411] SysReAllocStringLen (in: pbstr=0x73f2e4*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x36 | out: pbstr=0x73f2e4*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0263.411] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", cchLength=0x36 | out: lpsz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe") returned 0x36 [0263.411] SysReAllocStringLen (in: pbstr=0x73f334*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe", len=0x36 | out: pbstr=0x73f334*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe") returned 1 [0263.411] GetCurrentThreadId () returned 0xfe0 [0263.412] ResetEvent (hEvent=0x1f4) returned 1 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] ResetEvent (hEvent=0x1f4) returned 1 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] SetEvent (hEvent=0x1f8) returned 1 [0263.412] SetEvent (hEvent=0x1f4) returned 1 [0263.412] SetLastError (dwErrCode=0x0) [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] SetEvent (hEvent=0x1f8) returned 1 [0263.412] CreateFileMappingW (hFile=0x298, lpFileMappingAttributes=0x0, flProtect=0x2, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x294 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.412] ResetEvent (hEvent=0x1f4) returned 1 [0263.412] GetCurrentThreadId () returned 0xfe0 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] ResetEvent (hEvent=0x1f4) returned 1 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] SetEvent (hEvent=0x1f8) returned 1 [0263.413] SetEvent (hEvent=0x1f4) returned 1 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] SetEvent (hEvent=0x1f8) returned 1 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] ResetEvent (hEvent=0x1f4) returned 1 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.413] GetCurrentThreadId () returned 0xfe0 [0263.414] GetCurrentThreadId () returned 0xfe0 [0263.414] GetCurrentThreadId () returned 0xfe0 [0263.414] ResetEvent (hEvent=0x1f4) returned 1 [0263.414] GetCurrentThreadId () returned 0xfe0 [0263.414] GetCurrentThreadId () returned 0xfe0 [0263.414] SetEvent (hEvent=0x1f8) returned 1 [0263.414] SetEvent (hEvent=0x1f4) returned 1 [0263.414] CloseHandle (hObject=0x298) returned 1 [0263.414] GetCurrentThreadId () returned 0xfe0 [0263.414] ResetEvent (hEvent=0x1f4) returned 1 [0263.414] GetCurrentThreadId () returned 0xfe0 [0263.414] GetCurrentThreadId () returned 0xfe0 [0263.414] GetCurrentThreadId () returned 0xfe0 [0263.414] GetCurrentThreadId () returned 0xfe0 [0263.414] ResetEvent (hEvent=0x1f4) returned 1 [0263.414] GetCurrentThreadId () returned 0xfe0 [0263.414] GetCurrentThreadId () returned 0xfe0 [0263.414] SetEvent (hEvent=0x1f8) returned 1 [0263.414] SetEvent (hEvent=0x1f4) returned 1 [0263.414] CloseHandle (hObject=0x294) returned 1 [0263.425] SysReAllocStringLen (in: pbstr=0x73f34c*=0x0, psz="api-ms-win-appmodel-runtime-l1-1-2.dll", len=0x26 | out: pbstr=0x73f34c*="api-ms-win-appmodel-runtime-l1-1-2.dll") returned 1 [0263.425] CharLowerBuffW (in: lpsz="api-ms-win-appmodel-runtime-l1-1-2.dll", cchLength=0x26 | out: lpsz="api-ms-win-appmodel-runtime-l1-1-2.dll") returned 0x26 [0263.426] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-2.dll", hFile=0x0, dwFlags=0x800) returned 0x758f0000 [0263.430] GetLastError () returned 0x0 [0263.431] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.431] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.431] GetModuleFileNameA (in: hModule=0x758f0000, lpFilename=0x73f230, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0263.431] GetCurrentProcess () returned 0xffffffff [0263.431] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f334*=0x758f93f4, NumberOfBytesToProtect=0x73f338, NewAccessProtection=0x4, OldAccessProtection=0x73f36c | out: BaseAddress=0x73f334*=0x758f9000, NumberOfBytesToProtect=0x73f338, OldAccessProtection=0x73f36c*=0x2) returned 0x0 [0263.432] GetCurrentProcess () returned 0xffffffff [0263.432] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f334*=0x758f93f4, NumberOfBytesToProtect=0x73f338, NewAccessProtection=0x2, OldAccessProtection=0x73f36c | out: BaseAddress=0x73f334*=0x758f9000, NumberOfBytesToProtect=0x73f338, OldAccessProtection=0x73f36c*=0x4) returned 0x0 [0263.432] GetCurrentProcess () returned 0xffffffff [0263.432] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f334*=0x758f9400, NumberOfBytesToProtect=0x73f338, NewAccessProtection=0x4, OldAccessProtection=0x73f36c | out: BaseAddress=0x73f334*=0x758f9000, NumberOfBytesToProtect=0x73f338, OldAccessProtection=0x73f36c*=0x2) returned 0x0 [0263.432] GetCurrentProcess () returned 0xffffffff [0263.432] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f334*=0x758f9400, NumberOfBytesToProtect=0x73f338, NewAccessProtection=0x2, OldAccessProtection=0x73f36c | out: BaseAddress=0x73f334*=0x758f9000, NumberOfBytesToProtect=0x73f338, OldAccessProtection=0x73f36c*=0x4) returned 0x0 [0263.433] SetLastError (dwErrCode=0x0) [0263.433] GetProcAddress (hModule=0x758f0000, lpProcName="AppPolicyGetClrCompat") returned 0x758f3a50 [0263.433] GetProcAddress (hModule=0x758f0000, lpProcName="GetCurrentPackageId") returned 0x758f3dd0 [0263.433] GetProcAddress (hModule=0x758f0000, lpProcName="GetCurrentPackageInfo") returned 0x758f3e00 [0263.434] GetProcAddress (hModule=0x758f0000, lpProcName="GetCurrentPackagePath") returned 0x758f3e20 [0263.434] GetProcAddress (hModule=0x75ff0000, lpProcName="OpenProcessToken") returned 0x7600df20 [0263.436] GetProcAddress (hModule=0x75ff0000, lpProcName="GetTokenInformation") returned 0x7600db80 [0263.436] GetCurrentThreadId () returned 0xfe0 [0263.436] ResetEvent (hEvent=0x1f4) returned 1 [0263.436] GetCurrentThreadId () returned 0xfe0 [0263.436] GetCurrentThreadId () returned 0xfe0 [0263.436] GetCurrentThreadId () returned 0xfe0 [0263.436] GetCurrentThreadId () returned 0xfe0 [0263.436] ResetEvent (hEvent=0x1f4) returned 1 [0263.436] GetCurrentThreadId () returned 0xfe0 [0263.436] GetCurrentThreadId () returned 0xfe0 [0263.436] SetEvent (hEvent=0x1f8) returned 1 [0263.437] SetEvent (hEvent=0x1f4) returned 1 [0263.437] CloseHandle (hObject=0x298) returned 1 [0263.437] GetCurrentThreadId () returned 0xfe0 [0263.437] ResetEvent (hEvent=0x1f4) returned 1 [0263.437] GetCurrentThreadId () returned 0xfe0 [0263.437] GetCurrentThreadId () returned 0xfe0 [0263.437] GetCurrentThreadId () returned 0xfe0 [0263.437] GetCurrentThreadId () returned 0xfe0 [0263.437] ResetEvent (hEvent=0x1f4) returned 1 [0263.437] GetCurrentThreadId () returned 0xfe0 [0263.437] GetCurrentThreadId () returned 0xfe0 [0263.437] SetEvent (hEvent=0x1f8) returned 1 [0263.437] SetEvent (hEvent=0x1f4) returned 1 [0263.437] CloseHandle (hObject=0x294) returned 1 [0263.442] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr="VERSION.dll", cbMultiByte=11, lpWideCharStr=0x73e11c, cchWideChar=2047 | out: lpWideCharStr="VERSION.dllRaykm\x02ȀppǨtaǨocal") returned 11 [0263.442] SysReAllocStringLen (in: pbstr=0x73f120*=0x0, psz="VERSION.dll", len=0xb | out: pbstr=0x73f120*="VERSION.dll") returned 1 [0263.442] CharLowerBuffW (in: lpsz="VERSION.dll", cchLength=0xb | out: lpsz="version.dll") returned 0xb [0263.442] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x800) returned 0x752b0000 [0263.442] GetLastError () returned 0x0 [0263.443] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.443] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.443] GetModuleFileNameA (in: hModule=0x752b0000, lpFilename=0x73f008, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0263.443] GetCurrentProcess () returned 0xffffffff [0263.443] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f10c*=0x752b50bc, NumberOfBytesToProtect=0x73f110, NewAccessProtection=0x4, OldAccessProtection=0x73f144 | out: BaseAddress=0x73f10c*=0x752b5000, NumberOfBytesToProtect=0x73f110, OldAccessProtection=0x73f144*=0x2) returned 0x0 [0263.444] GetCurrentProcess () returned 0xffffffff [0263.444] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f10c*=0x752b50bc, NumberOfBytesToProtect=0x73f110, NewAccessProtection=0x2, OldAccessProtection=0x73f144 | out: BaseAddress=0x73f10c*=0x752b5000, NumberOfBytesToProtect=0x73f110, OldAccessProtection=0x73f144*=0x4) returned 0x0 [0263.444] GetCurrentProcess () returned 0xffffffff [0263.444] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f10c*=0x752b50c8, NumberOfBytesToProtect=0x73f110, NewAccessProtection=0x4, OldAccessProtection=0x73f144 | out: BaseAddress=0x73f10c*=0x752b5000, NumberOfBytesToProtect=0x73f110, OldAccessProtection=0x73f144*=0x2) returned 0x0 [0263.445] GetCurrentProcess () returned 0xffffffff [0263.445] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f10c*=0x752b50c8, NumberOfBytesToProtect=0x73f110, NewAccessProtection=0x2, OldAccessProtection=0x73f144 | out: BaseAddress=0x73f10c*=0x752b5000, NumberOfBytesToProtect=0x73f110, OldAccessProtection=0x73f144*=0x4) returned 0x0 [0263.445] SetLastError (dwErrCode=0x0) [0263.445] GetProcAddress (hModule=0x752b0000, lpProcName="GetFileVersionInfoSizeW") returned 0x752b15c0 [0263.559] GetProcAddress (hModule=0x752b0000, lpProcName="GetFileVersionInfoW") returned 0x752b15e0 [0263.632] GetProcAddress (hModule=0x752b0000, lpProcName="VerQueryValueW") returned 0x752b1560 [0263.633] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll"), dwDesiredAccess=0x20000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000000, hTemplateFile=0x0) returned 0x290 [0263.634] GetLastError () returned 0x0 [0263.634] SysReAllocStringLen (in: pbstr=0x73f83c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x73f83c*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0263.634] GetThreadLocale () returned 0x409 [0263.634] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0263.634] GetThreadLocale () returned 0x409 [0263.634] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0263.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", nBufferLength=0x104, lpBuffer=0x73f5c0, lpFilePart=0x73f5bc | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", lpFilePart=0x73f5bc*="clr.dll") returned 0x35 [0263.634] SysReAllocStringLen (in: pbstr=0x73f83c*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x73f83c*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0263.634] SysReAllocStringLen (in: pbstr=0x73f7ec*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x73f7ec*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll") returned 1 [0263.634] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", cchLength=0x35 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") returned 0x35 [0263.634] SysReAllocStringLen (in: pbstr=0x73f83c*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll", len=0x35 | out: pbstr=0x73f83c*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") returned 1 [0263.634] SetLastError (dwErrCode=0x0) [0263.634] GetCurrentThreadId () returned 0xfe0 [0263.634] ResetEvent (hEvent=0x1f4) returned 1 [0263.634] GetCurrentThreadId () returned 0xfe0 [0263.634] GetCurrentThreadId () returned 0xfe0 [0263.634] GetCurrentThreadId () returned 0xfe0 [0263.634] GetCurrentThreadId () returned 0xfe0 [0263.634] ResetEvent (hEvent=0x1f4) returned 1 [0263.634] GetCurrentThreadId () returned 0xfe0 [0263.634] GetCurrentThreadId () returned 0xfe0 [0263.635] SetEvent (hEvent=0x1f8) returned 1 [0263.635] SetEvent (hEvent=0x1f4) returned 1 [0263.635] CloseHandle (hObject=0x290) returned 1 [0263.635] SysReAllocStringLen (in: pbstr=0x73fb90*=0x0, psz="clr.dll", len=0x7 | out: pbstr=0x73fb90*="clr.dll") returned 1 [0263.635] CharLowerBuffW (in: lpsz="clr.dll", cchLength=0x7 | out: lpsz="clr.dll") returned 0x7 [0263.636] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", hFile=0x0, dwFlags=0x8) returned 0x6f850000 [0263.673] SysReAllocStringLen (in: pbstr=0x73f670*=0x0, psz="api-ms-win-core-synch-l1-2-0", len=0x1c | out: pbstr=0x73f670*="api-ms-win-core-synch-l1-2-0") returned 1 [0263.673] CharLowerBuffW (in: lpsz="api-ms-win-core-synch-l1-2-0", cchLength=0x1c | out: lpsz="api-ms-win-core-synch-l1-2-0") returned 0x1c [0263.673] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0263.673] GetLastError () returned 0x0 [0263.673] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0263.674] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0263.797] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73f554, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0264.037] SetLastError (dwErrCode=0x0) [0264.037] GetProcAddress (hModule=0x77580000, lpProcName="InitializeCriticalSectionEx") returned 0x776a1900 [0264.038] SysReAllocStringLen (in: pbstr=0x73f680*=0x0, psz="api-ms-win-core-fibers-l1-1-1", len=0x1d | out: pbstr=0x73f680*="api-ms-win-core-fibers-l1-1-1") returned 1 [0264.038] CharLowerBuffW (in: lpsz="api-ms-win-core-fibers-l1-1-1", cchLength=0x1d | out: lpsz="api-ms-win-core-fibers-l1-1-1") returned 0x1d [0264.038] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0264.039] GetLastError () returned 0x0 [0264.039] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.039] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0264.039] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73f564, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0264.039] SetLastError (dwErrCode=0x0) [0264.040] GetProcAddress (hModule=0x77580000, lpProcName="FlsAlloc") returned 0x776a7280 [0264.040] GetProcAddress (hModule=0x77580000, lpProcName="FlsSetValue") returned 0x77699870 [0264.041] SysReAllocStringLen (in: pbstr=0x73f64c*=0x0, psz="api-ms-win-core-synch-l1-2-0", len=0x1c | out: pbstr=0x73f64c*="api-ms-win-core-synch-l1-2-0") returned 1 [0264.041] CharLowerBuffW (in: lpsz="api-ms-win-core-synch-l1-2-0", cchLength=0x1c | out: lpsz="api-ms-win-core-synch-l1-2-0") returned 0x1c [0264.041] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0264.041] GetLastError () returned 0x0 [0264.041] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.042] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0264.042] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73f530, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0264.042] SetLastError (dwErrCode=0x0) [0264.042] GetProcAddress (hModule=0x77580000, lpProcName="InitializeCriticalSectionEx") returned 0x776a1900 [0264.042] SysReAllocStringLen (in: pbstr=0x73f65c*=0x0, psz="api-ms-win-core-fibers-l1-1-1", len=0x1d | out: pbstr=0x73f65c*="api-ms-win-core-fibers-l1-1-1") returned 1 [0264.042] CharLowerBuffW (in: lpsz="api-ms-win-core-fibers-l1-1-1", cchLength=0x1d | out: lpsz="api-ms-win-core-fibers-l1-1-1") returned 0x1d [0264.042] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0264.043] GetLastError () returned 0x0 [0264.043] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.043] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0264.043] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73f540, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0264.043] SetLastError (dwErrCode=0x0) [0264.043] GetProcAddress (hModule=0x77580000, lpProcName="FlsAlloc") returned 0x776a7280 [0264.043] GetProcAddress (hModule=0x77580000, lpProcName="FlsGetValue") returned 0x77691270 [0264.044] GetProcAddress (hModule=0x77580000, lpProcName="FlsSetValue") returned 0x77699870 [0264.045] SysReAllocStringLen (in: pbstr=0x73ebec*=0x0, psz="api-ms-win-core-localization-l1-2-1", len=0x23 | out: pbstr=0x73ebec*="api-ms-win-core-localization-l1-2-1") returned 1 [0264.045] CharLowerBuffW (in: lpsz="api-ms-win-core-localization-l1-2-1", cchLength=0x23 | out: lpsz="api-ms-win-core-localization-l1-2-1") returned 0x23 [0264.045] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0264.045] GetLastError () returned 0x0 [0264.045] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.045] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0264.045] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73ead0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0264.046] SetLastError (dwErrCode=0x0) [0264.046] GetProcAddress (hModule=0x77580000, lpProcName="LCMapStringEx") returned 0x7768ab10 [0264.048] SysReAllocStringLen (in: pbstr=0x73f734*=0x0, psz="api-ms-win-core-synch-l1-2-0", len=0x1c | out: pbstr=0x73f734*="api-ms-win-core-synch-l1-2-0") returned 1 [0264.048] CharLowerBuffW (in: lpsz="api-ms-win-core-synch-l1-2-0", cchLength=0x1c | out: lpsz="api-ms-win-core-synch-l1-2-0") returned 0x1c [0264.048] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0264.048] GetLastError () returned 0x0 [0264.048] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.048] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0264.048] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73f618, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0264.049] SetLastError (dwErrCode=0x0) [0264.049] GetProcAddress (hModule=0x77580000, lpProcName="InitializeCriticalSectionEx") returned 0x776a1900 [0264.049] SysReAllocStringLen (in: pbstr=0x73f744*=0x0, psz="api-ms-win-core-fibers-l1-1-1", len=0x1d | out: pbstr=0x73f744*="api-ms-win-core-fibers-l1-1-1") returned 1 [0264.049] CharLowerBuffW (in: lpsz="api-ms-win-core-fibers-l1-1-1", cchLength=0x1d | out: lpsz="api-ms-win-core-fibers-l1-1-1") returned 0x1d [0264.049] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0264.049] GetLastError () returned 0x0 [0264.049] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.050] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0264.050] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73f628, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0264.050] SetLastError (dwErrCode=0x0) [0264.050] GetProcAddress (hModule=0x77580000, lpProcName="FlsAlloc") returned 0x776a7280 [0264.050] GetProcAddress (hModule=0x77580000, lpProcName="FlsSetValue") returned 0x77699870 [0264.052] SysReAllocStringLen (in: pbstr=0x73f72c*=0x0, psz="api-ms-win-core-synch-l1-2-0.dll", len=0x20 | out: pbstr=0x73f72c*="api-ms-win-core-synch-l1-2-0.dll") returned 1 [0264.052] CharLowerBuffW (in: lpsz="api-ms-win-core-synch-l1-2-0.dll", cchLength=0x20 | out: lpsz="api-ms-win-core-synch-l1-2-0.dll") returned 0x20 [0264.053] GetModuleHandleW (lpModuleName="api-ms-win-core-synch-l1-2-0.dll") returned 0x77580000 [0264.053] GetProcAddress (hModule=0x77580000, lpProcName="InitializeConditionVariable") returned 0x77da50b0 [0264.053] GetProcAddress (hModule=0x77580000, lpProcName="SleepConditionVariableCS") returned 0x777325e0 [0264.053] GetProcAddress (hModule=0x77580000, lpProcName="WakeAllConditionVariable") returned 0x77da9190 [0264.055] GetProcAddress (hModule=0x77580000, lpProcName="EventSetInformation") returned 0x77d902e0 [0264.056] FreeLibrary (hLibModule=0x77580000) returned 1 [0264.057] GetLastError () returned 0x0 [0264.057] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.057] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0264.057] GetModuleFileNameA (in: hModule=0x6f850000, lpFilename=0x73fa74, nSize=0x105 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0264.081] GetCurrentProcess () returned 0xffffffff [0264.082] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6014, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.082] GetCurrentProcess () returned 0xffffffff [0264.082] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6014, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.082] GetCurrentProcess () returned 0xffffffff [0264.082] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6034, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.083] GetCurrentProcess () returned 0xffffffff [0264.083] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6034, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.083] GetCurrentProcess () returned 0xffffffff [0264.083] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa60d0, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.083] GetCurrentProcess () returned 0xffffffff [0264.083] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa60d0, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.084] GetCurrentProcess () returned 0xffffffff [0264.084] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa60dc, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.084] GetCurrentProcess () returned 0xffffffff [0264.084] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa60dc, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.084] GetCurrentProcess () returned 0xffffffff [0264.084] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa60e0, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.085] GetCurrentProcess () returned 0xffffffff [0264.085] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa60e0, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.085] GetCurrentProcess () returned 0xffffffff [0264.085] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa610c, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.085] GetCurrentProcess () returned 0xffffffff [0264.086] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa610c, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.086] GetCurrentProcess () returned 0xffffffff [0264.086] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6128, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.086] GetCurrentProcess () returned 0xffffffff [0264.086] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6128, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.086] GetCurrentProcess () returned 0xffffffff [0264.086] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa61bc, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.087] GetCurrentProcess () returned 0xffffffff [0264.087] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa61bc, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.087] GetCurrentProcess () returned 0xffffffff [0264.087] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa61dc, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.087] GetCurrentProcess () returned 0xffffffff [0264.088] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa61dc, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.088] GetCurrentProcess () returned 0xffffffff [0264.088] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa61ec, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.088] GetCurrentProcess () returned 0xffffffff [0264.088] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa61ec, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.088] GetCurrentProcess () returned 0xffffffff [0264.088] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6228, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.089] GetCurrentProcess () returned 0xffffffff [0264.089] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6228, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.089] GetCurrentProcess () returned 0xffffffff [0264.089] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa622c, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.089] GetCurrentProcess () returned 0xffffffff [0264.089] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa622c, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.090] GetCurrentProcess () returned 0xffffffff [0264.090] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6248, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.090] GetCurrentProcess () returned 0xffffffff [0264.090] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6248, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.090] GetCurrentProcess () returned 0xffffffff [0264.090] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6260, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.091] GetCurrentProcess () returned 0xffffffff [0264.091] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6260, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.091] GetCurrentProcess () returned 0xffffffff [0264.091] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa62c8, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.091] GetCurrentProcess () returned 0xffffffff [0264.092] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa62c8, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.092] GetCurrentProcess () returned 0xffffffff [0264.092] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa62d0, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.092] GetCurrentProcess () returned 0xffffffff [0264.092] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa62d0, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.093] GetCurrentProcess () returned 0xffffffff [0264.093] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa62d8, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.093] GetCurrentProcess () returned 0xffffffff [0264.093] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa62d8, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.093] GetCurrentProcess () returned 0xffffffff [0264.093] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa62ec, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.094] GetCurrentProcess () returned 0xffffffff [0264.094] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa62ec, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.094] GetCurrentProcess () returned 0xffffffff [0264.094] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa62f0, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.095] GetCurrentProcess () returned 0xffffffff [0264.095] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa62f0, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.095] GetCurrentProcess () returned 0xffffffff [0264.095] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa62f8, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.095] GetCurrentProcess () returned 0xffffffff [0264.095] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa62f8, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.095] GetCurrentProcess () returned 0xffffffff [0264.096] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6318, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.096] GetCurrentProcess () returned 0xffffffff [0264.096] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6318, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.096] GetCurrentProcess () returned 0xffffffff [0264.096] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6378, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.097] GetCurrentProcess () returned 0xffffffff [0264.097] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa6378, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.098] GetCurrentProcess () returned 0xffffffff [0264.098] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa637c, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x4, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x2) returned 0x0 [0264.098] GetCurrentProcess () returned 0xffffffff [0264.098] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73fb78*=0x6ffa637c, NumberOfBytesToProtect=0x73fb7c, NewAccessProtection=0x2, OldAccessProtection=0x73fbb0 | out: BaseAddress=0x73fb78*=0x6ffa6000, NumberOfBytesToProtect=0x73fb7c, OldAccessProtection=0x73fbb0*=0x4) returned 0x0 [0264.099] SetLastError (dwErrCode=0x0) [0264.099] GetProcAddress (hModule=0x6f850000, lpProcName="SetRuntimeInfo") returned 0x6f9b8560 [0264.100] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr="USER32.dll", cbMultiByte=10, lpWideCharStr=0x73e9c0, cchWideChar=2047 | out: lpWideCharStr="USER32.dll睨") returned 10 [0264.100] SysReAllocStringLen (in: pbstr=0x73f9c4*=0x0, psz="USER32.dll", len=0xa | out: pbstr=0x73f9c4*="USER32.dll") returned 1 [0264.100] CharLowerBuffW (in: lpsz="USER32.dll", cchLength=0xa | out: lpsz="user32.dll") returned 0xa [0264.100] LoadLibraryExA (lpLibFileName="USER32.dll", hFile=0x0, dwFlags=0x800) returned 0x769d0000 [0264.100] GetLastError () returned 0x0 [0264.100] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.100] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0264.100] GetModuleFileNameA (in: hModule=0x769d0000, lpFilename=0x73f8ac, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0264.101] GetCurrentProcess () returned 0xffffffff [0264.101] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f9b0*=0x76a723d4, NumberOfBytesToProtect=0x73f9b4, NewAccessProtection=0x4, OldAccessProtection=0x73f9e8 | out: BaseAddress=0x73f9b0*=0x76a72000, NumberOfBytesToProtect=0x73f9b4, OldAccessProtection=0x73f9e8*=0x2) returned 0x0 [0264.101] GetCurrentProcess () returned 0xffffffff [0264.101] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f9b0*=0x76a723d4, NumberOfBytesToProtect=0x73f9b4, NewAccessProtection=0x2, OldAccessProtection=0x73f9e8 | out: BaseAddress=0x73f9b0*=0x76a72000, NumberOfBytesToProtect=0x73f9b4, OldAccessProtection=0x73f9e8*=0x4) returned 0x0 [0264.101] GetCurrentProcess () returned 0xffffffff [0264.101] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f9b0*=0x76a723d8, NumberOfBytesToProtect=0x73f9b4, NewAccessProtection=0x4, OldAccessProtection=0x73f9e8 | out: BaseAddress=0x73f9b0*=0x76a72000, NumberOfBytesToProtect=0x73f9b4, OldAccessProtection=0x73f9e8*=0x2) returned 0x0 [0264.102] GetCurrentProcess () returned 0xffffffff [0264.102] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f9b0*=0x76a723d8, NumberOfBytesToProtect=0x73f9b4, NewAccessProtection=0x2, OldAccessProtection=0x73f9e8 | out: BaseAddress=0x73f9b0*=0x76a72000, NumberOfBytesToProtect=0x73f9b4, OldAccessProtection=0x73f9e8*=0x4) returned 0x0 [0264.102] SetLastError (dwErrCode=0x0) [0264.102] GetProcAddress (hModule=0x769d0000, lpProcName="GetProcessWindowStation") returned 0x76a0e5f0 [0264.103] GetProcAddress (hModule=0x769d0000, lpProcName="GetUserObjectInformationW") returned 0x76a0e6e0 [0264.104] GetProcAddress (hModule=0x6f850000, lpProcName="_CorExeMain") returned 0x6f9c17c0 [0264.109] SysReAllocStringLen (in: pbstr=0x73fbb8*=0x0, psz="api-ms-win-core-quirks-l1-1-0.dll", len=0x21 | out: pbstr=0x73fbb8*="api-ms-win-core-quirks-l1-1-0.dll") returned 1 [0264.109] CharLowerBuffW (in: lpsz="api-ms-win-core-quirks-l1-1-0.dll", cchLength=0x21 | out: lpsz="api-ms-win-core-quirks-l1-1-0.dll") returned 0x21 [0264.110] LoadLibraryExW (lpLibFileName="api-ms-win-core-quirks-l1-1-0.dll", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0264.110] GetLastError () returned 0x0 [0264.110] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.110] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0264.110] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73fa9c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0264.110] SetLastError (dwErrCode=0x0) [0264.111] GetProcAddress (hModule=0x77580000, lpProcName="QuirkIsEnabled3") returned 0x77677c10 [0264.111] GetProcAddress (hModule=0x77580000, lpProcName="QuirkGetData2") returned 0x776db560 [0264.112] SysReAllocStringLen (in: pbstr=0x73f770*=0x0, psz="api-ms-win-appmodel-runtime-l1-1-2.dll", len=0x26 | out: pbstr=0x73f770*="api-ms-win-appmodel-runtime-l1-1-2.dll") returned 1 [0264.112] CharLowerBuffW (in: lpsz="api-ms-win-appmodel-runtime-l1-1-2.dll", cchLength=0x26 | out: lpsz="api-ms-win-appmodel-runtime-l1-1-2.dll") returned 0x26 [0264.112] LoadLibraryExW (lpLibFileName="api-ms-win-appmodel-runtime-l1-1-2.dll", hFile=0x0, dwFlags=0x800) returned 0x758f0000 [0264.113] GetLastError () returned 0x0 [0264.114] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.114] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0264.114] GetModuleFileNameA (in: hModule=0x758f0000, lpFilename=0x73f654, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0264.114] GetCurrentProcess () returned 0xffffffff [0264.114] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f758*=0x758f93f4, NumberOfBytesToProtect=0x73f75c, NewAccessProtection=0x4, OldAccessProtection=0x73f790 | out: BaseAddress=0x73f758*=0x758f9000, NumberOfBytesToProtect=0x73f75c, OldAccessProtection=0x73f790*=0x2) returned 0x0 [0264.114] GetCurrentProcess () returned 0xffffffff [0264.114] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f758*=0x758f93f4, NumberOfBytesToProtect=0x73f75c, NewAccessProtection=0x2, OldAccessProtection=0x73f790 | out: BaseAddress=0x73f758*=0x758f9000, NumberOfBytesToProtect=0x73f75c, OldAccessProtection=0x73f790*=0x4) returned 0x0 [0264.115] GetCurrentProcess () returned 0xffffffff [0264.115] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f758*=0x758f9400, NumberOfBytesToProtect=0x73f75c, NewAccessProtection=0x4, OldAccessProtection=0x73f790 | out: BaseAddress=0x73f758*=0x758f9000, NumberOfBytesToProtect=0x73f75c, OldAccessProtection=0x73f790*=0x2) returned 0x0 [0264.115] GetCurrentProcess () returned 0xffffffff [0264.115] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f758*=0x758f9400, NumberOfBytesToProtect=0x73f75c, NewAccessProtection=0x2, OldAccessProtection=0x73f790 | out: BaseAddress=0x73f758*=0x758f9000, NumberOfBytesToProtect=0x73f75c, OldAccessProtection=0x73f790*=0x4) returned 0x0 [0264.116] SetLastError (dwErrCode=0x0) [0264.116] GetProcAddress (hModule=0x758f0000, lpProcName="AppPolicyGetClrCompat") returned 0x758f3a50 [0264.116] GetProcAddress (hModule=0x758f0000, lpProcName="GetCurrentPackageId") returned 0x758f3dd0 [0264.116] GetProcAddress (hModule=0x758f0000, lpProcName="GetCurrentPackageInfo") returned 0x758f3e00 [0264.117] GetProcAddress (hModule=0x758f0000, lpProcName="GetCurrentPackagePath") returned 0x758f3e20 [0264.117] GetCurrentThreadId () returned 0xfe0 [0264.117] ResetEvent (hEvent=0x1f4) returned 1 [0264.117] GetCurrentThreadId () returned 0xfe0 [0264.117] GetCurrentThreadId () returned 0xfe0 [0264.117] GetCurrentThreadId () returned 0xfe0 [0264.117] GetCurrentThreadId () returned 0xfe0 [0264.117] ResetEvent (hEvent=0x1f4) returned 1 [0264.117] GetCurrentThreadId () returned 0xfe0 [0264.117] GetCurrentThreadId () returned 0xfe0 [0264.117] SetEvent (hEvent=0x1f8) returned 1 [0264.117] SetEvent (hEvent=0x1f4) returned 1 [0264.117] CloseHandle (hObject=0x29c) returned 1 [0264.118] GetCurrentThreadId () returned 0xfe0 [0264.118] ResetEvent (hEvent=0x1f4) returned 1 [0264.118] GetCurrentThreadId () returned 0xfe0 [0264.118] GetCurrentThreadId () returned 0xfe0 [0264.118] GetCurrentThreadId () returned 0xfe0 [0264.118] GetCurrentThreadId () returned 0xfe0 [0264.118] ResetEvent (hEvent=0x1f4) returned 1 [0264.118] GetCurrentThreadId () returned 0xfe0 [0264.118] GetCurrentThreadId () returned 0xfe0 [0264.118] SetEvent (hEvent=0x1f8) returned 1 [0264.118] SetEvent (hEvent=0x1f4) returned 1 [0264.118] CloseHandle (hObject=0x298) returned 1 [0264.118] SysReAllocStringLen (in: pbstr=0x73f680*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x73f680*="KERNEL32.DLL") returned 1 [0264.118] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0264.119] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75ce0000 [0264.121] GetProcAddress (hModule=0x75ce0000, lpProcName="AcquireSRWLockExclusive") returned 0x77d8a150 [0264.124] GetProcAddress (hModule=0x75ce0000, lpProcName="ReleaseSRWLockExclusive") returned 0x77d8a2f0 [0264.125] SysReAllocStringLen (in: pbstr=0x73f1ac*=0x0, psz="mscoree.dll", len=0xb | out: pbstr=0x73f1ac*="mscoree.dll") returned 1 [0264.125] CharLowerBuffW (in: lpsz="mscoree.dll", cchLength=0xb | out: lpsz="mscoree.dll") returned 0xb [0264.125] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoree.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0264.126] GetLastError () returned 0x7e [0264.126] SetLastError (dwErrCode=0x7e) [0264.126] SysReAllocStringLen (in: pbstr=0x73f244*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73f244*="kernel32.dll") returned 1 [0264.126] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0264.126] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.186] GetProcAddress (hModule=0x75ce0000, lpProcName="AddDllDirectory") returned 0x7772d7c0 [0264.188] SysReAllocStringLen (in: pbstr=0x73f1ac*=0x0, psz="mscoree.dll", len=0xb | out: pbstr=0x73f1ac*="mscoree.dll") returned 1 [0264.188] CharLowerBuffW (in: lpsz="mscoree.dll", cchLength=0xb | out: lpsz="mscoree.dll") returned 0xb [0264.188] LoadLibraryExW (lpLibFileName="mscoree.dll", hFile=0x0, dwFlags=0x800) returned 0x700a0000 [0264.188] GetLastError () returned 0x0 [0264.188] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.188] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0264.188] GetModuleFileNameA (in: hModule=0x700a0000, lpFilename=0x73f090, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0264.188] GetCurrentProcess () returned 0xffffffff [0264.188] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb010, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x4, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x2) returned 0x0 [0264.189] GetCurrentProcess () returned 0xffffffff [0264.189] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb010, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x2, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x4) returned 0x0 [0264.189] GetCurrentProcess () returned 0xffffffff [0264.189] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb018, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x4, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x2) returned 0x0 [0264.189] GetCurrentProcess () returned 0xffffffff [0264.189] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb018, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x2, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x4) returned 0x0 [0264.190] GetCurrentProcess () returned 0xffffffff [0264.190] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb03c, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x4, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x2) returned 0x0 [0264.190] GetCurrentProcess () returned 0xffffffff [0264.190] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb03c, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x2, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x4) returned 0x0 [0264.190] GetCurrentProcess () returned 0xffffffff [0264.190] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb054, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x4, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x2) returned 0x0 [0264.191] GetCurrentProcess () returned 0xffffffff [0264.191] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb054, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x2, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x4) returned 0x0 [0264.191] GetCurrentProcess () returned 0xffffffff [0264.191] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb06c, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x4, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x2) returned 0x0 [0264.191] GetCurrentProcess () returned 0xffffffff [0264.191] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb06c, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x2, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x4) returned 0x0 [0264.192] GetCurrentProcess () returned 0xffffffff [0264.192] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb090, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x4, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x2) returned 0x0 [0264.192] GetCurrentProcess () returned 0xffffffff [0264.192] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb090, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x2, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x4) returned 0x0 [0264.192] GetCurrentProcess () returned 0xffffffff [0264.192] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb13c, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x4, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x2) returned 0x0 [0264.193] GetCurrentProcess () returned 0xffffffff [0264.193] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb13c, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x2, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x4) returned 0x0 [0264.193] GetCurrentProcess () returned 0xffffffff [0264.193] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb154, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x4, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x2) returned 0x0 [0264.193] GetCurrentProcess () returned 0xffffffff [0264.193] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb154, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x2, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x4) returned 0x0 [0264.193] GetCurrentProcess () returned 0xffffffff [0264.193] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb1a0, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x4, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x2) returned 0x0 [0264.194] GetCurrentProcess () returned 0xffffffff [0264.194] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f194*=0x700eb1a0, NumberOfBytesToProtect=0x73f198, NewAccessProtection=0x2, OldAccessProtection=0x73f1cc | out: BaseAddress=0x73f194*=0x700eb000, NumberOfBytesToProtect=0x73f198, OldAccessProtection=0x73f1cc*=0x4) returned 0x0 [0264.194] SetLastError (dwErrCode=0x0) [0264.194] GetProcAddress (hModule=0x700a0000, lpProcName="CreateConfigStream") returned 0x700b1af0 [0264.195] GetProcAddress (hModule=0x70000000, lpProcName="CreateConfigStream_RetAddr") returned 0x0 [0264.195] GetProcAddress (hModule=0x70000000, lpProcName="CreateConfigStream") returned 0x700096a0 [0264.195] CreateFileW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0264.196] GetLastError () returned 0x2 [0264.196] SysReAllocStringLen (in: pbstr=0x73f688*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", len=0x3c | out: pbstr=0x73f688*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config") returned 1 [0264.196] GetThreadLocale () returned 0x409 [0264.196] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0264.196] GetThreadLocale () returned 0x409 [0264.196] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0264.196] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", nBufferLength=0x104, lpBuffer=0x73f40c, lpFilePart=0x73f408 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", lpFilePart=0x73f408*="gesf.exe.config") returned 0x3c [0264.196] SysReAllocStringLen (in: pbstr=0x73f688*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", len=0x3c | out: pbstr=0x73f688*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config") returned 1 [0264.196] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", nBufferLength=0x104, lpBuffer=0x73f154, lpFilePart=0x73f150 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", lpFilePart=0x73f150*="gesf.exe.config") returned 0x3c [0264.196] SysReAllocStringLen (in: pbstr=0x73f394*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f394*="C:") returned 1 [0264.196] SysReAllocStringLen (in: pbstr=0x73f350*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f350*="C:\\") returned 1 [0264.196] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.196] SysReAllocStringLen (in: pbstr=0x73f34c*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2d | out: pbstr=0x73f34c*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0264.197] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", cchLength=0x2d | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\") returned 0x2d [0264.197] SetLastError (dwErrCode=0x0) [0264.197] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\", cchCount1=45, lpString2="c:\\", cchCount2=3) returned 3 [0264.197] GetLastError () returned 0x0 [0264.197] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73f3b8 | out: lpFindFileData=0x73f3b8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x9204b8, ftLastAccessTime.dwLowDateTime=0x3, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x180014, ftLastWriteTime.dwHighDateTime=0x92aee8, nFileSizeHigh=0x92b0a8, nFileSizeLow=0x9204a8, dwReserved0=0x900000, dwReserved1=0x73f404, cFileName="s蚆矘\n", cAlternateFileName="놼\x92x")) returned 0xffffffff [0264.197] GetLastError () returned 0x2 [0264.197] SysReAllocStringLen (in: pbstr=0x73f38c*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2d | out: pbstr=0x73f38c*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0264.197] SysReAllocStringLen (in: pbstr=0x73f610*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", len=0x2c | out: pbstr=0x73f610*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0264.197] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", nBufferLength=0x104, lpBuffer=0x73ee9c, lpFilePart=0x73ee98 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", lpFilePart=0x73ee98*="RarSFX1") returned 0x2c [0264.199] SysReAllocStringLen (in: pbstr=0x73f0dc*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f0dc*="C:") returned 1 [0264.199] SysReAllocStringLen (in: pbstr=0x73f098*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f098*="C:\\") returned 1 [0264.199] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.199] SysReAllocStringLen (in: pbstr=0x73f094*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73f094*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0264.199] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", cchLength=0x25 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\") returned 0x25 [0264.199] SetLastError (dwErrCode=0x0) [0264.199] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\", cchCount1=37, lpString2="c:\\", cchCount2=3) returned 3 [0264.199] GetLastError () returned 0x0 [0264.199] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73f100 | out: lpFindFileData=0x73f100*(dwFileAttributes=0x91e828, ftCreationTime.dwLowDateTime=0x900000, ftCreationTime.dwHighDateTime=0x77d8f6d5, ftLastAccessTime.dwLowDateTime=0x14, ftLastAccessTime.dwHighDateTime=0x73f144, ftLastWriteTime.dwLowDateTime=0x77d92f90, ftLastWriteTime.dwHighDateTime=0x1, nFileSizeHigh=0x91e828, nFileSizeLow=0x14, dwReserved0=0x14, dwReserved1=0x91e7b8, cFileName="", cAlternateFileName="嘄\x93X")) returned 0xffffffff [0264.199] GetLastError () returned 0x2 [0264.199] SysReAllocStringLen (in: pbstr=0x73f0d4*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73f0d4*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0264.200] SysReAllocStringLen (in: pbstr=0x73f358*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", len=0x24 | out: pbstr=0x73f358*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp") returned 1 [0264.200] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x73ebe4, lpFilePart=0x73ebe0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", lpFilePart=0x73ebe0*="Temp") returned 0x24 [0264.200] SysReAllocStringLen (in: pbstr=0x73ee24*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ee24*="C:") returned 1 [0264.200] SysReAllocStringLen (in: pbstr=0x73ede0*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ede0*="C:\\") returned 1 [0264.200] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.200] SysReAllocStringLen (in: pbstr=0x73eddc*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73eddc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0264.200] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\") returned 0x20 [0264.200] SetLastError (dwErrCode=0x0) [0264.200] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0264.200] GetLastError () returned 0x0 [0264.200] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73ee48 | out: lpFindFileData=0x73ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x3b0c68, ftCreationTime.dwHighDateTime=0x3b0c60, ftLastAccessTime.dwLowDateTime=0x7, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0xa0000, ftLastWriteTime.dwHighDateTime=0x926900, nFileSizeHigh=0x926b90, nFileSizeLow=0x920408, dwReserved0=0x900000, dwReserved1=0x73ee94, cFileName="s蚆矘\n", cAlternateFileName="샼\x93H")) returned 0xffffffff [0264.200] GetLastError () returned 0x2 [0264.201] SysReAllocStringLen (in: pbstr=0x73ee1c*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73ee1c*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0264.201] SysReAllocStringLen (in: pbstr=0x73f0a0*="C:\\Users\\OQXZRA~1\\AppData\\Local\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local", len=0x1f | out: pbstr=0x73f0a0*="C:\\Users\\OQXZRA~1\\AppData\\Local") returned 1 [0264.201] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x73e92c, lpFilePart=0x73e928 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local", lpFilePart=0x73e928*="Local") returned 0x1f [0264.201] SysReAllocStringLen (in: pbstr=0x73eb6c*=0x0, psz="C:", len=0x2 | out: pbstr=0x73eb6c*="C:") returned 1 [0264.201] SysReAllocStringLen (in: pbstr=0x73eb28*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73eb28*="C:\\") returned 1 [0264.201] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.201] SysReAllocStringLen (in: pbstr=0x73eb24*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73eb24*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0264.201] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\oqxzra~1\\appdata\\") returned 0x1a [0264.201] SetLastError (dwErrCode=0x0) [0264.201] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0264.201] GetLastError () returned 0x0 [0264.201] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73eb90 | out: lpFindFileData=0x73eb90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x9206c0, ftLastAccessTime.dwLowDateTime=0x2d, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x230028, ftLastWriteTime.dwHighDateTime=0x93b258, nFileSizeHigh=0x93c200, nFileSizeLow=0x9206b0, dwReserved0=0x900000, dwReserved1=0x73ebdc, cFileName="s蚆矘\n", cAlternateFileName="븼\x93>")) returned 0xffffffff [0264.201] GetLastError () returned 0x2 [0264.201] SysReAllocStringLen (in: pbstr=0x73eb64*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73eb64*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0264.202] SysReAllocStringLen (in: pbstr=0x73ede8*="C:\\Users\\OQXZRA~1\\AppData\\", psz="C:\\Users\\OQXZRA~1\\AppData", len=0x19 | out: pbstr=0x73ede8*="C:\\Users\\OQXZRA~1\\AppData") returned 1 [0264.202] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData", nBufferLength=0x104, lpBuffer=0x73e674, lpFilePart=0x73e670 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData", lpFilePart=0x73e670*="AppData") returned 0x19 [0264.202] SysReAllocStringLen (in: pbstr=0x73e8b4*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e8b4*="C:") returned 1 [0264.202] SysReAllocStringLen (in: pbstr=0x73e870*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e870*="C:\\") returned 1 [0264.202] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.202] SysReAllocStringLen (in: pbstr=0x73e86c*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73e86c*="C:\\Users\\OQXZRA~1\\") returned 1 [0264.202] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\", cchLength=0x12 | out: lpsz="c:\\users\\oqxzra~1\\") returned 0x12 [0264.202] SetLastError (dwErrCode=0x0) [0264.202] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0264.202] GetLastError () returned 0x0 [0264.202] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73e8d8 | out: lpFindFileData=0x73e8d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x90b1f8, ftLastAccessTime.dwLowDateTime=0x35, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x1c0011, ftLastWriteTime.dwHighDateTime=0x9248e8, nFileSizeHigh=0x925800, nFileSizeLow=0x90b1e8, dwReserved0=0x900000, dwReserved1=0x73e924, cFileName="s蚆矘\n", cAlternateFileName="亼\x922")) returned 0xffffffff [0264.202] GetLastError () returned 0x2 [0264.202] SysReAllocStringLen (in: pbstr=0x73e8ac*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73e8ac*="C:\\Users\\OQXZRA~1\\") returned 1 [0264.203] SysReAllocStringLen (in: pbstr=0x73eb30*="C:\\Users\\OQXZRA~1\\", psz="C:\\Users\\OQXZRA~1", len=0x11 | out: pbstr=0x73eb30*="C:\\Users\\OQXZRA~1") returned 1 [0264.203] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1", nBufferLength=0x104, lpBuffer=0x73e3bc, lpFilePart=0x73e3b8 | out: lpBuffer="C:\\Users\\OQXZRA~1", lpFilePart=0x73e3b8*="OQXZRA~1") returned 0x11 [0264.203] SysReAllocStringLen (in: pbstr=0x73e5fc*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e5fc*="C:") returned 1 [0264.203] SysReAllocStringLen (in: pbstr=0x73e5b8*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e5b8*="C:\\") returned 1 [0264.203] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.203] SysReAllocStringLen (in: pbstr=0x73e5b4*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e5b4*="C:\\Users\\") returned 1 [0264.203] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0264.203] SetLastError (dwErrCode=0x0) [0264.203] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0264.203] GetLastError () returned 0x0 [0264.203] FindFirstFileW (in: lpFileName="C:\\Users\\" (normalized: "c:\\users"), lpFindFileData=0x73e620 | out: lpFindFileData=0x73e620*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x90b1f8, ftLastAccessTime.dwLowDateTime=0x1f, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x350012, ftLastWriteTime.dwHighDateTime=0x9248e8, nFileSizeHigh=0x9251d0, nFileSizeLow=0x90b1e8, dwReserved0=0x900000, dwReserved1=0x73e66c, cFileName="s蚆矘\n", cAlternateFileName="殬\x93\"")) returned 0xffffffff [0264.203] GetLastError () returned 0x2 [0264.203] SysReAllocStringLen (in: pbstr=0x73e5f4*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e5f4*="C:\\Users\\") returned 1 [0264.203] SysReAllocStringLen (in: pbstr=0x73e878*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x73e878*="C:\\Users") returned 1 [0264.204] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x73e104, lpFilePart=0x73e100 | out: lpBuffer="C:\\Users", lpFilePart=0x73e100*="Users") returned 0x8 [0264.204] SysReAllocStringLen (in: pbstr=0x73e344*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e344*="C:") returned 1 [0264.204] SysReAllocStringLen (in: pbstr=0x73e300*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e300*="C:\\") returned 1 [0264.204] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.204] SysReAllocStringLen (in: pbstr=0x73e2fc*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e2fc*="C:\\") returned 1 [0264.204] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.204] SetLastError (dwErrCode=0x0) [0264.204] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0264.204] GetLastError () returned 0x0 [0264.204] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x73e368 | out: lpFindFileData=0x73e368*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x29a50bc2, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73e3b4, cFileName="Users", cAlternateFileName="")) returned 0x91deb0 [0264.204] FileTimeToLocalFileTime (in: lpFileTime=0x73e37c, lpLocalFileTime=0x73e2ec | out: lpLocalFileTime=0x73e2ec) returned 1 [0264.204] FileTimeToDosDateTime (in: lpFileTime=0x73e2ec, lpFatDate=0x73e34a, lpFatTime=0x73e348 | out: lpFatDate=0x73e34a, lpFatTime=0x73e348) returned 1 [0264.205] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0264.205] SysReAllocStringLen (in: pbstr=0x73e878*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x73e878*="C:\\Users") returned 1 [0264.205] SysReAllocStringLen (in: pbstr=0x73e5ec*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x73e5ec*="C:\\Users") returned 1 [0264.205] SysReAllocStringLen (in: pbstr=0x73e878*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e878*="C:\\Users\\") returned 1 [0264.205] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73e620 | out: lpFindFileData=0x73e620*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29c66c9e, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73e66c, cFileName="OqXZRaykm", cAlternateFileName="OQXZRA~1")) returned 0x91d970 [0264.205] FileTimeToLocalFileTime (in: lpFileTime=0x73e634, lpLocalFileTime=0x73e5a4 | out: lpLocalFileTime=0x73e5a4) returned 1 [0264.205] FileTimeToDosDateTime (in: lpFileTime=0x73e5a4, lpFatDate=0x73e602, lpFatTime=0x73e600 | out: lpFatDate=0x73e602, lpFatTime=0x73e600) returned 1 [0264.205] FindClose (in: hFindFile=0x91d970 | out: hFindFile=0x91d970) returned 1 [0264.206] SysReAllocStringLen (in: pbstr=0x73eb30*="C:\\Users\\OQXZRA~1", psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73eb30*="C:\\Users\\OqXZRaykm") returned 1 [0264.206] SysReAllocStringLen (in: pbstr=0x73e8a4*=0x0, psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73e8a4*="C:\\Users\\OqXZRaykm") returned 1 [0264.206] SysReAllocStringLen (in: pbstr=0x73eb30*="C:\\Users\\OqXZRaykm", psz="C:\\Users\\OqXZRaykm\\", len=0x13 | out: pbstr=0x73eb30*="C:\\Users\\OqXZRaykm\\") returned 1 [0264.206] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73e8d8 | out: lpFindFileData=0x73e8d8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29de43c9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73e924, cFileName="AppData", cAlternateFileName="")) returned 0x91deb0 [0264.206] FileTimeToLocalFileTime (in: lpFileTime=0x73e8ec, lpLocalFileTime=0x73e85c | out: lpLocalFileTime=0x73e85c) returned 1 [0264.206] FileTimeToDosDateTime (in: lpFileTime=0x73e85c, lpFatDate=0x73e8ba, lpFatTime=0x73e8b8 | out: lpFatDate=0x73e8ba, lpFatTime=0x73e8b8) returned 1 [0264.206] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0264.206] SysReAllocStringLen (in: pbstr=0x73ede8*="C:\\Users\\OQXZRA~1\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73ede8*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0264.207] SysReAllocStringLen (in: pbstr=0x73eb5c*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73eb5c*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0264.207] SysReAllocStringLen (in: pbstr=0x73ede8*="C:\\Users\\OqXZRaykm\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData\\", len=0x1b | out: pbstr=0x73ede8*="C:\\Users\\OqXZRaykm\\AppData\\") returned 1 [0264.207] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73eb90 | out: lpFindFileData=0x73eb90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2deab81f, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7e8773d3, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73ebdc, cFileName="Local", cAlternateFileName="")) returned 0x91deb0 [0264.207] FileTimeToLocalFileTime (in: lpFileTime=0x73eba4, lpLocalFileTime=0x73eb14 | out: lpLocalFileTime=0x73eb14) returned 1 [0264.207] FileTimeToDosDateTime (in: lpFileTime=0x73eb14, lpFatDate=0x73eb72, lpFatTime=0x73eb70 | out: lpFatDate=0x73eb72, lpFatTime=0x73eb70) returned 1 [0264.207] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0264.207] SysReAllocStringLen (in: pbstr=0x73f0a0*="C:\\Users\\OQXZRA~1\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73f0a0*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0264.207] SysReAllocStringLen (in: pbstr=0x73ee14*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73ee14*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0264.207] SysReAllocStringLen (in: pbstr=0x73f0a0*="C:\\Users\\OqXZRaykm\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\", len=0x21 | out: pbstr=0x73f0a0*="C:\\Users\\OqXZRaykm\\AppData\\Local\\") returned 1 [0264.208] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73ee48 | out: lpFindFileData=0x73ee48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6d556de9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d556de9, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73ee94, cFileName="Temp", cAlternateFileName="")) returned 0x91deb0 [0264.208] FileTimeToLocalFileTime (in: lpFileTime=0x73ee5c, lpLocalFileTime=0x73edcc | out: lpLocalFileTime=0x73edcc) returned 1 [0264.208] FileTimeToDosDateTime (in: lpFileTime=0x73edcc, lpFatDate=0x73ee2a, lpFatTime=0x73ee28 | out: lpFatDate=0x73ee2a, lpFatTime=0x73ee28) returned 1 [0264.208] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0264.208] SysReAllocStringLen (in: pbstr=0x73f358*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73f358*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0264.208] SysReAllocStringLen (in: pbstr=0x73f0cc*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73f0cc*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0264.208] SysReAllocStringLen (in: pbstr=0x73f358*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\", len=0x26 | out: pbstr=0x73f358*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\") returned 1 [0264.208] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73f100 | out: lpFindFileData=0x73f100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6d556de9, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x6d7469be, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d7469be, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x14, dwReserved1=0x91e7b8, cFileName="RarSFX1", cAlternateFileName="")) returned 0x91deb0 [0264.209] FileTimeToLocalFileTime (in: lpFileTime=0x73f114, lpLocalFileTime=0x73f084 | out: lpLocalFileTime=0x73f084) returned 1 [0264.209] FileTimeToDosDateTime (in: lpFileTime=0x73f084, lpFatDate=0x73f0e2, lpFatTime=0x73f0e0 | out: lpFatDate=0x73f0e2, lpFatTime=0x73f0e0) returned 1 [0264.209] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0264.209] SysReAllocStringLen (in: pbstr=0x73f610*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73f610*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0264.209] SysReAllocStringLen (in: pbstr=0x73f384*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73f384*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0264.209] SysReAllocStringLen (in: pbstr=0x73f610*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2e | out: pbstr=0x73f610*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0264.209] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe.config"), lpFindFileData=0x73f3b8 | out: lpFindFileData=0x73f3b8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x9204b8, ftLastAccessTime.dwLowDateTime=0x3, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x180014, ftLastWriteTime.dwHighDateTime=0x92aee8, nFileSizeHigh=0x92b0a8, nFileSizeLow=0x9204a8, dwReserved0=0x900000, dwReserved1=0x73f404, cFileName="s蚆矘\n", cAlternateFileName="놼\x92x")) returned 0xffffffff [0264.209] GetLastError () returned 0x2 [0264.210] SysReAllocStringLen (in: pbstr=0x73f688*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", len=0x3c | out: pbstr=0x73f688*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config") returned 1 [0264.210] GetFileAttributesW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1")) returned 0x10 [0264.210] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", nBufferLength=0x104, lpBuffer=0x73f154, lpFilePart=0x73f150 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", lpFilePart=0x73f150*="RarSFX1") returned 0x2c [0264.210] SysReAllocStringLen (in: pbstr=0x73f394*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f394*="C:") returned 1 [0264.210] SysReAllocStringLen (in: pbstr=0x73f350*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f350*="C:\\") returned 1 [0264.210] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.210] SysReAllocStringLen (in: pbstr=0x73f34c*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73f34c*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0264.210] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", cchLength=0x25 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\") returned 0x25 [0264.210] SetLastError (dwErrCode=0x0) [0264.210] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\", cchCount1=37, lpString2="c:\\", cchCount2=3) returned 3 [0264.211] GetLastError () returned 0x0 [0264.211] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73f3b8 | out: lpFindFileData=0x73f3b8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0264.211] GetLastError () returned 0x2 [0264.211] SysReAllocStringLen (in: pbstr=0x73f38c*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73f38c*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0264.211] SysReAllocStringLen (in: pbstr=0x73f610*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", len=0x24 | out: pbstr=0x73f610*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp") returned 1 [0264.211] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x73ee9c, lpFilePart=0x73ee98 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", lpFilePart=0x73ee98*="Temp") returned 0x24 [0264.211] SysReAllocStringLen (in: pbstr=0x73f0dc*=0x0, psz="C:", len=0x2 | out: pbstr=0x73f0dc*="C:") returned 1 [0264.211] SysReAllocStringLen (in: pbstr=0x73f098*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73f098*="C:\\") returned 1 [0264.211] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.211] SysReAllocStringLen (in: pbstr=0x73f094*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73f094*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0264.211] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\") returned 0x20 [0264.211] SetLastError (dwErrCode=0x0) [0264.211] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0264.212] GetLastError () returned 0x0 [0264.212] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73f100 | out: lpFindFileData=0x73f100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x9205a8, ftLastAccessTime.dwLowDateTime=0xa, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x2000e, ftLastWriteTime.dwHighDateTime=0x935090, nFileSizeHigh=0x9354c8, nFileSizeLow=0x920598, dwReserved0=0x900000, dwReserved1=0x73f14c, cFileName="s蚆矘\n", cAlternateFileName="뉄\x92H")) returned 0xffffffff [0264.212] GetLastError () returned 0x2 [0264.212] SysReAllocStringLen (in: pbstr=0x73f0d4*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73f0d4*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0264.212] SysReAllocStringLen (in: pbstr=0x73f358*="C:\\Users\\OQXZRA~1\\AppData\\Local\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local", len=0x1f | out: pbstr=0x73f358*="C:\\Users\\OQXZRA~1\\AppData\\Local") returned 1 [0264.212] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x73ebe4, lpFilePart=0x73ebe0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local", lpFilePart=0x73ebe0*="Local") returned 0x1f [0264.212] SysReAllocStringLen (in: pbstr=0x73ee24*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ee24*="C:") returned 1 [0264.212] SysReAllocStringLen (in: pbstr=0x73ede0*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ede0*="C:\\") returned 1 [0264.212] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.212] SysReAllocStringLen (in: pbstr=0x73eddc*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73eddc*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0264.212] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\oqxzra~1\\appdata\\") returned 0x1a [0264.212] SetLastError (dwErrCode=0x0) [0264.212] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0264.212] GetLastError () returned 0x0 [0264.213] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73ee48 | out: lpFindFileData=0x73ee48*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x920670, ftLastAccessTime.dwLowDateTime=0xd, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0xd000e, ftLastWriteTime.dwHighDateTime=0x939588, nFileSizeHigh=0x939bc8, nFileSizeLow=0x920660, dwReserved0=0x900000, dwReserved1=0x73ee94, cFileName="s蚆矘\n", cAlternateFileName="뒜\x93>")) returned 0xffffffff [0264.213] GetLastError () returned 0x2 [0264.213] SysReAllocStringLen (in: pbstr=0x73ee1c*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73ee1c*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0264.213] SysReAllocStringLen (in: pbstr=0x73f0a0*="C:\\Users\\OQXZRA~1\\AppData\\", psz="C:\\Users\\OQXZRA~1\\AppData", len=0x19 | out: pbstr=0x73f0a0*="C:\\Users\\OQXZRA~1\\AppData") returned 1 [0264.213] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData", nBufferLength=0x104, lpBuffer=0x73e92c, lpFilePart=0x73e928 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData", lpFilePart=0x73e928*="AppData") returned 0x19 [0264.213] SysReAllocStringLen (in: pbstr=0x73eb6c*=0x0, psz="C:", len=0x2 | out: pbstr=0x73eb6c*="C:") returned 1 [0264.214] SysReAllocStringLen (in: pbstr=0x73eb28*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73eb28*="C:\\") returned 1 [0264.214] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.214] SysReAllocStringLen (in: pbstr=0x73eb24*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73eb24*="C:\\Users\\OQXZRA~1\\") returned 1 [0264.214] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\", cchLength=0x12 | out: lpsz="c:\\users\\oqxzra~1\\") returned 0x12 [0264.214] SetLastError (dwErrCode=0x0) [0264.214] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0264.214] GetLastError () returned 0x0 [0264.214] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73eb90 | out: lpFindFileData=0x73eb90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x90b1f8, ftLastAccessTime.dwLowDateTime=0x19, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0xa0011, ftLastWriteTime.dwHighDateTime=0x9248e8, nFileSizeHigh=0x925020, nFileSizeLow=0x90b1e8, dwReserved0=0x900000, dwReserved1=0x73ebdc, cFileName="s蚆矘\n", cAlternateFileName="䨼\x922")) returned 0xffffffff [0264.214] GetLastError () returned 0x2 [0264.214] SysReAllocStringLen (in: pbstr=0x73eb64*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73eb64*="C:\\Users\\OQXZRA~1\\") returned 1 [0264.215] SysReAllocStringLen (in: pbstr=0x73ede8*="C:\\Users\\OQXZRA~1\\", psz="C:\\Users\\OQXZRA~1", len=0x11 | out: pbstr=0x73ede8*="C:\\Users\\OQXZRA~1") returned 1 [0264.215] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1", nBufferLength=0x104, lpBuffer=0x73e674, lpFilePart=0x73e670 | out: lpBuffer="C:\\Users\\OQXZRA~1", lpFilePart=0x73e670*="OQXZRA~1") returned 0x11 [0264.215] SysReAllocStringLen (in: pbstr=0x73e8b4*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e8b4*="C:") returned 1 [0264.215] SysReAllocStringLen (in: pbstr=0x73e870*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e870*="C:\\") returned 1 [0264.215] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.215] SysReAllocStringLen (in: pbstr=0x73e86c*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e86c*="C:\\Users\\") returned 1 [0264.215] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0264.215] SetLastError (dwErrCode=0x0) [0264.215] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0264.215] GetLastError () returned 0x0 [0264.215] FindFirstFileW (in: lpFileName="C:\\Users\\" (normalized: "c:\\users"), lpFindFileData=0x73e8d8 | out: lpFindFileData=0x73e8d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x90b1f8, ftLastAccessTime.dwLowDateTime=0x14, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x190012, ftLastWriteTime.dwHighDateTime=0x9248e8, nFileSizeHigh=0x924eb8, nFileSizeLow=0x90b1e8, dwReserved0=0x900000, dwReserved1=0x73e924, cFileName="s蚆矘\n", cAlternateFileName="䮤\x92\"")) returned 0xffffffff [0264.215] GetLastError () returned 0x2 [0264.215] SysReAllocStringLen (in: pbstr=0x73e8ac*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e8ac*="C:\\Users\\") returned 1 [0264.215] SysReAllocStringLen (in: pbstr=0x73eb30*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x73eb30*="C:\\Users") returned 1 [0264.216] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x73e3bc, lpFilePart=0x73e3b8 | out: lpBuffer="C:\\Users", lpFilePart=0x73e3b8*="Users") returned 0x8 [0264.216] SysReAllocStringLen (in: pbstr=0x73e5fc*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e5fc*="C:") returned 1 [0264.216] SysReAllocStringLen (in: pbstr=0x73e5b8*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e5b8*="C:\\") returned 1 [0264.216] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.216] SysReAllocStringLen (in: pbstr=0x73e5b4*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e5b4*="C:\\") returned 1 [0264.216] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0264.216] SetLastError (dwErrCode=0x0) [0264.216] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0264.216] GetLastError () returned 0x0 [0264.216] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x73e620 | out: lpFindFileData=0x73e620*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x29a50bc2, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73e66c, cFileName="Users", cAlternateFileName="")) returned 0x91e030 [0264.216] FileTimeToLocalFileTime (in: lpFileTime=0x73e634, lpLocalFileTime=0x73e5a4 | out: lpLocalFileTime=0x73e5a4) returned 1 [0264.216] FileTimeToDosDateTime (in: lpFileTime=0x73e5a4, lpFatDate=0x73e602, lpFatTime=0x73e600 | out: lpFatDate=0x73e602, lpFatTime=0x73e600) returned 1 [0264.216] FindClose (in: hFindFile=0x91e030 | out: hFindFile=0x91e030) returned 1 [0264.217] SysReAllocStringLen (in: pbstr=0x73eb30*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x73eb30*="C:\\Users") returned 1 [0264.217] SysReAllocStringLen (in: pbstr=0x73e8a4*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x73e8a4*="C:\\Users") returned 1 [0264.217] SysReAllocStringLen (in: pbstr=0x73eb30*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x73eb30*="C:\\Users\\") returned 1 [0264.217] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73e8d8 | out: lpFindFileData=0x73e8d8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29c66c9e, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73e924, cFileName="OqXZRaykm", cAlternateFileName="OQXZRA~1")) returned 0x91e030 [0264.217] FileTimeToLocalFileTime (in: lpFileTime=0x73e8ec, lpLocalFileTime=0x73e85c | out: lpLocalFileTime=0x73e85c) returned 1 [0264.217] FileTimeToDosDateTime (in: lpFileTime=0x73e85c, lpFatDate=0x73e8ba, lpFatTime=0x73e8b8 | out: lpFatDate=0x73e8ba, lpFatTime=0x73e8b8) returned 1 [0264.217] FindClose (in: hFindFile=0x91e030 | out: hFindFile=0x91e030) returned 1 [0264.218] SysReAllocStringLen (in: pbstr=0x73ede8*="C:\\Users\\OQXZRA~1", psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73ede8*="C:\\Users\\OqXZRaykm") returned 1 [0264.218] SysReAllocStringLen (in: pbstr=0x73eb5c*=0x0, psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73eb5c*="C:\\Users\\OqXZRaykm") returned 1 [0264.218] SysReAllocStringLen (in: pbstr=0x73ede8*="C:\\Users\\OqXZRaykm", psz="C:\\Users\\OqXZRaykm\\", len=0x13 | out: pbstr=0x73ede8*="C:\\Users\\OqXZRaykm\\") returned 1 [0264.218] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73eb90 | out: lpFindFileData=0x73eb90*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29de43c9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73ebdc, cFileName="AppData", cAlternateFileName="")) returned 0x91deb0 [0264.218] FileTimeToLocalFileTime (in: lpFileTime=0x73eba4, lpLocalFileTime=0x73eb14 | out: lpLocalFileTime=0x73eb14) returned 1 [0264.218] FileTimeToDosDateTime (in: lpFileTime=0x73eb14, lpFatDate=0x73eb72, lpFatTime=0x73eb70 | out: lpFatDate=0x73eb72, lpFatTime=0x73eb70) returned 1 [0264.218] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0264.218] SysReAllocStringLen (in: pbstr=0x73f0a0*="C:\\Users\\OQXZRA~1\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73f0a0*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0264.218] SysReAllocStringLen (in: pbstr=0x73ee14*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73ee14*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0264.219] SysReAllocStringLen (in: pbstr=0x73f0a0*="C:\\Users\\OqXZRaykm\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData\\", len=0x1b | out: pbstr=0x73f0a0*="C:\\Users\\OqXZRaykm\\AppData\\") returned 1 [0264.219] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73ee48 | out: lpFindFileData=0x73ee48*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2deab81f, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7e8773d3, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73ee94, cFileName="Local", cAlternateFileName="")) returned 0x91deb0 [0264.219] FileTimeToLocalFileTime (in: lpFileTime=0x73ee5c, lpLocalFileTime=0x73edcc | out: lpLocalFileTime=0x73edcc) returned 1 [0264.219] FileTimeToDosDateTime (in: lpFileTime=0x73edcc, lpFatDate=0x73ee2a, lpFatTime=0x73ee28 | out: lpFatDate=0x73ee2a, lpFatTime=0x73ee28) returned 1 [0264.219] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0264.219] SysReAllocStringLen (in: pbstr=0x73f358*="C:\\Users\\OQXZRA~1\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73f358*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0264.219] SysReAllocStringLen (in: pbstr=0x73f0cc*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73f0cc*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0264.219] SysReAllocStringLen (in: pbstr=0x73f358*="C:\\Users\\OqXZRaykm\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\", len=0x21 | out: pbstr=0x73f358*="C:\\Users\\OqXZRaykm\\AppData\\Local\\") returned 1 [0264.219] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73f100 | out: lpFindFileData=0x73f100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6d556de9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d556de9, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73f14c, cFileName="Temp", cAlternateFileName="")) returned 0x91deb0 [0264.220] FileTimeToLocalFileTime (in: lpFileTime=0x73f114, lpLocalFileTime=0x73f084 | out: lpLocalFileTime=0x73f084) returned 1 [0264.220] FileTimeToDosDateTime (in: lpFileTime=0x73f084, lpFatDate=0x73f0e2, lpFatTime=0x73f0e0 | out: lpFatDate=0x73f0e2, lpFatTime=0x73f0e0) returned 1 [0264.220] FindClose (in: hFindFile=0x91deb0 | out: hFindFile=0x91deb0) returned 1 [0264.220] SysReAllocStringLen (in: pbstr=0x73f610*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73f610*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0264.220] SysReAllocStringLen (in: pbstr=0x73f384*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73f384*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0264.220] SysReAllocStringLen (in: pbstr=0x73f610*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\", len=0x26 | out: pbstr=0x73f610*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\") returned 1 [0264.220] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73f3b8 | out: lpFindFileData=0x73f3b8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6d556de9, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x6d7469be, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d7469be, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RarSFX1", cAlternateFileName="")) returned 0x91d970 [0264.220] FileTimeToLocalFileTime (in: lpFileTime=0x73f3cc, lpLocalFileTime=0x73f33c | out: lpLocalFileTime=0x73f33c) returned 1 [0264.220] FileTimeToDosDateTime (in: lpFileTime=0x73f33c, lpFatDate=0x73f39a, lpFatTime=0x73f398 | out: lpFatDate=0x73f39a, lpFatTime=0x73f398) returned 1 [0264.221] FindClose (in: hFindFile=0x91d970 | out: hFindFile=0x91d970) returned 1 [0264.221] SysReAllocStringLen (in: pbstr=0x73f654*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73f654*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0264.222] SysReAllocStringLen (in: pbstr=0x73f688*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", len=0x3d | out: pbstr=0x73f688*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config") returned 1 [0264.222] SysReAllocStringLen (in: pbstr=0x73f638*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", len=0x3d | out: pbstr=0x73f638*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config") returned 1 [0264.222] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", cchLength=0x3d | out: lpsz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe.config") returned 0x3d [0264.222] SysReAllocStringLen (in: pbstr=0x73f688*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe.config", len=0x3d | out: pbstr=0x73f688*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe.config") returned 1 [0264.223] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x298 [0264.223] GetLastError () returned 0x0 [0264.223] SysReAllocStringLen (in: pbstr=0x73f6a8*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x73f6a8*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0264.223] GetThreadLocale () returned 0x409 [0264.223] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0264.223] GetThreadLocale () returned 0x409 [0264.223] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0264.223] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x104, lpBuffer=0x73f42c, lpFilePart=0x73f428 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x73f428*="machine.config") returned 0x43 [0264.224] SysReAllocStringLen (in: pbstr=0x73f6a8*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x73f6a8*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0264.224] SysReAllocStringLen (in: pbstr=0x73f658*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x73f658*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0264.224] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchLength=0x43 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 0x43 [0264.224] SysReAllocStringLen (in: pbstr=0x73f6a8*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x73f6a8*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 1 [0264.224] SetLastError (dwErrCode=0x0) [0264.225] GetCurrentThreadId () returned 0xfe0 [0264.225] GetCurrentThreadId () returned 0xfe0 [0264.225] GetCurrentThreadId () returned 0xfe0 [0264.225] GetCurrentThreadId () returned 0xfe0 [0264.225] GetCurrentThreadId () returned 0xfe0 [0264.225] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0264.225] GetCurrentThreadId () returned 0xfe0 [0264.225] GetCurrentThreadId () returned 0xfe0 [0264.225] GetCurrentThreadId () returned 0xfe0 [0264.225] SetEvent (hEvent=0x1f8) returned 1 [0264.225] ReadFile (in: hFile=0x298, lpBuffer=0x93e268, nNumberOfBytesToRead=0xfff, lpNumberOfBytesRead=0x73f6b0, lpOverlapped=0x0 | out: lpBuffer=0x93e268*, lpNumberOfBytesRead=0x73f6b0*=0xfff, lpOverlapped=0x0) returned 1 [0264.228] GetCurrentThreadId () returned 0xfe0 [0264.228] GetCurrentThreadId () returned 0xfe0 [0264.228] GetCurrentThreadId () returned 0xfe0 [0264.228] GetCurrentThreadId () returned 0xfe0 [0264.228] GetCurrentThreadId () returned 0xfe0 [0264.228] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0264.228] GetCurrentThreadId () returned 0xfe0 [0264.228] GetCurrentThreadId () returned 0xfe0 [0264.228] GetCurrentThreadId () returned 0xfe0 [0264.228] SetEvent (hEvent=0x1f8) returned 1 [0264.228] ReadFile (in: hFile=0x298, lpBuffer=0x9435f0, nNumberOfBytesToRead=0x17f7, lpNumberOfBytesRead=0x73f698, lpOverlapped=0x0 | out: lpBuffer=0x9435f0*, lpNumberOfBytesRead=0x73f698*=0x17f7, lpOverlapped=0x0) returned 1 [0264.369] GetCurrentThreadId () returned 0xfe0 [0264.369] GetCurrentThreadId () returned 0xfe0 [0264.369] GetCurrentThreadId () returned 0xfe0 [0264.369] GetCurrentThreadId () returned 0xfe0 [0264.369] GetCurrentThreadId () returned 0xfe0 [0264.369] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0264.369] GetCurrentThreadId () returned 0xfe0 [0264.369] GetCurrentThreadId () returned 0xfe0 [0264.369] GetCurrentThreadId () returned 0xfe0 [0264.369] SetEvent (hEvent=0x1f8) returned 1 [0264.369] ReadFile (in: hFile=0x298, lpBuffer=0x9435f0, nNumberOfBytesToRead=0x1001, lpNumberOfBytesRead=0x73f6a8, lpOverlapped=0x0 | out: lpBuffer=0x9435f0*, lpNumberOfBytesRead=0x73f6a8*=0x1001, lpOverlapped=0x0) returned 1 [0264.370] GetCurrentThreadId () returned 0xfe0 [0264.370] GetCurrentThreadId () returned 0xfe0 [0264.370] GetCurrentThreadId () returned 0xfe0 [0264.370] GetCurrentThreadId () returned 0xfe0 [0264.370] GetCurrentThreadId () returned 0xfe0 [0264.371] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0264.371] GetCurrentThreadId () returned 0xfe0 [0264.371] GetCurrentThreadId () returned 0xfe0 [0264.371] GetCurrentThreadId () returned 0xfe0 [0264.371] SetEvent (hEvent=0x1f8) returned 1 [0264.371] ReadFile (in: hFile=0x298, lpBuffer=0x9435f0, nNumberOfBytesToRead=0x1002, lpNumberOfBytesRead=0x73f6a8, lpOverlapped=0x0 | out: lpBuffer=0x9435f0*, lpNumberOfBytesRead=0x73f6a8*=0x1002, lpOverlapped=0x0) returned 1 [0264.372] GetCurrentThreadId () returned 0xfe0 [0264.372] GetCurrentThreadId () returned 0xfe0 [0264.372] GetCurrentThreadId () returned 0xfe0 [0264.372] GetCurrentThreadId () returned 0xfe0 [0264.372] GetCurrentThreadId () returned 0xfe0 [0264.372] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0264.372] GetCurrentThreadId () returned 0xfe0 [0264.372] GetCurrentThreadId () returned 0xfe0 [0264.372] GetCurrentThreadId () returned 0xfe0 [0264.372] SetEvent (hEvent=0x1f8) returned 1 [0264.372] ReadFile (in: hFile=0x298, lpBuffer=0x93c260, nNumberOfBytesToRead=0x1f28, lpNumberOfBytesRead=0x73f69c, lpOverlapped=0x0 | out: lpBuffer=0x93c260*, lpNumberOfBytesRead=0x73f69c*=0x1f28, lpOverlapped=0x0) returned 1 [0264.374] GetCurrentThreadId () returned 0xfe0 [0264.374] ResetEvent (hEvent=0x1f4) returned 1 [0264.374] GetCurrentThreadId () returned 0xfe0 [0264.374] GetCurrentThreadId () returned 0xfe0 [0264.374] GetCurrentThreadId () returned 0xfe0 [0264.374] GetCurrentThreadId () returned 0xfe0 [0264.374] ResetEvent (hEvent=0x1f4) returned 1 [0264.374] GetCurrentThreadId () returned 0xfe0 [0264.374] GetCurrentThreadId () returned 0xfe0 [0264.374] SetEvent (hEvent=0x1f8) returned 1 [0264.374] SetEvent (hEvent=0x1f4) returned 1 [0264.374] CloseHandle (hObject=0x298) returned 1 [0264.375] SysReAllocStringLen (in: pbstr=0x73fc18*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73fc18*="kernel32") returned 1 [0264.375] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0264.375] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0264.378] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNumaHighestNodeNumber") returned 0x75cf9850 [0264.397] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr="kernel32", cbMultiByte=8, lpWideCharStr=0x73ebfc, cchWideChar=2047 | out: lpWideCharStr="kernel32\峞砀㤀㄀㐀珬︀\矘d") returned 8 [0264.397] SysReAllocStringLen (in: pbstr=0x73fc00*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73fc00*="kernel32") returned 1 [0264.397] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0264.397] GetModuleHandleA (lpModuleName="kernel32") returned 0x75ce0000 [0264.400] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsSetValue") returned 0x75d01140 [0264.650] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsGetValue") returned 0x75cfe6d0 [0264.653] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsAlloc") returned 0x75d01d80 [0264.655] GetProcAddress (hModule=0x75ce0000, lpProcName="FlsFree") returned 0x75d01fb0 [0264.663] SysReAllocStringLen (in: pbstr=0x73f348*=0x0, psz="KERNEL32.DLL", len=0xc | out: pbstr=0x73f348*="KERNEL32.DLL") returned 1 [0264.664] CharLowerBuffW (in: lpsz="KERNEL32.DLL", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0264.664] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x75ce0000 [0264.666] GetProcAddress (hModule=0x75ce0000, lpProcName="GetSystemWindowsDirectoryW") returned 0x75cf9460 [0264.673] SysReAllocStringLen (in: pbstr=0x73f654*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x73f654*="advapi32") returned 1 [0264.673] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0264.673] GetModuleHandleW (lpModuleName="advapi32") returned 0x75ff0000 [0264.673] GetProcAddress (hModule=0x75ff0000, lpProcName="AllocateAndInitializeSid") returned 0x7600e580 [0264.674] GetProcAddress (hModule=0x75ff0000, lpProcName="OpenProcessToken") returned 0x7600df20 [0264.674] GetProcAddress (hModule=0x75ff0000, lpProcName="GetTokenInformation") returned 0x7600db80 [0264.674] GetCurrentThreadId () returned 0xfe0 [0264.674] ResetEvent (hEvent=0x1f4) returned 1 [0264.674] GetCurrentThreadId () returned 0xfe0 [0264.674] GetCurrentThreadId () returned 0xfe0 [0264.674] GetCurrentThreadId () returned 0xfe0 [0264.674] GetCurrentThreadId () returned 0xfe0 [0264.674] ResetEvent (hEvent=0x1f4) returned 1 [0264.674] GetCurrentThreadId () returned 0xfe0 [0264.674] GetCurrentThreadId () returned 0xfe0 [0264.674] SetEvent (hEvent=0x1f8) returned 1 [0264.674] SetEvent (hEvent=0x1f4) returned 1 [0264.674] CloseHandle (hObject=0x2b4) returned 1 [0264.674] GetCurrentThreadId () returned 0xfe0 [0264.674] ResetEvent (hEvent=0x1f4) returned 1 [0264.674] GetCurrentThreadId () returned 0xfe0 [0264.674] GetCurrentThreadId () returned 0xfe0 [0264.674] GetCurrentThreadId () returned 0xfe0 [0264.675] GetCurrentThreadId () returned 0xfe0 [0264.675] ResetEvent (hEvent=0x1f4) returned 1 [0264.675] GetCurrentThreadId () returned 0xfe0 [0264.675] GetCurrentThreadId () returned 0xfe0 [0264.675] SetEvent (hEvent=0x1f8) returned 1 [0264.675] SetEvent (hEvent=0x1f4) returned 1 [0264.675] CloseHandle (hObject=0x2b8) returned 1 [0264.675] GetProcAddress (hModule=0x75ff0000, lpProcName="InitializeAcl") returned 0x7600e7c0 [0264.675] GetProcAddress (hModule=0x75ff0000, lpProcName="AddAccessAllowedAce") returned 0x7600e660 [0264.675] GetProcAddress (hModule=0x75ff0000, lpProcName="FreeSid") returned 0x7600edc0 [0264.676] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x92cbd0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x390, lpName="Global\\Cor_Private_IPCBlock_v4_5160") returned 0x2b8 [0264.676] GetCurrentThreadId () returned 0xfe0 [0264.676] ResetEvent (hEvent=0x1f4) returned 1 [0264.676] GetCurrentThreadId () returned 0xfe0 [0264.676] GetCurrentThreadId () returned 0xfe0 [0264.676] GetCurrentThreadId () returned 0xfe0 [0264.676] GetCurrentThreadId () returned 0xfe0 [0264.676] ResetEvent (hEvent=0x1f4) returned 1 [0264.676] GetCurrentThreadId () returned 0xfe0 [0264.676] GetCurrentThreadId () returned 0xfe0 [0264.677] SetEvent (hEvent=0x1f8) returned 1 [0264.677] SetEvent (hEvent=0x1f4) returned 1 [0264.677] GetCurrentThreadId () returned 0xfe0 [0264.677] GetCurrentThreadId () returned 0xfe0 [0264.677] GetCurrentThreadId () returned 0xfe0 [0264.677] GetCurrentThreadId () returned 0xfe0 [0264.677] GetCurrentThreadId () returned 0xfe0 [0264.677] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0264.677] GetCurrentThreadId () returned 0xfe0 [0264.677] GetCurrentThreadId () returned 0xfe0 [0264.677] GetCurrentThreadId () returned 0xfe0 [0264.677] SetEvent (hEvent=0x1f8) returned 1 [0264.677] MapViewOfFile (hFileMappingObject=0x2b8, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x22d0000 [0264.678] SysReAllocStringLen (in: pbstr=0x73f654*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x73f654*="advapi32") returned 1 [0264.678] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0264.678] GetModuleHandleW (lpModuleName="advapi32") returned 0x75ff0000 [0264.678] GetProcAddress (hModule=0x75ff0000, lpProcName="AllocateAndInitializeSid") returned 0x7600e580 [0264.678] GetProcAddress (hModule=0x75ff0000, lpProcName="OpenProcessToken") returned 0x7600df20 [0264.679] GetProcAddress (hModule=0x75ff0000, lpProcName="GetTokenInformation") returned 0x7600db80 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] ResetEvent (hEvent=0x1f4) returned 1 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] ResetEvent (hEvent=0x1f4) returned 1 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] SetEvent (hEvent=0x1f8) returned 1 [0264.679] SetEvent (hEvent=0x1f4) returned 1 [0264.679] CloseHandle (hObject=0x2b4) returned 1 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] ResetEvent (hEvent=0x1f4) returned 1 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] ResetEvent (hEvent=0x1f4) returned 1 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] GetCurrentThreadId () returned 0xfe0 [0264.679] SetEvent (hEvent=0x1f8) returned 1 [0264.679] SetEvent (hEvent=0x1f4) returned 1 [0264.679] CloseHandle (hObject=0x2bc) returned 1 [0264.680] SysReAllocStringLen (in: pbstr=0x73f3bc*=0x0, psz="combase.dll", len=0xb | out: pbstr=0x73f3bc*="combase.dll") returned 1 [0264.680] CharLowerBuffW (in: lpsz="combase.dll", cchLength=0xb | out: lpsz="combase.dll") returned 0xb [0264.680] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\combase.dll", hFile=0x0, dwFlags=0x0) returned 0x777e0000 [0264.680] GetLastError () returned 0x0 [0264.680] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.681] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0264.681] GetModuleFileNameA (in: hModule=0x777e0000, lpFilename=0x73f2a0, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0264.681] GetCurrentProcess () returned 0xffffffff [0264.681] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f3a4*=0x77a223c8, NumberOfBytesToProtect=0x73f3a8, NewAccessProtection=0x4, OldAccessProtection=0x73f3dc | out: BaseAddress=0x73f3a4*=0x77a22000, NumberOfBytesToProtect=0x73f3a8, OldAccessProtection=0x73f3dc*=0x2) returned 0x0 [0264.681] GetCurrentProcess () returned 0xffffffff [0264.681] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f3a4*=0x77a223c8, NumberOfBytesToProtect=0x73f3a8, NewAccessProtection=0x2, OldAccessProtection=0x73f3dc | out: BaseAddress=0x73f3a4*=0x77a22000, NumberOfBytesToProtect=0x73f3a8, OldAccessProtection=0x73f3dc*=0x4) returned 0x0 [0264.681] GetCurrentProcess () returned 0xffffffff [0264.681] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f3a4*=0x77a223d4, NumberOfBytesToProtect=0x73f3a8, NewAccessProtection=0x4, OldAccessProtection=0x73f3dc | out: BaseAddress=0x73f3a4*=0x77a22000, NumberOfBytesToProtect=0x73f3a8, OldAccessProtection=0x73f3dc*=0x2) returned 0x0 [0264.682] GetCurrentProcess () returned 0xffffffff [0264.682] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f3a4*=0x77a223d4, NumberOfBytesToProtect=0x73f3a8, NewAccessProtection=0x2, OldAccessProtection=0x73f3dc | out: BaseAddress=0x73f3a4*=0x77a22000, NumberOfBytesToProtect=0x73f3a8, OldAccessProtection=0x73f3dc*=0x4) returned 0x0 [0264.735] SetLastError (dwErrCode=0x0) [0264.735] GetProcAddress (hModule=0x777e0000, lpProcName="RoInitialize") returned 0x778fca50 [0264.736] FreeLibrary (hLibModule=0x777e0000) returned 1 [0264.736] GetProcAddress (hModule=0x75ff0000, lpProcName="InitializeAcl") returned 0x7600e7c0 [0264.736] GetProcAddress (hModule=0x75ff0000, lpProcName="AddAccessAllowedAce") returned 0x7600e660 [0264.736] GetProcAddress (hModule=0x75ff0000, lpProcName="FreeSid") returned 0x7600edc0 [0264.737] SysReAllocStringLen (in: pbstr=0x73f628*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73f628*="kernel32.dll") returned 1 [0264.737] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0264.737] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.739] GetProcAddress (hModule=0x75ce0000, lpProcName="AddSIDToBoundaryDescriptor") returned 0x75cf9790 [0264.742] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateBoundaryDescriptorW") returned 0x75cf9670 [0264.744] GetProcAddress (hModule=0x75ce0000, lpProcName="CreatePrivateNamespaceW") returned 0x75cf9520 [0264.748] GetProcAddress (hModule=0x75ce0000, lpProcName="OpenPrivateNamespaceW") returned 0x75cf9930 [0264.749] SysReAllocStringLen (in: pbstr=0x73f55c*=0x0, psz="advapi32", len=0x8 | out: pbstr=0x73f55c*="advapi32") returned 1 [0264.749] CharLowerBuffW (in: lpsz="advapi32", cchLength=0x8 | out: lpsz="advapi32") returned 0x8 [0264.749] GetModuleHandleW (lpModuleName="advapi32") returned 0x75ff0000 [0264.749] GetProcAddress (hModule=0x75ff0000, lpProcName="AllocateAndInitializeSid") returned 0x7600e580 [0264.749] GetProcAddress (hModule=0x75ff0000, lpProcName="OpenProcessToken") returned 0x7600df20 [0264.750] GetProcAddress (hModule=0x75ff0000, lpProcName="GetTokenInformation") returned 0x7600db80 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] ResetEvent (hEvent=0x1f4) returned 1 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] ResetEvent (hEvent=0x1f4) returned 1 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] SetEvent (hEvent=0x1f8) returned 1 [0264.750] SetEvent (hEvent=0x1f4) returned 1 [0264.750] CloseHandle (hObject=0x2bc) returned 1 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] ResetEvent (hEvent=0x1f4) returned 1 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] ResetEvent (hEvent=0x1f4) returned 1 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] GetCurrentThreadId () returned 0xfe0 [0264.750] SetEvent (hEvent=0x1f8) returned 1 [0264.750] SetEvent (hEvent=0x1f4) returned 1 [0264.750] CloseHandle (hObject=0x2b4) returned 1 [0264.751] GetProcAddress (hModule=0x75ff0000, lpProcName="InitializeAcl") returned 0x7600e7c0 [0264.751] GetProcAddress (hModule=0x75ff0000, lpProcName="AddAccessAllowedAce") returned 0x7600e660 [0264.751] GetProcAddress (hModule=0x75ff0000, lpProcName="FreeSid") returned 0x7600edc0 [0264.752] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x92cbe8, flProtect=0x8000004, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10000, lpName="Cor_CLR_WRITER\\Cor_SxSPublic_IPCBlock") returned 0x2bc [0264.752] GetCurrentThreadId () returned 0xfe0 [0264.752] ResetEvent (hEvent=0x1f4) returned 1 [0264.752] GetCurrentThreadId () returned 0xfe0 [0264.752] GetCurrentThreadId () returned 0xfe0 [0264.752] GetCurrentThreadId () returned 0xfe0 [0264.752] GetCurrentThreadId () returned 0xfe0 [0264.752] ResetEvent (hEvent=0x1f4) returned 1 [0264.752] GetCurrentThreadId () returned 0xfe0 [0264.752] GetCurrentThreadId () returned 0xfe0 [0264.752] SetEvent (hEvent=0x1f8) returned 1 [0264.752] SetEvent (hEvent=0x1f4) returned 1 [0264.752] GetCurrentThreadId () returned 0xfe0 [0264.753] GetCurrentThreadId () returned 0xfe0 [0264.753] GetCurrentThreadId () returned 0xfe0 [0264.753] GetCurrentThreadId () returned 0xfe0 [0264.753] GetCurrentThreadId () returned 0xfe0 [0264.753] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0264.753] GetCurrentThreadId () returned 0xfe0 [0264.753] GetCurrentThreadId () returned 0xfe0 [0264.753] GetCurrentThreadId () returned 0xfe0 [0264.753] SetEvent (hEvent=0x1f8) returned 1 [0264.753] MapViewOfFile (hFileMappingObject=0x2bc, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2440000 [0264.754] SysReAllocStringLen (in: pbstr=0x73f734*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73f734*="kernel32.dll") returned 1 [0264.754] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0264.754] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.756] GetProcAddress (hModule=0x75ce0000, lpProcName="DeleteBoundaryDescriptor") returned 0x75cf9730 [0264.765] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\clr_v4.0_32\\usagelogs\\gesf.exe.log"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xffffffff [0264.765] GetLastError () returned 0x2 [0264.766] SysReAllocStringLen (in: pbstr=0x73fb5c*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log", len=0x4d | out: pbstr=0x73fb5c*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log") returned 1 [0264.766] GetThreadLocale () returned 0x409 [0264.766] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0264.766] GetThreadLocale () returned 0x409 [0264.766] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0264.766] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log", nBufferLength=0x104, lpBuffer=0x73f8e0, lpFilePart=0x73f8dc | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log", lpFilePart=0x73f8dc*="gesf.exe.log") returned 0x4d [0264.766] SysReAllocStringLen (in: pbstr=0x73fb5c*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log", len=0x4d | out: pbstr=0x73fb5c*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log") returned 1 [0264.766] SysReAllocStringLen (in: pbstr=0x73fb0c*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log", len=0x4d | out: pbstr=0x73fb0c*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log") returned 1 [0264.766] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log", cchLength=0x4d | out: lpsz="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\clr_v4.0_32\\usagelogs\\gesf.exe.log") returned 0x4d [0264.766] SysReAllocStringLen (in: pbstr=0x73fb5c*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Microsoft\\CLR_v4.0_32\\UsageLogs\\gesf.exe.log", psz="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\clr_v4.0_32\\usagelogs\\gesf.exe.log", len=0x4d | out: pbstr=0x73fb5c*="c:\\users\\oqxzraykm\\appdata\\local\\microsoft\\clr_v4.0_32\\usagelogs\\gesf.exe.log") returned 1 [0264.766] SetLastError (dwErrCode=0x2) [0264.802] SysReAllocStringLen (in: pbstr=0x73f9d8*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73f9d8*="kernel32") returned 1 [0264.802] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0264.802] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0264.804] GetProcAddress (hModule=0x75ce0000, lpProcName="WerRegisterRuntimeExceptionModule") returned 0x75cf9770 [0264.809] SysReAllocStringLen (in: pbstr=0x73fb20*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73fb20*="kernel32.dll") returned 1 [0264.809] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0264.809] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0264.811] GetProcAddress (hModule=0x75ce0000, lpProcName="RaiseException") returned 0x75d00510 [0264.814] SysReAllocStringLen (in: pbstr=0x73fc1c*=0x0, psz="mscoree.dll", len=0xb | out: pbstr=0x73fc1c*="mscoree.dll") returned 1 [0264.814] CharLowerBuffW (in: lpsz="mscoree.dll", cchLength=0xb | out: lpsz="mscoree.dll") returned 0xb [0264.814] GetModuleHandleW (lpModuleName="mscoree.dll") returned 0x700a0000 [0264.814] GetProcAddress (hModule=0x700a0000, lpProcName=0x18) returned 0x700b4420 [0264.814] GetProcAddress (hModule=0x70000000, lpProcName=0x18) returned 0x7000e3f0 [0264.815] GetCurrentThreadId () returned 0xfe0 [0264.815] ResetEvent (hEvent=0x1f4) returned 1 [0264.815] GetCurrentThreadId () returned 0xfe0 [0264.815] GetCurrentThreadId () returned 0xfe0 [0264.815] GetCurrentThreadId () returned 0xfe0 [0264.815] GetCurrentThreadId () returned 0xfe0 [0264.815] ResetEvent (hEvent=0x1f4) returned 1 [0264.815] GetCurrentThreadId () returned 0xfe0 [0264.816] GetCurrentThreadId () returned 0xfe0 [0264.816] SetEvent (hEvent=0x1f8) returned 1 [0264.816] SetEvent (hEvent=0x1f4) returned 1 [0264.816] CloseHandle (hObject=0x0) returned 0 [0264.817] SysReAllocStringLen (in: pbstr=0x73fa44*=0x0, psz="api-ms-win-core-memory-l1-1-0.dll", len=0x21 | out: pbstr=0x73fa44*="api-ms-win-core-memory-l1-1-0.dll") returned 1 [0264.817] CharLowerBuffW (in: lpsz="api-ms-win-core-memory-l1-1-0.dll", cchLength=0x21 | out: lpsz="api-ms-win-core-memory-l1-1-0.dll") returned 0x21 [0264.817] GetModuleHandleW (lpModuleName="api-ms-win-core-memory-l1-1-0.dll") returned 0x77580000 [0264.818] SysReAllocStringLen (in: pbstr=0x73fa44*=0x0, psz="api-ms-win-core-libraryloader-l1-1-0.dll", len=0x28 | out: pbstr=0x73fa44*="api-ms-win-core-libraryloader-l1-1-0.dll") returned 1 [0264.818] CharLowerBuffW (in: lpsz="api-ms-win-core-libraryloader-l1-1-0.dll", cchLength=0x28 | out: lpsz="api-ms-win-core-libraryloader-l1-1-0.dll") returned 0x28 [0264.818] GetModuleHandleW (lpModuleName="api-ms-win-core-libraryloader-l1-1-0.dll") returned 0x77580000 [0264.818] SysReAllocStringLen (in: pbstr=0x73fa44*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x73fa44*="ntdll.dll") returned 1 [0264.818] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0264.818] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77d40000 [0264.818] GetProcAddress (hModule=0x77580000, lpProcName="SetSystemFileCacheSize") returned 0x7772ff00 [0264.819] GetProcAddress (hModule=0x77d40000, lpProcName="NtSetSystemInformation") returned 0x77db2b50 [0264.819] GetProcAddress (hModule=0x77580000, lpProcName="PrivIsDllSynchronizationHeld") returned 0x0 [0264.821] GetCurrentThreadId () returned 0xfe0 [0264.821] ResetEvent (hEvent=0x1f4) returned 1 [0264.821] GetCurrentThreadId () returned 0xfe0 [0264.821] GetCurrentThreadId () returned 0xfe0 [0264.821] GetCurrentThreadId () returned 0xfe0 [0264.821] GetCurrentThreadId () returned 0xfe0 [0264.821] ResetEvent (hEvent=0x1f4) returned 1 [0264.821] GetCurrentThreadId () returned 0xfe0 [0264.821] GetCurrentThreadId () returned 0xfe0 [0264.821] SetEvent (hEvent=0x1f8) returned 1 [0264.821] SetEvent (hEvent=0x1f4) returned 1 [0264.821] CloseHandle (hObject=0x310) returned 1 [0264.826] SysReAllocStringLen (in: pbstr=0x73fbe0*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73fbe0*="kernel32") returned 1 [0264.826] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0264.826] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0264.829] GetProcAddress (hModule=0x75ce0000, lpProcName="AddDllDirectory") returned 0x7772d7c0 [0265.308] SysReAllocStringLen (in: pbstr=0x73f074*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73f074*="kernel32.dll") returned 1 [0265.308] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0265.309] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0265.311] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0265.314] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x394 [0265.314] GetLastError () returned 0x0 [0265.314] SysReAllocStringLen (in: pbstr=0x73f0ec*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux", len=0x6c | out: pbstr=0x73f0ec*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux") returned 1 [0265.314] GetThreadLocale () returned 0x409 [0265.314] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0265.314] GetThreadLocale () returned 0x409 [0265.314] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0265.314] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x73ee70, lpFilePart=0x73ee6c | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux", lpFilePart=0x73ee6c*="mscorlib.ni.dll.aux") returned 0x6c [0265.315] SysReAllocStringLen (in: pbstr=0x73f0ec*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux", len=0x6c | out: pbstr=0x73f0ec*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux") returned 1 [0265.315] SysReAllocStringLen (in: pbstr=0x73f09c*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux", len=0x6c | out: pbstr=0x73f09c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux") returned 1 [0265.315] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux", cchLength=0x6c | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux") returned 0x6c [0265.315] SysReAllocStringLen (in: pbstr=0x73f0ec*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux", len=0x6c | out: pbstr=0x73f0ec*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll.aux") returned 1 [0265.315] SetLastError (dwErrCode=0x0) [0265.315] GetCurrentThreadId () returned 0xfe0 [0265.315] GetCurrentThreadId () returned 0xfe0 [0265.315] GetCurrentThreadId () returned 0xfe0 [0265.315] GetCurrentThreadId () returned 0xfe0 [0265.315] GetCurrentThreadId () returned 0xfe0 [0265.316] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] SetEvent (hEvent=0x1f8) returned 1 [0265.316] GetFileSize (in: hFile=0x394, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0xb0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] SetEvent (hEvent=0x1f8) returned 1 [0265.316] ReadFile (in: hFile=0x394, lpBuffer=0x73f200, nNumberOfBytesToRead=0xb0, lpNumberOfBytesRead=0x73f1a0, lpOverlapped=0x0 | out: lpBuffer=0x73f200*, lpNumberOfBytesRead=0x73f1a0*=0xb0, lpOverlapped=0x0) returned 1 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] ResetEvent (hEvent=0x1f4) returned 1 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.316] ResetEvent (hEvent=0x1f4) returned 1 [0265.316] GetCurrentThreadId () returned 0xfe0 [0265.317] GetCurrentThreadId () returned 0xfe0 [0265.317] SetEvent (hEvent=0x1f8) returned 1 [0265.317] SetEvent (hEvent=0x1f4) returned 1 [0265.317] CloseHandle (hObject=0x394) returned 1 [0265.321] SysReAllocStringLen (in: pbstr=0x73e6b4*=0x0, psz="mscorlib.ni.dll", len=0xf | out: pbstr=0x73e6b4*="mscorlib.ni.dll") returned 1 [0265.321] CharLowerBuffW (in: lpsz="mscorlib.ni.dll", cchLength=0xf | out: lpsz="mscorlib.ni.dll") returned 0xf [0265.321] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\45cef8929f7918524d50f1f75c04b1c3\\mscorlib.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x6e370000 [0265.484] GetLastError () returned 0x0 [0265.484] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0265.484] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0265.484] SetLastError (dwErrCode=0x0) [0265.554] CreateFileW (lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x368 [0265.554] GetLastError () returned 0x0 [0265.554] SysReAllocStringLen (in: pbstr=0x73f168*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x35 | out: pbstr=0x73f168*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0265.554] GetThreadLocale () returned 0x409 [0265.555] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0265.555] GetThreadLocale () returned 0x409 [0265.555] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0265.555] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x104, lpBuffer=0x73eeec, lpFilePart=0x73eee8 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x73eee8*="gesf.exe") returned 0x35 [0265.555] SysReAllocStringLen (in: pbstr=0x73f168*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x35 | out: pbstr=0x73f168*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0265.555] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x104, lpBuffer=0x73ec34, lpFilePart=0x73ec30 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x73ec30*="gesf.exe") returned 0x35 [0265.555] SysReAllocStringLen (in: pbstr=0x73ee74*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ee74*="C:") returned 1 [0265.555] SysReAllocStringLen (in: pbstr=0x73ee30*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73ee30*="C:\\") returned 1 [0265.555] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0265.555] SysReAllocStringLen (in: pbstr=0x73ee2c*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2d | out: pbstr=0x73ee2c*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0265.555] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", cchLength=0x2d | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\") returned 0x2d [0265.555] SetLastError (dwErrCode=0x0) [0265.555] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\rarsfx1\\", cchCount1=45, lpString2="c:\\", cchCount2=3) returned 3 [0265.555] GetLastError () returned 0x0 [0265.555] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73ee98 | out: lpFindFileData=0x73ee98*(dwFileAttributes=0x95b010, ftCreationTime.dwLowDateTime=0x900000, ftCreationTime.dwHighDateTime=0x77d8f6d5, ftLastAccessTime.dwLowDateTime=0x1e, ftLastAccessTime.dwHighDateTime=0x73eedc, ftLastWriteTime.dwLowDateTime=0x77d92f90, ftLastWriteTime.dwHighDateTime=0x1, nFileSizeHigh=0x95b010, nFileSizeLow=0x1e, dwReserved0=0x1e, dwReserved1=0x95af90, cFileName="", cAlternateFileName="希\x96j")) returned 0xffffffff [0265.556] GetLastError () returned 0x2 [0265.556] SysReAllocStringLen (in: pbstr=0x73ee6c*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2d | out: pbstr=0x73ee6c*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0265.556] SysReAllocStringLen (in: pbstr=0x73f0f0*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", len=0x2c | out: pbstr=0x73f0f0*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0265.556] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", nBufferLength=0x104, lpBuffer=0x73e97c, lpFilePart=0x73e978 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", lpFilePart=0x73e978*="RarSFX1") returned 0x2c [0265.556] SysReAllocStringLen (in: pbstr=0x73ebbc*=0x0, psz="C:", len=0x2 | out: pbstr=0x73ebbc*="C:") returned 1 [0265.556] SysReAllocStringLen (in: pbstr=0x73eb78*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73eb78*="C:\\") returned 1 [0265.556] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0265.556] SysReAllocStringLen (in: pbstr=0x73eb74*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73eb74*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0265.556] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", cchLength=0x25 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\temp\\") returned 0x25 [0265.556] SetLastError (dwErrCode=0x0) [0265.556] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\temp\\", cchCount1=37, lpString2="c:\\", cchCount2=3) returned 3 [0265.556] GetLastError () returned 0x0 [0265.556] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73ebe0 | out: lpFindFileData=0x73ebe0*(dwFileAttributes=0x942598, ftCreationTime.dwLowDateTime=0x900000, ftCreationTime.dwHighDateTime=0x8000008, ftLastAccessTime.dwLowDateTime=0x8, ftLastAccessTime.dwHighDateTime=0x73ec24, ftLastWriteTime.dwLowDateTime=0x77d92f90, ftLastWriteTime.dwHighDateTime=0x1, nFileSizeHigh=0x942598, nFileSizeLow=0x8, dwReserved0=0x8, dwReserved1=0x942528, cFileName="", cAlternateFileName="囔\x93X")) returned 0xffffffff [0265.557] GetLastError () returned 0x2 [0265.557] SysReAllocStringLen (in: pbstr=0x73ebb4*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", len=0x25 | out: pbstr=0x73ebb4*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\") returned 1 [0265.557] SysReAllocStringLen (in: pbstr=0x73ee38*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", len=0x24 | out: pbstr=0x73ee38*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp") returned 1 [0265.557] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", nBufferLength=0x104, lpBuffer=0x73e6c4, lpFilePart=0x73e6c0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", lpFilePart=0x73e6c0*="Temp") returned 0x24 [0265.558] SysReAllocStringLen (in: pbstr=0x73e904*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e904*="C:") returned 1 [0265.558] SysReAllocStringLen (in: pbstr=0x73e8c0*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e8c0*="C:\\") returned 1 [0265.558] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0265.558] SysReAllocStringLen (in: pbstr=0x73e8bc*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73e8bc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0265.558] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", cchLength=0x20 | out: lpsz="c:\\users\\oqxzra~1\\appdata\\local\\") returned 0x20 [0265.558] SetLastError (dwErrCode=0x0) [0265.558] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\local\\", cchCount1=32, lpString2="c:\\", cchCount2=3) returned 3 [0265.558] GetLastError () returned 0x0 [0265.558] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73e928 | out: lpFindFileData=0x73e928*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x9206e8, ftLastAccessTime.dwLowDateTime=0x10, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x14001f, ftLastWriteTime.dwHighDateTime=0x93b258, nFileSizeHigh=0x93b808, nFileSizeLow=0x9206d8, dwReserved0=0x900000, dwReserved1=0x73e974, cFileName="s蚆矘\n", cAlternateFileName="뚬\x93H")) returned 0xffffffff [0265.558] GetLastError () returned 0x2 [0265.558] SysReAllocStringLen (in: pbstr=0x73e8fc*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\Local\\", len=0x20 | out: pbstr=0x73e8fc*="C:\\Users\\OQXZRA~1\\AppData\\Local\\") returned 1 [0265.558] SysReAllocStringLen (in: pbstr=0x73eb80*="C:\\Users\\OQXZRA~1\\AppData\\Local\\", psz="C:\\Users\\OQXZRA~1\\AppData\\Local", len=0x1f | out: pbstr=0x73eb80*="C:\\Users\\OQXZRA~1\\AppData\\Local") returned 1 [0265.559] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local", nBufferLength=0x104, lpBuffer=0x73e40c, lpFilePart=0x73e408 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local", lpFilePart=0x73e408*="Local") returned 0x1f [0265.559] SysReAllocStringLen (in: pbstr=0x73e64c*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e64c*="C:") returned 1 [0265.559] SysReAllocStringLen (in: pbstr=0x73e608*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e608*="C:\\") returned 1 [0265.559] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0265.559] SysReAllocStringLen (in: pbstr=0x73e604*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73e604*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0265.559] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\AppData\\", cchLength=0x1a | out: lpsz="c:\\users\\oqxzra~1\\appdata\\") returned 0x1a [0265.559] SetLastError (dwErrCode=0x0) [0265.559] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\appdata\\", cchCount1=26, lpString2="c:\\", cchCount2=3) returned 3 [0265.559] GetLastError () returned 0x0 [0265.559] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73e670 | out: lpFindFileData=0x73e670*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x9206e8, ftLastAccessTime.dwLowDateTime=0xe, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x1c001c, ftLastWriteTime.dwHighDateTime=0x93b258, nFileSizeHigh=0x93b758, nFileSizeLow=0x9206d8, dwReserved0=0x900000, dwReserved1=0x73e6bc, cFileName="s蚆矘\n", cAlternateFileName="렌\x93>")) returned 0xffffffff [0265.559] GetLastError () returned 0x2 [0265.559] SysReAllocStringLen (in: pbstr=0x73e644*=0x0, psz="C:\\Users\\OQXZRA~1\\AppData\\", len=0x1a | out: pbstr=0x73e644*="C:\\Users\\OQXZRA~1\\AppData\\") returned 1 [0265.559] SysReAllocStringLen (in: pbstr=0x73e8c8*="C:\\Users\\OQXZRA~1\\AppData\\", psz="C:\\Users\\OQXZRA~1\\AppData", len=0x19 | out: pbstr=0x73e8c8*="C:\\Users\\OQXZRA~1\\AppData") returned 1 [0265.560] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData", nBufferLength=0x104, lpBuffer=0x73e154, lpFilePart=0x73e150 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData", lpFilePart=0x73e150*="AppData") returned 0x19 [0265.560] SysReAllocStringLen (in: pbstr=0x73e394*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e394*="C:") returned 1 [0265.560] SysReAllocStringLen (in: pbstr=0x73e350*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e350*="C:\\") returned 1 [0265.560] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0265.560] SysReAllocStringLen (in: pbstr=0x73e34c*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73e34c*="C:\\Users\\OQXZRA~1\\") returned 1 [0265.560] CharLowerBuffW (in: lpsz="C:\\Users\\OQXZRA~1\\", cchLength=0x12 | out: lpsz="c:\\users\\oqxzra~1\\") returned 0x12 [0265.560] SetLastError (dwErrCode=0x0) [0265.560] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\oqxzra~1\\", cchCount1=18, lpString2="c:\\", cchCount2=3) returned 3 [0265.560] GetLastError () returned 0x0 [0265.560] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1\\" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73e3b8 | out: lpFindFileData=0x73e3b8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x90b1f8, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x20001, ftLastWriteTime.dwHighDateTime=0x9248e8, nFileSizeHigh=0x924918, nFileSizeLow=0x90b1e8, dwReserved0=0x900000, dwReserved1=0x73e404, cFileName="s蚆矘\n", cAlternateFileName="䳄\x922")) returned 0xffffffff [0265.560] GetLastError () returned 0x2 [0265.560] SysReAllocStringLen (in: pbstr=0x73e38c*=0x0, psz="C:\\Users\\OQXZRA~1\\", len=0x12 | out: pbstr=0x73e38c*="C:\\Users\\OQXZRA~1\\") returned 1 [0265.560] SysReAllocStringLen (in: pbstr=0x73e610*="C:\\Users\\OQXZRA~1\\", psz="C:\\Users\\OQXZRA~1", len=0x11 | out: pbstr=0x73e610*="C:\\Users\\OQXZRA~1") returned 1 [0265.560] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1", nBufferLength=0x104, lpBuffer=0x73de9c, lpFilePart=0x73de98 | out: lpBuffer="C:\\Users\\OQXZRA~1", lpFilePart=0x73de98*="OQXZRA~1") returned 0x11 [0265.561] SysReAllocStringLen (in: pbstr=0x73e0dc*=0x0, psz="C:", len=0x2 | out: pbstr=0x73e0dc*="C:") returned 1 [0265.561] SysReAllocStringLen (in: pbstr=0x73e098*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73e098*="C:\\") returned 1 [0265.561] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0265.561] SysReAllocStringLen (in: pbstr=0x73e094*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e094*="C:\\Users\\") returned 1 [0265.561] CharLowerBuffW (in: lpsz="C:\\Users\\", cchLength=0x9 | out: lpsz="c:\\users\\") returned 0x9 [0265.561] SetLastError (dwErrCode=0x0) [0265.561] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\users\\", cchCount1=9, lpString2="c:\\", cchCount2=3) returned 3 [0265.561] GetLastError () returned 0x0 [0265.561] FindFirstFileW (in: lpFileName="C:\\Users\\" (normalized: "c:\\users"), lpFindFileData=0x73e100 | out: lpFindFileData=0x73e100*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x90b1f8, ftLastAccessTime.dwLowDateTime=0x4, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x2, ftLastWriteTime.dwHighDateTime=0x9248e8, nFileSizeHigh=0x924a38, nFileSizeLow=0x90b1e8, dwReserved0=0x900000, dwReserved1=0x73e14c, cFileName="s蚆矘\n", cAlternateFileName="䯬\x92\"")) returned 0xffffffff [0265.561] GetLastError () returned 0x2 [0265.561] SysReAllocStringLen (in: pbstr=0x73e0d4*=0x0, psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e0d4*="C:\\Users\\") returned 1 [0265.561] SysReAllocStringLen (in: pbstr=0x73e358*="C:\\Users\\", psz="C:\\Users", len=0x8 | out: pbstr=0x73e358*="C:\\Users") returned 1 [0265.561] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x104, lpBuffer=0x73dbe4, lpFilePart=0x73dbe0 | out: lpBuffer="C:\\Users", lpFilePart=0x73dbe0*="Users") returned 0x8 [0265.562] SysReAllocStringLen (in: pbstr=0x73de24*=0x0, psz="C:", len=0x2 | out: pbstr=0x73de24*="C:") returned 1 [0265.562] SysReAllocStringLen (in: pbstr=0x73dde0*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73dde0*="C:\\") returned 1 [0265.562] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0265.562] SysReAllocStringLen (in: pbstr=0x73dddc*=0x0, psz="C:\\", len=0x3 | out: pbstr=0x73dddc*="C:\\") returned 1 [0265.562] CharLowerBuffW (in: lpsz="C:\\", cchLength=0x3 | out: lpsz="c:\\") returned 0x3 [0265.562] SetLastError (dwErrCode=0x0) [0265.562] CompareStringW (Locale=0x400, dwCmpFlags=0x0, lpString1="c:\\", cchCount1=3, lpString2="c:\\", cchCount2=3) returned 2 [0265.562] GetLastError () returned 0x0 [0265.562] FindFirstFileW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), lpFindFileData=0x73de48 | out: lpFindFileData=0x73de48*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3a6eea36, ftCreationTime.dwHighDateTime=0x1d5acdd, ftLastAccessTime.dwLowDateTime=0x29a50bc2, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3280fb2b, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73de94, cFileName="Users", cAlternateFileName="")) returned 0x9605c0 [0265.562] FileTimeToLocalFileTime (in: lpFileTime=0x73de5c, lpLocalFileTime=0x73ddcc | out: lpLocalFileTime=0x73ddcc) returned 1 [0265.562] FileTimeToDosDateTime (in: lpFileTime=0x73ddcc, lpFatDate=0x73de2a, lpFatTime=0x73de28 | out: lpFatDate=0x73de2a, lpFatTime=0x73de28) returned 1 [0265.562] FindClose (in: hFindFile=0x9605c0 | out: hFindFile=0x9605c0) returned 1 [0265.563] SysReAllocStringLen (in: pbstr=0x73e358*="C:\\Users", psz="C:\\Users", len=0x8 | out: pbstr=0x73e358*="C:\\Users") returned 1 [0265.563] SysReAllocStringLen (in: pbstr=0x73e0cc*=0x0, psz="C:\\Users", len=0x8 | out: pbstr=0x73e0cc*="C:\\Users") returned 1 [0265.563] SysReAllocStringLen (in: pbstr=0x73e358*="C:\\Users", psz="C:\\Users\\", len=0x9 | out: pbstr=0x73e358*="C:\\Users\\") returned 1 [0265.563] FindFirstFileW (in: lpFileName="C:\\Users\\OQXZRA~1" (normalized: "c:\\users\\oqxzraykm"), lpFindFileData=0x73e100 | out: lpFindFileData=0x73e100*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3280fb2b, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29c66c9e, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xbbb64156, ftLastWriteTime.dwHighDateTime=0x1d94212, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73e14c, cFileName="OqXZRaykm", cAlternateFileName="OQXZRA~1")) returned 0x960b40 [0265.563] FileTimeToLocalFileTime (in: lpFileTime=0x73e114, lpLocalFileTime=0x73e084 | out: lpLocalFileTime=0x73e084) returned 1 [0265.563] FileTimeToDosDateTime (in: lpFileTime=0x73e084, lpFatDate=0x73e0e2, lpFatTime=0x73e0e0 | out: lpFatDate=0x73e0e2, lpFatTime=0x73e0e0) returned 1 [0265.563] FindClose (in: hFindFile=0x960b40 | out: hFindFile=0x960b40) returned 1 [0265.564] SysReAllocStringLen (in: pbstr=0x73e610*="C:\\Users\\OQXZRA~1", psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73e610*="C:\\Users\\OqXZRaykm") returned 1 [0265.564] SysReAllocStringLen (in: pbstr=0x73e384*=0x0, psz="C:\\Users\\OqXZRaykm", len=0x12 | out: pbstr=0x73e384*="C:\\Users\\OqXZRaykm") returned 1 [0265.564] SysReAllocStringLen (in: pbstr=0x73e610*="C:\\Users\\OqXZRaykm", psz="C:\\Users\\OqXZRaykm\\", len=0x13 | out: pbstr=0x73e610*="C:\\Users\\OqXZRaykm\\") returned 1 [0265.564] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData" (normalized: "c:\\users\\oqxzraykm\\appdata"), lpFindFileData=0x73e3b8 | out: lpFindFileData=0x73e3b8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x328821b6, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x29de43c9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x3338908f, ftLastWriteTime.dwHighDateTime=0x1d94219, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73e404, cFileName="AppData", cAlternateFileName="")) returned 0x960980 [0265.564] FileTimeToLocalFileTime (in: lpFileTime=0x73e3cc, lpLocalFileTime=0x73e33c | out: lpLocalFileTime=0x73e33c) returned 1 [0265.564] FileTimeToDosDateTime (in: lpFileTime=0x73e33c, lpFatDate=0x73e39a, lpFatTime=0x73e398 | out: lpFatDate=0x73e39a, lpFatTime=0x73e398) returned 1 [0265.564] FindClose (in: hFindFile=0x960980 | out: hFindFile=0x960980) returned 1 [0265.564] SysReAllocStringLen (in: pbstr=0x73e8c8*="C:\\Users\\OQXZRA~1\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73e8c8*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0265.564] SysReAllocStringLen (in: pbstr=0x73e63c*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData", len=0x1a | out: pbstr=0x73e63c*="C:\\Users\\OqXZRaykm\\AppData") returned 1 [0265.565] SysReAllocStringLen (in: pbstr=0x73e8c8*="C:\\Users\\OqXZRaykm\\AppData", psz="C:\\Users\\OqXZRaykm\\AppData\\", len=0x1b | out: pbstr=0x73e8c8*="C:\\Users\\OqXZRaykm\\AppData\\") returned 1 [0265.565] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local" (normalized: "c:\\users\\oqxzraykm\\appdata\\local"), lpFindFileData=0x73e670 | out: lpFindFileData=0x73e670*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x2deab81f, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7e8773d3, ftLastWriteTime.dwHighDateTime=0x1d94215, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73e6bc, cFileName="Local", cAlternateFileName="")) returned 0x960a80 [0265.565] FileTimeToLocalFileTime (in: lpFileTime=0x73e684, lpLocalFileTime=0x73e5f4 | out: lpLocalFileTime=0x73e5f4) returned 1 [0265.565] FileTimeToDosDateTime (in: lpFileTime=0x73e5f4, lpFatDate=0x73e652, lpFatTime=0x73e650 | out: lpFatDate=0x73e652, lpFatTime=0x73e650) returned 1 [0265.565] FindClose (in: hFindFile=0x960a80 | out: hFindFile=0x960a80) returned 1 [0265.565] SysReAllocStringLen (in: pbstr=0x73eb80*="C:\\Users\\OQXZRA~1\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73eb80*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0265.565] SysReAllocStringLen (in: pbstr=0x73e8f4*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local", len=0x20 | out: pbstr=0x73e8f4*="C:\\Users\\OqXZRaykm\\AppData\\Local") returned 1 [0265.565] SysReAllocStringLen (in: pbstr=0x73eb80*="C:\\Users\\OqXZRaykm\\AppData\\Local", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\", len=0x21 | out: pbstr=0x73eb80*="C:\\Users\\OqXZRaykm\\AppData\\Local\\") returned 1 [0265.565] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp"), lpFindFileData=0x73e928 | out: lpFindFileData=0x73e928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x328a853a, ftCreationTime.dwHighDateTime=0x1d94219, ftLastAccessTime.dwLowDateTime=0x6d556de9, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d556de9, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x900000, dwReserved1=0x73e974, cFileName="Temp", cAlternateFileName="")) returned 0x9604c0 [0265.566] FileTimeToLocalFileTime (in: lpFileTime=0x73e93c, lpLocalFileTime=0x73e8ac | out: lpLocalFileTime=0x73e8ac) returned 1 [0265.566] FileTimeToDosDateTime (in: lpFileTime=0x73e8ac, lpFatDate=0x73e90a, lpFatTime=0x73e908 | out: lpFatDate=0x73e90a, lpFatTime=0x73e908) returned 1 [0265.566] FindClose (in: hFindFile=0x9604c0 | out: hFindFile=0x9604c0) returned 1 [0265.566] SysReAllocStringLen (in: pbstr=0x73ee38*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73ee38*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0265.566] SysReAllocStringLen (in: pbstr=0x73ebac*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", len=0x25 | out: pbstr=0x73ebac*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp") returned 1 [0265.566] SysReAllocStringLen (in: pbstr=0x73ee38*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\", len=0x26 | out: pbstr=0x73ee38*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\") returned 1 [0265.566] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1"), lpFindFileData=0x73ebe0 | out: lpFindFileData=0x73ebe0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6d556de9, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x6d7469be, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x6d7469be, ftLastWriteTime.dwHighDateTime=0x1da8806, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8, dwReserved1=0x942528, cFileName="RarSFX1", cAlternateFileName="")) returned 0x960c00 [0265.566] FileTimeToLocalFileTime (in: lpFileTime=0x73ebf4, lpLocalFileTime=0x73eb64 | out: lpLocalFileTime=0x73eb64) returned 1 [0265.566] FileTimeToDosDateTime (in: lpFileTime=0x73eb64, lpFatDate=0x73ebc2, lpFatTime=0x73ebc0 | out: lpFatDate=0x73ebc2, lpFatTime=0x73ebc0) returned 1 [0265.567] FindClose (in: hFindFile=0x960c00 | out: hFindFile=0x960c00) returned 1 [0265.567] SysReAllocStringLen (in: pbstr=0x73f0f0*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73f0f0*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0265.567] SysReAllocStringLen (in: pbstr=0x73ee64*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", len=0x2d | out: pbstr=0x73ee64*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1") returned 1 [0265.567] SysReAllocStringLen (in: pbstr=0x73f0f0*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\", len=0x2e | out: pbstr=0x73f0f0*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\") returned 1 [0265.567] FindFirstFileW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe"), lpFindFileData=0x73ee98 | out: lpFindFileData=0x73ee98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d7469be, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x6d805560, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xe5e7750c, ftLastWriteTime.dwHighDateTime=0x1da8528, nFileSizeHigh=0x0, nFileSizeLow=0x11bc00, dwReserved0=0x1e, dwReserved1=0x95af90, cFileName="gesf.exe", cAlternateFileName="")) returned 0x960500 [0265.567] FileTimeToLocalFileTime (in: lpFileTime=0x73eeac, lpLocalFileTime=0x73ee1c | out: lpLocalFileTime=0x73ee1c) returned 1 [0265.567] FileTimeToDosDateTime (in: lpFileTime=0x73ee1c, lpFatDate=0x73ee7a, lpFatTime=0x73ee78 | out: lpFatDate=0x73ee7a, lpFatTime=0x73ee78) returned 1 [0265.567] FindClose (in: hFindFile=0x960500 | out: hFindFile=0x960500) returned 1 [0265.568] SysReAllocStringLen (in: pbstr=0x73f168*="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x36 | out: pbstr=0x73f168*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0265.568] SysReAllocStringLen (in: pbstr=0x73f118*=0x0, psz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", len=0x36 | out: pbstr=0x73f118*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 1 [0265.568] CharLowerBuffW (in: lpsz="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", cchLength=0x36 | out: lpsz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe") returned 0x36 [0265.568] SysReAllocStringLen (in: pbstr=0x73f168*="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", psz="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe", len=0x36 | out: pbstr=0x73f168*="c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe") returned 1 [0265.568] GetCurrentThreadId () returned 0xfe0 [0265.568] ResetEvent (hEvent=0x1f4) returned 1 [0265.568] GetCurrentThreadId () returned 0xfe0 [0265.568] GetCurrentThreadId () returned 0xfe0 [0265.568] GetCurrentThreadId () returned 0xfe0 [0265.568] GetCurrentThreadId () returned 0xfe0 [0265.568] ResetEvent (hEvent=0x1f4) returned 1 [0265.645] GetCurrentThreadId () returned 0xfe0 [0265.645] GetCurrentThreadId () returned 0xfe0 [0265.645] SetEvent (hEvent=0x1f8) returned 1 [0265.645] SetEvent (hEvent=0x1f4) returned 1 [0265.645] SetLastError (dwErrCode=0x0) [0265.646] GetCurrentThreadId () returned 0xfe0 [0265.646] ResetEvent (hEvent=0x1f4) returned 1 [0265.646] GetCurrentThreadId () returned 0xfe0 [0265.646] GetCurrentThreadId () returned 0xfe0 [0265.646] GetCurrentThreadId () returned 0xfe0 [0265.646] GetCurrentThreadId () returned 0xfe0 [0265.646] ResetEvent (hEvent=0x1f4) returned 1 [0265.646] GetCurrentThreadId () returned 0xfe0 [0265.646] GetCurrentThreadId () returned 0xfe0 [0265.646] SetEvent (hEvent=0x1f8) returned 1 [0265.646] SetEvent (hEvent=0x1f4) returned 1 [0265.646] CloseHandle (hObject=0x368) returned 1 [0265.681] SysReAllocStringLen (in: pbstr=0x73f31c*=0x0, psz="ole32.dll", len=0x9 | out: pbstr=0x73f31c*="ole32.dll") returned 1 [0265.681] CharLowerBuffW (in: lpsz="ole32.dll", cchLength=0x9 | out: lpsz="ole32.dll") returned 0x9 [0265.681] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\ole32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0265.681] GetLastError () returned 0x7e [0265.681] SetLastError (dwErrCode=0x7e) [0265.682] SysReAllocStringLen (in: pbstr=0x73f31c*=0x0, psz="ole32.dll", len=0x9 | out: pbstr=0x73f31c*="ole32.dll") returned 1 [0265.682] CharLowerBuffW (in: lpsz="ole32.dll", cchLength=0x9 | out: lpsz="ole32.dll") returned 0x9 [0265.682] LoadLibraryExW (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x800) returned 0x77290000 [0265.827] GetLastError () returned 0x0 [0265.827] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0265.828] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0265.829] GetModuleFileNameA (in: hModule=0x77290000, lpFilename=0x73f200, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0265.829] GetCurrentProcess () returned 0xffffffff [0265.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f304*=0x7734d61c, NumberOfBytesToProtect=0x73f308, NewAccessProtection=0x4, OldAccessProtection=0x73f33c | out: BaseAddress=0x73f304*=0x7734d000, NumberOfBytesToProtect=0x73f308, OldAccessProtection=0x73f33c*=0x2) returned 0x0 [0265.829] GetCurrentProcess () returned 0xffffffff [0265.829] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f304*=0x7734d61c, NumberOfBytesToProtect=0x73f308, NewAccessProtection=0x2, OldAccessProtection=0x73f33c | out: BaseAddress=0x73f304*=0x7734d000, NumberOfBytesToProtect=0x73f308, OldAccessProtection=0x73f33c*=0x4) returned 0x0 [0265.830] GetCurrentProcess () returned 0xffffffff [0265.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f304*=0x7734d63c, NumberOfBytesToProtect=0x73f308, NewAccessProtection=0x4, OldAccessProtection=0x73f33c | out: BaseAddress=0x73f304*=0x7734d000, NumberOfBytesToProtect=0x73f308, OldAccessProtection=0x73f33c*=0x2) returned 0x0 [0265.830] GetCurrentProcess () returned 0xffffffff [0265.830] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f304*=0x7734d63c, NumberOfBytesToProtect=0x73f308, NewAccessProtection=0x2, OldAccessProtection=0x73f33c | out: BaseAddress=0x73f304*=0x7734d000, NumberOfBytesToProtect=0x73f308, OldAccessProtection=0x73f33c*=0x4) returned 0x0 [0265.831] SetLastError (dwErrCode=0x0) [0265.831] GetProcAddress (hModule=0x77290000, lpProcName="CoInitializeEx") returned 0x778901c0 [0265.832] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0265.845] SysReAllocStringLen (in: pbstr=0x73f320*=0x0, psz="api-ms-win-core-winrt-l1-1-0.dll", len=0x20 | out: pbstr=0x73f320*="api-ms-win-core-winrt-l1-1-0.dll") returned 1 [0265.845] CharLowerBuffW (in: lpsz="api-ms-win-core-winrt-l1-1-0.dll", cchLength=0x20 | out: lpsz="api-ms-win-core-winrt-l1-1-0.dll") returned 0x20 [0265.845] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\api-ms-win-core-winrt-l1-1-0.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0265.845] GetLastError () returned 0x7e [0265.845] SetLastError (dwErrCode=0x7e) [0265.846] SysReAllocStringLen (in: pbstr=0x73f320*=0x0, psz="api-ms-win-core-winrt-l1-1-0.dll", len=0x20 | out: pbstr=0x73f320*="api-ms-win-core-winrt-l1-1-0.dll") returned 1 [0265.846] CharLowerBuffW (in: lpsz="api-ms-win-core-winrt-l1-1-0.dll", cchLength=0x20 | out: lpsz="api-ms-win-core-winrt-l1-1-0.dll") returned 0x20 [0265.846] LoadLibraryExW (lpLibFileName="api-ms-win-core-winrt-l1-1-0.dll", hFile=0x0, dwFlags=0x800) returned 0x777e0000 [0265.846] GetLastError () returned 0x0 [0265.846] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0265.847] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0265.847] GetModuleFileNameA (in: hModule=0x777e0000, lpFilename=0x73f204, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0265.847] GetCurrentProcess () returned 0xffffffff [0265.847] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f308*=0x77a223c8, NumberOfBytesToProtect=0x73f30c, NewAccessProtection=0x4, OldAccessProtection=0x73f340 | out: BaseAddress=0x73f308*=0x77a22000, NumberOfBytesToProtect=0x73f30c, OldAccessProtection=0x73f340*=0x2) returned 0x0 [0265.847] GetCurrentProcess () returned 0xffffffff [0265.848] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f308*=0x77a223c8, NumberOfBytesToProtect=0x73f30c, NewAccessProtection=0x2, OldAccessProtection=0x73f340 | out: BaseAddress=0x73f308*=0x77a22000, NumberOfBytesToProtect=0x73f30c, OldAccessProtection=0x73f340*=0x4) returned 0x0 [0265.848] GetCurrentProcess () returned 0xffffffff [0265.848] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f308*=0x77a223d4, NumberOfBytesToProtect=0x73f30c, NewAccessProtection=0x4, OldAccessProtection=0x73f340 | out: BaseAddress=0x73f308*=0x77a22000, NumberOfBytesToProtect=0x73f30c, OldAccessProtection=0x73f340*=0x2) returned 0x0 [0265.848] GetCurrentProcess () returned 0xffffffff [0265.848] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73f308*=0x77a223d4, NumberOfBytesToProtect=0x73f30c, NewAccessProtection=0x2, OldAccessProtection=0x73f340 | out: BaseAddress=0x73f308*=0x77a22000, NumberOfBytesToProtect=0x73f30c, OldAccessProtection=0x73f340*=0x4) returned 0x0 [0265.849] SetLastError (dwErrCode=0x0) [0265.849] GetProcAddress (hModule=0x777e0000, lpProcName=0x6ff914f4) returned 0x778fca50 [0265.850] RoInitialize () returned 0x1 [0265.851] GetProcAddress (hModule=0x777e0000, lpProcName="RoUninitialize") returned 0x779137b0 [0265.851] RoUninitialize () returned 0x0 [0265.971] SysReAllocStringLen (in: pbstr=0x73ee2c*=0x0, psz="api-ms-win-core-xstate-l2-1-0.dll", len=0x21 | out: pbstr=0x73ee2c*="api-ms-win-core-xstate-l2-1-0.dll") returned 1 [0265.971] CharLowerBuffW (in: lpsz="api-ms-win-core-xstate-l2-1-0.dll", cchLength=0x21 | out: lpsz="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0265.972] LoadLibraryExW (lpLibFileName="api-ms-win-core-xstate-l2-1-0.dll", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0265.972] GetLastError () returned 0x0 [0265.972] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0265.972] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0265.972] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73ed10, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0265.973] SetLastError (dwErrCode=0x0) [0265.973] GetProcAddress (hModule=0x77580000, lpProcName="GetEnabledXStateFeatures") returned 0x776a9b70 [0265.974] SysReAllocStringLen (in: pbstr=0x73ec28*=0x0, psz="clrjit.dll", len=0xa | out: pbstr=0x73ec28*="clrjit.dll") returned 1 [0265.974] CharLowerBuffW (in: lpsz="clrjit.dll", cchLength=0xa | out: lpsz="clrjit.dll") returned 0xa [0265.974] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll", hFile=0x0, dwFlags=0x8) returned 0x6e2e0000 [0266.127] GetLastError () returned 0x0 [0266.200] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0266.201] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0266.201] GetModuleFileNameA (in: hModule=0x6e2e0000, lpFilename=0x73eb0c, nSize=0x105 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0266.293] GetCurrentProcess () returned 0xffffffff [0266.293] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73ec10*=0x6e35a018, NumberOfBytesToProtect=0x73ec14, NewAccessProtection=0x4, OldAccessProtection=0x73ec48 | out: BaseAddress=0x73ec10*=0x6e35a000, NumberOfBytesToProtect=0x73ec14, OldAccessProtection=0x73ec48*=0x2) returned 0x0 [0266.293] GetCurrentProcess () returned 0xffffffff [0266.293] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73ec10*=0x6e35a018, NumberOfBytesToProtect=0x73ec14, NewAccessProtection=0x2, OldAccessProtection=0x73ec48 | out: BaseAddress=0x73ec10*=0x6e35a000, NumberOfBytesToProtect=0x73ec14, OldAccessProtection=0x73ec48*=0x4) returned 0x0 [0266.294] GetCurrentProcess () returned 0xffffffff [0266.294] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73ec10*=0x6e35a030, NumberOfBytesToProtect=0x73ec14, NewAccessProtection=0x4, OldAccessProtection=0x73ec48 | out: BaseAddress=0x73ec10*=0x6e35a000, NumberOfBytesToProtect=0x73ec14, OldAccessProtection=0x73ec48*=0x2) returned 0x0 [0266.294] GetCurrentProcess () returned 0xffffffff [0266.294] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73ec10*=0x6e35a030, NumberOfBytesToProtect=0x73ec14, NewAccessProtection=0x2, OldAccessProtection=0x73ec48 | out: BaseAddress=0x73ec10*=0x6e35a000, NumberOfBytesToProtect=0x73ec14, OldAccessProtection=0x73ec48*=0x4) returned 0x0 [0266.295] GetCurrentProcess () returned 0xffffffff [0266.295] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73ec10*=0x6e35a034, NumberOfBytesToProtect=0x73ec14, NewAccessProtection=0x4, OldAccessProtection=0x73ec48 | out: BaseAddress=0x73ec10*=0x6e35a000, NumberOfBytesToProtect=0x73ec14, OldAccessProtection=0x73ec48*=0x2) returned 0x0 [0266.295] GetCurrentProcess () returned 0xffffffff [0266.295] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73ec10*=0x6e35a034, NumberOfBytesToProtect=0x73ec14, NewAccessProtection=0x2, OldAccessProtection=0x73ec48 | out: BaseAddress=0x73ec10*=0x6e35a000, NumberOfBytesToProtect=0x73ec14, OldAccessProtection=0x73ec48*=0x4) returned 0x0 [0266.296] GetCurrentProcess () returned 0xffffffff [0266.296] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73ec10*=0x6e35a058, NumberOfBytesToProtect=0x73ec14, NewAccessProtection=0x4, OldAccessProtection=0x73ec48 | out: BaseAddress=0x73ec10*=0x6e35a000, NumberOfBytesToProtect=0x73ec14, OldAccessProtection=0x73ec48*=0x2) returned 0x0 [0266.296] GetCurrentProcess () returned 0xffffffff [0266.296] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73ec10*=0x6e35a058, NumberOfBytesToProtect=0x73ec14, NewAccessProtection=0x2, OldAccessProtection=0x73ec48 | out: BaseAddress=0x73ec10*=0x6e35a000, NumberOfBytesToProtect=0x73ec14, OldAccessProtection=0x73ec48*=0x4) returned 0x0 [0266.296] SetLastError (dwErrCode=0x0) [0266.297] GetProcAddress (hModule=0x6e2e0000, lpProcName="sxsJitStartup") returned 0x6e3382e0 [0266.297] GetProcAddress (hModule=0x6e2e0000, lpProcName="jitStartup") returned 0x0 [0266.298] GetProcAddress (hModule=0x6e2e0000, lpProcName="getJit") returned 0x6e3377f0 [0266.431] GetProcAddress (hModule=0x700a0000, lpProcName="GetProcessExecutableHeap") returned 0x700b1fa0 [0266.432] GetProcAddress (hModule=0x70000000, lpProcName="GetProcessExecutableHeap_RetAddr") returned 0x0 [0266.432] GetProcAddress (hModule=0x70000000, lpProcName="GetProcessExecutableHeap") returned 0x70001e60 [0266.503] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0266.503] GetLastError () returned 0x0 [0266.530] SysReAllocStringLen (in: pbstr=0x73b468*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x73b468*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0266.530] GetThreadLocale () returned 0x409 [0266.530] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0266.530] GetThreadLocale () returned 0x409 [0266.530] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0266.530] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x104, lpBuffer=0x73b1ec, lpFilePart=0x73b1e8 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x73b1e8*="machine.config") returned 0x43 [0266.531] SysReAllocStringLen (in: pbstr=0x73b468*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x73b468*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0266.531] SysReAllocStringLen (in: pbstr=0x73b418*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x73b418*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0266.531] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchLength=0x43 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 0x43 [0266.531] SysReAllocStringLen (in: pbstr=0x73b468*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x73b468*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 1 [0266.531] SetLastError (dwErrCode=0x0) [0266.532] GetCurrentThreadId () returned 0xfe0 [0266.532] GetCurrentThreadId () returned 0xfe0 [0266.532] GetCurrentThreadId () returned 0xfe0 [0266.532] GetCurrentThreadId () returned 0xfe0 [0266.532] GetCurrentThreadId () returned 0xfe0 [0266.532] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0266.532] GetCurrentThreadId () returned 0xfe0 [0266.532] GetCurrentThreadId () returned 0xfe0 [0266.532] GetCurrentThreadId () returned 0xfe0 [0266.532] SetEvent (hEvent=0x1f8) returned 1 [0266.532] ReadFile (in: hFile=0x3bc, lpBuffer=0x970dd0, nNumberOfBytesToRead=0xfff, lpNumberOfBytesRead=0x73b3cc, lpOverlapped=0x0 | out: lpBuffer=0x970dd0*, lpNumberOfBytesRead=0x73b3cc*=0xfff, lpOverlapped=0x0) returned 1 [0266.536] GetCurrentThreadId () returned 0xfe0 [0266.536] GetCurrentThreadId () returned 0xfe0 [0266.536] GetCurrentThreadId () returned 0xfe0 [0266.536] GetCurrentThreadId () returned 0xfe0 [0266.536] GetCurrentThreadId () returned 0xfe0 [0266.536] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0266.536] GetCurrentThreadId () returned 0xfe0 [0266.536] GetCurrentThreadId () returned 0xfe0 [0266.536] GetCurrentThreadId () returned 0xfe0 [0266.536] SetEvent (hEvent=0x1f8) returned 1 [0266.537] ReadFile (in: hFile=0x3bc, lpBuffer=0x976318, nNumberOfBytesToRead=0x17f7, lpNumberOfBytesRead=0x73b3b4, lpOverlapped=0x0 | out: lpBuffer=0x976318*, lpNumberOfBytesRead=0x73b3b4*=0x17f7, lpOverlapped=0x0) returned 1 [0266.539] GetCurrentThreadId () returned 0xfe0 [0266.539] GetCurrentThreadId () returned 0xfe0 [0266.539] GetCurrentThreadId () returned 0xfe0 [0266.539] GetCurrentThreadId () returned 0xfe0 [0266.539] GetCurrentThreadId () returned 0xfe0 [0266.539] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0266.539] GetCurrentThreadId () returned 0xfe0 [0266.539] GetCurrentThreadId () returned 0xfe0 [0266.539] GetCurrentThreadId () returned 0xfe0 [0266.539] SetEvent (hEvent=0x1f8) returned 1 [0266.539] ReadFile (in: hFile=0x3bc, lpBuffer=0x976318, nNumberOfBytesToRead=0x1001, lpNumberOfBytesRead=0x73b3c4, lpOverlapped=0x0 | out: lpBuffer=0x976318*, lpNumberOfBytesRead=0x73b3c4*=0x1001, lpOverlapped=0x0) returned 1 [0266.541] GetCurrentThreadId () returned 0xfe0 [0266.541] GetCurrentThreadId () returned 0xfe0 [0266.541] GetCurrentThreadId () returned 0xfe0 [0266.541] GetCurrentThreadId () returned 0xfe0 [0266.541] GetCurrentThreadId () returned 0xfe0 [0266.541] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0266.541] GetCurrentThreadId () returned 0xfe0 [0266.541] GetCurrentThreadId () returned 0xfe0 [0266.541] GetCurrentThreadId () returned 0xfe0 [0266.541] SetEvent (hEvent=0x1f8) returned 1 [0266.541] ReadFile (in: hFile=0x3bc, lpBuffer=0x976318, nNumberOfBytesToRead=0x1002, lpNumberOfBytesRead=0x73b3c4, lpOverlapped=0x0 | out: lpBuffer=0x976318*, lpNumberOfBytesRead=0x73b3c4*=0x1002, lpOverlapped=0x0) returned 1 [0266.543] GetCurrentThreadId () returned 0xfe0 [0266.543] GetCurrentThreadId () returned 0xfe0 [0266.543] GetCurrentThreadId () returned 0xfe0 [0266.543] GetCurrentThreadId () returned 0xfe0 [0266.543] GetCurrentThreadId () returned 0xfe0 [0266.543] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0266.543] GetCurrentThreadId () returned 0xfe0 [0266.543] GetCurrentThreadId () returned 0xfe0 [0266.543] GetCurrentThreadId () returned 0xfe0 [0266.543] SetEvent (hEvent=0x1f8) returned 1 [0266.544] ReadFile (in: hFile=0x3bc, lpBuffer=0x96edc8, nNumberOfBytesToRead=0x1f28, lpNumberOfBytesRead=0x73b3b8, lpOverlapped=0x0 | out: lpBuffer=0x96edc8*, lpNumberOfBytesRead=0x73b3b8*=0x1f28, lpOverlapped=0x0) returned 1 [0266.547] GetCurrentThreadId () returned 0xfe0 [0266.547] ResetEvent (hEvent=0x1f4) returned 1 [0266.547] GetCurrentThreadId () returned 0xfe0 [0266.547] GetCurrentThreadId () returned 0xfe0 [0266.547] GetCurrentThreadId () returned 0xfe0 [0266.547] GetCurrentThreadId () returned 0xfe0 [0266.547] ResetEvent (hEvent=0x1f4) returned 1 [0266.547] GetCurrentThreadId () returned 0xfe0 [0266.547] GetCurrentThreadId () returned 0xfe0 [0266.547] SetEvent (hEvent=0x1f8) returned 1 [0266.547] SetEvent (hEvent=0x1f4) returned 1 [0266.547] CloseHandle (hObject=0x3bc) returned 1 [0266.552] SysReAllocStringLen (in: pbstr=0x73b3ac*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73b3ac*="kernel32.dll") returned 1 [0266.552] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0266.553] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0266.555] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0266.559] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\77d580262e90f1a2bf25b9b1b608c6e6\\system.core.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c0 [0266.559] GetLastError () returned 0x0 [0266.559] SysReAllocStringLen (in: pbstr=0x73aef4*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux", len=0x72 | out: pbstr=0x73aef4*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux") returned 1 [0266.560] GetThreadLocale () returned 0x409 [0266.560] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0266.560] GetThreadLocale () returned 0x409 [0266.560] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0266.560] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x73ac78, lpFilePart=0x73ac74 | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux", lpFilePart=0x73ac74*="System.Core.ni.dll.aux") returned 0x72 [0266.560] SysReAllocStringLen (in: pbstr=0x73aef4*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux", len=0x72 | out: pbstr=0x73aef4*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux") returned 1 [0266.560] SysReAllocStringLen (in: pbstr=0x73aea4*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux", len=0x72 | out: pbstr=0x73aea4*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux") returned 1 [0266.560] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux", cchLength=0x72 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\77d580262e90f1a2bf25b9b1b608c6e6\\system.core.ni.dll.aux") returned 0x72 [0266.560] SysReAllocStringLen (in: pbstr=0x73aef4*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\77d580262e90f1a2bf25b9b1b608c6e6\\system.core.ni.dll.aux", len=0x72 | out: pbstr=0x73aef4*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\77d580262e90f1a2bf25b9b1b608c6e6\\system.core.ni.dll.aux") returned 1 [0266.560] SetLastError (dwErrCode=0x0) [0266.560] GetCurrentThreadId () returned 0xfe0 [0266.560] GetCurrentThreadId () returned 0xfe0 [0266.560] GetCurrentThreadId () returned 0xfe0 [0266.560] GetCurrentThreadId () returned 0xfe0 [0266.560] GetCurrentThreadId () returned 0xfe0 [0266.560] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0266.560] GetCurrentThreadId () returned 0xfe0 [0266.560] GetCurrentThreadId () returned 0xfe0 [0266.560] GetCurrentThreadId () returned 0xfe0 [0266.560] SetEvent (hEvent=0x1f8) returned 1 [0266.560] GetFileSize (in: hFile=0x3c0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x384 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] SetEvent (hEvent=0x1f8) returned 1 [0266.561] ReadFile (in: hFile=0x3c0, lpBuffer=0x970c90, nNumberOfBytesToRead=0x384, lpNumberOfBytesRead=0x73afa8, lpOverlapped=0x0 | out: lpBuffer=0x970c90*, lpNumberOfBytesRead=0x73afa8*=0x384, lpOverlapped=0x0) returned 1 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] ResetEvent (hEvent=0x1f4) returned 1 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] ResetEvent (hEvent=0x1f4) returned 1 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] GetCurrentThreadId () returned 0xfe0 [0266.561] SetEvent (hEvent=0x1f8) returned 1 [0266.561] SetEvent (hEvent=0x1f4) returned 1 [0266.561] CloseHandle (hObject=0x3c0) returned 1 [0266.590] SysReAllocStringLen (in: pbstr=0x739dd4*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x739dd4*="kernel32.dll") returned 1 [0266.590] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0266.591] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0266.593] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0266.594] GetCurrentThreadId () returned 0xfe0 [0266.594] ResetEvent (hEvent=0x1f4) returned 1 [0266.594] GetCurrentThreadId () returned 0xfe0 [0266.594] GetCurrentThreadId () returned 0xfe0 [0266.594] GetCurrentThreadId () returned 0xfe0 [0266.594] GetCurrentThreadId () returned 0xfe0 [0266.594] ResetEvent (hEvent=0x1f4) returned 1 [0266.594] GetCurrentThreadId () returned 0xfe0 [0266.594] GetCurrentThreadId () returned 0xfe0 [0266.594] SetEvent (hEvent=0x1f8) returned 1 [0266.594] SetEvent (hEvent=0x1f4) returned 1 [0266.594] CloseHandle (hObject=0x3c0) returned 1 [0266.597] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\dad683d51ebee37f8c55ac9c2f867e12\\system.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4 [0266.597] GetLastError () returned 0x0 [0266.597] SysReAllocStringLen (in: pbstr=0x73a5ac*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux", len=0x68 | out: pbstr=0x73a5ac*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux") returned 1 [0266.597] GetThreadLocale () returned 0x409 [0266.597] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0266.597] GetThreadLocale () returned 0x409 [0266.597] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0266.597] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x73a330, lpFilePart=0x73a32c | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux", lpFilePart=0x73a32c*="System.ni.dll.aux") returned 0x68 [0266.597] SysReAllocStringLen (in: pbstr=0x73a5ac*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux", len=0x68 | out: pbstr=0x73a5ac*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux") returned 1 [0266.597] SysReAllocStringLen (in: pbstr=0x73a55c*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux", len=0x68 | out: pbstr=0x73a55c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux") returned 1 [0266.597] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux", cchLength=0x68 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\dad683d51ebee37f8c55ac9c2f867e12\\system.ni.dll.aux") returned 0x68 [0266.597] SysReAllocStringLen (in: pbstr=0x73a5ac*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\dad683d51ebee37f8c55ac9c2f867e12\\system.ni.dll.aux", len=0x68 | out: pbstr=0x73a5ac*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\dad683d51ebee37f8c55ac9c2f867e12\\system.ni.dll.aux") returned 1 [0266.598] SetLastError (dwErrCode=0x0) [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] SetEvent (hEvent=0x1f8) returned 1 [0266.598] GetFileSize (in: hFile=0x3c4, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x26c [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] SetEvent (hEvent=0x1f8) returned 1 [0266.598] ReadFile (in: hFile=0x3c4, lpBuffer=0x974ce8, nNumberOfBytesToRead=0x26c, lpNumberOfBytesRead=0x73a660, lpOverlapped=0x0 | out: lpBuffer=0x974ce8*, lpNumberOfBytesRead=0x73a660*=0x26c, lpOverlapped=0x0) returned 1 [0266.598] GetCurrentThreadId () returned 0xfe0 [0266.598] ResetEvent (hEvent=0x1f4) returned 1 [0266.599] GetCurrentThreadId () returned 0xfe0 [0266.599] GetCurrentThreadId () returned 0xfe0 [0266.599] GetCurrentThreadId () returned 0xfe0 [0266.599] GetCurrentThreadId () returned 0xfe0 [0266.599] ResetEvent (hEvent=0x1f4) returned 1 [0266.599] GetCurrentThreadId () returned 0xfe0 [0266.599] GetCurrentThreadId () returned 0xfe0 [0266.599] SetEvent (hEvent=0x1f8) returned 1 [0266.599] SetEvent (hEvent=0x1f4) returned 1 [0266.599] CloseHandle (hObject=0x3c4) returned 1 [0266.613] SysReAllocStringLen (in: pbstr=0x739474*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x739474*="kernel32.dll") returned 1 [0266.613] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0266.613] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0266.616] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0266.617] GetCurrentThreadId () returned 0xfe0 [0266.617] ResetEvent (hEvent=0x1f4) returned 1 [0266.617] GetCurrentThreadId () returned 0xfe0 [0266.617] GetCurrentThreadId () returned 0xfe0 [0266.617] GetCurrentThreadId () returned 0xfe0 [0266.617] GetCurrentThreadId () returned 0xfe0 [0266.617] ResetEvent (hEvent=0x1f4) returned 1 [0266.617] GetCurrentThreadId () returned 0xfe0 [0266.617] GetCurrentThreadId () returned 0xfe0 [0266.617] SetEvent (hEvent=0x1f8) returned 1 [0266.617] SetEvent (hEvent=0x1f4) returned 1 [0266.617] CloseHandle (hObject=0x3c4) returned 1 [0266.631] SysReAllocStringLen (in: pbstr=0x739474*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x739474*="kernel32.dll") returned 1 [0266.631] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0266.632] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0266.634] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0266.637] GetCurrentThreadId () returned 0xfe0 [0266.637] ResetEvent (hEvent=0x1f4) returned 1 [0266.637] GetCurrentThreadId () returned 0xfe0 [0266.637] GetCurrentThreadId () returned 0xfe0 [0266.637] GetCurrentThreadId () returned 0xfe0 [0266.637] GetCurrentThreadId () returned 0xfe0 [0266.637] ResetEvent (hEvent=0x1f4) returned 1 [0266.637] GetCurrentThreadId () returned 0xfe0 [0266.637] GetCurrentThreadId () returned 0xfe0 [0266.637] SetEvent (hEvent=0x1f8) returned 1 [0266.637] SetEvent (hEvent=0x1f4) returned 1 [0266.637] CloseHandle (hObject=0x3c4) returned 1 [0266.639] SysReAllocStringLen (in: pbstr=0x739b74*=0x0, psz="System.ni.dll", len=0xd | out: pbstr=0x739b74*="System.ni.dll") returned 1 [0266.639] CharLowerBuffW (in: lpsz="System.ni.dll", cchLength=0xd | out: lpsz="system.ni.dll") returned 0xd [0266.639] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\dad683d51ebee37f8c55ac9c2f867e12\\System.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x6d880000 [0266.689] GetLastError () returned 0x0 [0266.689] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0266.689] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0266.689] SetLastError (dwErrCode=0x0) [0266.709] SysReAllocStringLen (in: pbstr=0x739dbc*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x739dbc*="kernel32.dll") returned 1 [0266.709] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0266.709] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0266.712] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0266.713] GetCurrentThreadId () returned 0xfe0 [0266.713] ResetEvent (hEvent=0x1f4) returned 1 [0266.713] GetCurrentThreadId () returned 0xfe0 [0266.713] GetCurrentThreadId () returned 0xfe0 [0266.713] GetCurrentThreadId () returned 0xfe0 [0266.713] GetCurrentThreadId () returned 0xfe0 [0266.713] ResetEvent (hEvent=0x1f4) returned 1 [0266.713] GetCurrentThreadId () returned 0xfe0 [0266.713] GetCurrentThreadId () returned 0xfe0 [0266.724] SetEvent (hEvent=0x1f8) returned 1 [0266.724] SetEvent (hEvent=0x1f4) returned 1 [0266.724] CloseHandle (hObject=0x3c0) returned 1 [0266.740] SysReAllocStringLen (in: pbstr=0x739dbc*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x739dbc*="kernel32.dll") returned 1 [0266.740] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0266.740] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0266.743] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0266.744] ResetEvent (hEvent=0x1f4) returned 1 [0266.744] GetCurrentThreadId () returned 0xfe0 [0266.745] GetCurrentThreadId () returned 0xfe0 [0266.745] GetCurrentThreadId () returned 0xfe0 [0266.745] GetCurrentThreadId () returned 0xfe0 [0266.745] ResetEvent (hEvent=0x1f4) returned 1 [0266.745] GetCurrentThreadId () returned 0xfe0 [0266.745] GetCurrentThreadId () returned 0xfe0 [0266.746] SetEvent (hEvent=0x1f8) returned 1 [0266.746] SetEvent (hEvent=0x1f4) returned 1 [0266.746] CloseHandle (hObject=0x3c0) returned 1 [0266.750] SysReAllocStringLen (in: pbstr=0x73a4bc*=0x0, psz="System.Core.ni.dll", len=0x12 | out: pbstr=0x73a4bc*="System.Core.ni.dll") returned 1 [0266.750] CharLowerBuffW (in: lpsz="System.Core.ni.dll", cchLength=0x12 | out: lpsz="system.core.ni.dll") returned 0x12 [0266.750] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\77d580262e90f1a2bf25b9b1b608c6e6\\System.Core.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x6d060000 [0266.781] GetLastError () returned 0x0 [0266.781] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0266.782] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0266.782] SetLastError (dwErrCode=0x0) [0267.391] SysReAllocStringLen (in: pbstr=0x73df08*=0x0, psz="advapi32.dll", len=0xc | out: pbstr=0x73df08*="advapi32.dll") returned 1 [0267.391] CharLowerBuffW (in: lpsz="advapi32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0267.391] LoadLibraryExW (lpLibFileName="advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ff0000 [0267.392] GetLastError () returned 0x0 [0267.392] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0267.392] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0267.392] GetModuleFileNameA (in: hModule=0x75ff0000, lpFilename=0x73ddec, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0267.392] GetCurrentProcess () returned 0xffffffff [0267.392] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c28c, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x4, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x2) returned 0x0 [0267.393] GetCurrentProcess () returned 0xffffffff [0267.393] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c28c, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x2, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x4) returned 0x0 [0267.393] GetCurrentProcess () returned 0xffffffff [0267.393] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c294, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x4, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x2) returned 0x0 [0267.394] GetCurrentProcess () returned 0xffffffff [0267.394] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c294, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x2, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x4) returned 0x0 [0267.394] GetCurrentProcess () returned 0xffffffff [0267.394] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c01c, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x4, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x2) returned 0x0 [0267.394] GetCurrentProcess () returned 0xffffffff [0267.394] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c01c, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x2, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x4) returned 0x0 [0267.395] GetCurrentProcess () returned 0xffffffff [0267.395] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c020, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x4, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x2) returned 0x0 [0267.395] GetCurrentProcess () returned 0xffffffff [0267.395] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c020, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x2, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x4) returned 0x0 [0267.395] GetCurrentProcess () returned 0xffffffff [0267.395] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c02c, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x4, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x2) returned 0x0 [0267.396] GetCurrentProcess () returned 0xffffffff [0267.396] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c02c, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x2, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x4) returned 0x0 [0267.396] GetCurrentProcess () returned 0xffffffff [0267.396] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c048, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x4, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x2) returned 0x0 [0267.397] GetCurrentProcess () returned 0xffffffff [0267.397] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c048, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x2, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x4) returned 0x0 [0267.397] GetCurrentProcess () returned 0xffffffff [0267.397] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c074, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x4, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x2) returned 0x0 [0267.397] GetCurrentProcess () returned 0xffffffff [0267.397] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c074, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x2, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x4) returned 0x0 [0267.398] GetCurrentProcess () returned 0xffffffff [0267.398] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c0dc, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x4, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x2) returned 0x0 [0267.398] GetCurrentProcess () returned 0xffffffff [0267.398] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c0dc, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x2, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x4) returned 0x0 [0267.398] GetCurrentProcess () returned 0xffffffff [0267.398] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c0e0, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x4, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x2) returned 0x0 [0267.399] GetCurrentProcess () returned 0xffffffff [0267.399] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c0e0, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x2, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x4) returned 0x0 [0267.399] GetCurrentProcess () returned 0xffffffff [0267.399] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c0f8, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x4, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x2) returned 0x0 [0267.400] GetCurrentProcess () returned 0xffffffff [0267.400] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c0f8, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x2, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x4) returned 0x0 [0267.400] GetCurrentProcess () returned 0xffffffff [0267.400] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c124, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x4, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x2) returned 0x0 [0267.400] GetCurrentProcess () returned 0xffffffff [0267.400] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73def0*=0x7605c124, NumberOfBytesToProtect=0x73def4, NewAccessProtection=0x2, OldAccessProtection=0x73df28 | out: BaseAddress=0x73def0*=0x7605c000, NumberOfBytesToProtect=0x73def4, OldAccessProtection=0x73df28*=0x4) returned 0x0 [0267.401] SetLastError (dwErrCode=0x0) [0267.402] GetProcAddress (hModule=0x75ff0000, lpProcName="RegCloseKey") returned 0x7600e010 [0267.407] SysReAllocStringLen (in: pbstr=0x73e7ec*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73e7ec*="kernel32") returned 1 [0267.407] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0267.408] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0267.410] GetProcAddress (hModule=0x75ce0000, lpProcName="GetLocaleInfoEx") returned 0x75d00bc0 [0267.411] SysReAllocStringLen (in: pbstr=0x73e7ec*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73e7ec*="kernel32") returned 1 [0267.411] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0267.411] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0267.413] GetProcAddress (hModule=0x75ce0000, lpProcName="LocaleNameToLCID") returned 0x75d01d60 [0267.416] SysReAllocStringLen (in: pbstr=0x73eb28*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73eb28*="kernel32") returned 1 [0267.416] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0267.416] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0267.515] GetProcAddress (hModule=0x75ce0000, lpProcName="GetUserDefaultLocaleName") returned 0x75d020c0 [0267.517] SysReAllocStringLen (in: pbstr=0x73ea44*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73ea44*="kernel32") returned 1 [0267.518] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0267.518] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0267.520] GetProcAddress (hModule=0x75ce0000, lpProcName="LCIDToLocaleName") returned 0x75d01e20 [0267.522] SysReAllocStringLen (in: pbstr=0x73eb04*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73eb04*="kernel32") returned 1 [0267.522] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0267.522] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0267.524] GetProcAddress (hModule=0x75ce0000, lpProcName="GetUserPreferredUILanguages") returned 0x75cf9340 [0267.525] SysReAllocStringLen (in: pbstr=0x73f22c*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73f22c*="kernel32") returned 1 [0267.525] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0267.525] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0267.526] GetProcAddress (hModule=0x75ce0000, lpProcName="LCMapStringEx") returned 0x75cf87a0 [0267.527] SysReAllocStringLen (in: pbstr=0x73f1f4*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73f1f4*="kernel32") returned 1 [0267.527] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0267.527] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0267.528] GetProcAddress (hModule=0x75ce0000, lpProcName="FindNLSStringEx") returned 0x75cf8f80 [0267.528] GetProcAddress (hModule=0x75ff0000, lpProcName="RegOpenKeyEx") returned 0x0 [0267.529] GetProcAddress (hModule=0x75ff0000, lpProcName="RegOpenKeyExW") returned 0x7600dea0 [0267.529] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3bc) returned 0x0 [0267.530] GetProcAddress (hModule=0x75ff0000, lpProcName="RegQueryInfoKey") returned 0x0 [0267.531] GetProcAddress (hModule=0x75ff0000, lpProcName="RegQueryInfoKeyW") returned 0x7600dff0 [0267.531] RegQueryInfoKeyW (in: hKey=0x3bc, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x73f3b8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x73f3b4, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x73f3b8*=0x2c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x73f3b4*=0x0, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.531] GetProcAddress (hModule=0x75ff0000, lpProcName="RegEnumKeyEx") returned 0x0 [0267.531] GetProcAddress (hModule=0x75ff0000, lpProcName="RegEnumKeyExW") returned 0x7600dfc0 [0267.532] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x0, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="AddressBook", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.532] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x1, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Connection Manager", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.532] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x2, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DirectDrawEx", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.532] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x3, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="DXM_Runtime", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.532] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x4, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Fontcore", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.532] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x5, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE40", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.532] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x6, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE4Data", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.532] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x7, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IE5BAKEX", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.533] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x8, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="IEData", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.533] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x9, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Microsoft Edge Update", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.533] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0xa, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MobileOptionPack", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.533] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0xb, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MPlayer2", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.533] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0xc, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="SchedulingAgent", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.533] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0xd, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="WIC", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.533] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0xe, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{050d4fc8-5d48-4b8f-8972-47c82c46020f}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.533] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0xf, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.533] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x10, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.533] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x11, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.533] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x12, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.534] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x13, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.534] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x14, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.534] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x15, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.534] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x16, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{26A24AE4-039D-4CA4-87B4-2F32180361F0}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.534] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x17, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.534] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x18, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{4A03706F-666A-4037-7777-5F2748764D10}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.534] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x19, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.534] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x1a, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.534] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x1b, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.534] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x1c, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{AB1BDF73-7393-42CE-812D-9A90918814D5}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.535] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x1d, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.535] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x1e, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{ACCDCF8C-7ADF-3949-BDCB-FAA3E4D02A80}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.535] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x1f, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{B175520C-86A2-35A7-8619-86DC379688B9}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.535] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x20, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.535] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x21, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.535] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x22, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.535] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x23, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{d4cecf3b-b68f-4995-8840-52ea0fab646e}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.535] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x24, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.535] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x25, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.535] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x26, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.535] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x27, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.536] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x28, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.536] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x29, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.536] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x2a, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.536] RegEnumKeyExW (in: hKey=0x3bc, dwIndex=0x2b, lpName=0x2f3460c, lpcchName=0x73f3d4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", lpcchName=0x73f3d4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0267.536] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="AddressBook", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.537] GetProcAddress (hModule=0x75ff0000, lpProcName="RegQueryValueEx") returned 0x0 [0267.537] GetProcAddress (hModule=0x75ff0000, lpProcName="RegQueryValueExW") returned 0x7600ddd0 [0267.537] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.537] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.538] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.538] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Connection Manager", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.538] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.538] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.538] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.539] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="DirectDrawEx", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.539] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.539] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.539] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.540] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="DXM_Runtime", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.540] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.540] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.540] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.540] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Fontcore", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.541] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.541] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.541] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.541] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="IE40", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.541] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.542] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.542] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.543] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="IE4Data", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.543] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.543] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.543] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.544] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="IE5BAKEX", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.544] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.544] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.544] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.544] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="IEData", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.545] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.545] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.545] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.545] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="Microsoft Edge Update", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.545] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x2c) returned 0x0 [0267.546] GetProcAddress (hModule=0x75ff0000, lpProcName="RegQueryValueEx") returned 0x0 [0267.546] GetProcAddress (hModule=0x75ff0000, lpProcName="RegQueryValueExW") returned 0x7600ddd0 [0267.546] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f364e0, lpcbData=0x73f3ac*=0x2c | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Edge Update", lpcbData=0x73f3ac*=0x2c) returned 0x0 [0267.546] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x16) returned 0x0 [0267.547] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f365a4, lpcbData=0x73f3ac*=0x16 | out: lpType=0x73f3b0*=0x1, lpData="1.3.171.37", lpcbData=0x73f3ac*=0x16) returned 0x0 [0267.723] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.723] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="MobileOptionPack", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.724] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.724] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.724] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.725] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="MPlayer2", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.725] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.725] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.725] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.726] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="SchedulingAgent", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.726] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.726] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.726] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.726] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="WIC", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.727] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.727] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.727] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.727] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{050d4fc8-5d48-4b8f-8972-47c82c46020f}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.728] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x7a) returned 0x0 [0267.728] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3c6d4, lpcbData=0x73f3ac*=0x7a | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501", lpcbData=0x73f3ac*=0x7a) returned 0x0 [0267.728] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x1a) returned 0x0 [0267.728] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3c838, lpcbData=0x73f3ac*=0x1a | out: lpType=0x73f3b0*=0x1, lpData="12.0.30501.0", lpcbData=0x73f3ac*=0x1a) returned 0x0 [0267.728] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.729] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.729] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.730] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.730] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.730] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.730] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.730] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.730] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.731] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.731] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.731] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.731] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.731] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.732] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.732] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.732] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.732] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.732] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.732] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.733] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.733] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.733] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.733] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.733] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.734] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.734] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.734] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.734] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.734] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{26A24AE4-039D-4CA4-87B4-2F32180361F0}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.735] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x24) returned 0x0 [0267.735] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3d86c, lpcbData=0x73f3ac*=0x24 | out: lpType=0x73f3b0*=0x1, lpData="Java 8 Update 361", lpcbData=0x73f3ac*=0x24) returned 0x0 [0267.735] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x16) returned 0x0 [0267.735] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3d920, lpcbData=0x73f3ac*=0x16 | out: lpType=0x73f3b0*=0x1, lpData="8.0.3610.9", lpcbData=0x73f3ac*=0x16) returned 0x0 [0267.735] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.735] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.735] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x7a) returned 0x0 [0267.736] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3dc44, lpcbData=0x73f3ac*=0x7a | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030", lpcbData=0x73f3ac*=0x7a) returned 0x0 [0267.736] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x1a) returned 0x0 [0267.736] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3dda8, lpcbData=0x73f3ac*=0x1a | out: lpType=0x73f3b0*=0x1, lpData="11.0.61030.0", lpcbData=0x73f3ac*=0x1a) returned 0x0 [0267.736] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.736] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{4A03706F-666A-4037-7777-5F2748764D10}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.737] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x24) returned 0x0 [0267.737] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3e138, lpcbData=0x73f3ac*=0x24 | out: lpType=0x73f3b0*=0x1, lpData="Java Auto Updater", lpcbData=0x73f3ac*=0x24) returned 0x0 [0267.737] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x14) returned 0x0 [0267.737] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3e1ec, lpcbData=0x73f3ac*=0x14 | out: lpType=0x73f3b0*=0x1, lpData="2.8.361.9", lpcbData=0x73f3ac*=0x14) returned 0x0 [0267.737] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.737] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{6ba9fb5e-8366-4cc4-bf65-25fe9819b2fc}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.738] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x86) returned 0x0 [0267.738] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3e530, lpcbData=0x73f3ac*=0x86 | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31931", lpcbData=0x73f3ac*=0x86) returned 0x0 [0267.738] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x1c) returned 0x0 [0267.738] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3e6ac, lpcbData=0x73f3ac*=0x1c | out: lpType=0x73f3b0*=0x1, lpData="14.34.31931.0", lpcbData=0x73f3ac*=0x1c) returned 0x0 [0267.738] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.738] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.739] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x54) returned 0x0 [0267.739] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3ea40, lpcbData=0x73f3ac*=0x54 | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Visual C++ 2005 Redistributable", lpcbData=0x73f3ac*=0x54) returned 0x0 [0267.739] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x14) returned 0x0 [0267.739] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3eb54, lpcbData=0x73f3ac*=0x14 | out: lpType=0x73f3b0*=0x1, lpData="8.0.61001", lpcbData=0x73f3ac*=0x14) returned 0x0 [0267.739] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.740] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{9BE518E6-ECC6-35A9-88E4-87755C07200F}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.740] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x7e) returned 0x0 [0267.740] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3ee9c, lpcbData=0x73f3ac*=0x7e | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161", lpcbData=0x73f3ac*=0x7e) returned 0x0 [0267.740] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x1e) returned 0x0 [0267.740] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3f008, lpcbData=0x73f3ac*=0x1e | out: lpType=0x73f3b0*=0x1, lpData="9.0.30729.6161", lpcbData=0x73f3ac*=0x1e) returned 0x0 [0267.740] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.740] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{AB1BDF73-7393-42CE-812D-9A90918814D5}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.741] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x78) returned 0x0 [0267.741] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3f39c, lpcbData=0x73f3ac*=0x78 | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31931", lpcbData=0x73f3ac*=0x78) returned 0x0 [0267.741] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x18) returned 0x0 [0267.741] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3f4f8, lpcbData=0x73f3ac*=0x18 | out: lpType=0x73f3b0*=0x1, lpData="14.34.31931", lpcbData=0x73f3ac*=0x18) returned 0x0 [0267.741] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.741] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.742] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x32) returned 0x0 [0267.742] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3f8bc, lpcbData=0x73f3ac*=0x32 | out: lpType=0x73f3b0*=0x1, lpData="Adobe Acrobat Reader MUI", lpcbData=0x73f3ac*=0x32) returned 0x0 [0267.742] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x1a) returned 0x0 [0267.742] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3f990, lpcbData=0x73f3ac*=0x1a | out: lpType=0x73f3b0*=0x1, lpData="22.003.20282", lpcbData=0x73f3ac*=0x1a) returned 0x0 [0267.742] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.742] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{ACCDCF8C-7ADF-3949-BDCB-FAA3E4D02A80}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.743] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x1e) returned 0x0 [0267.743] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3fccc, lpcbData=0x73f3ac*=0x1e | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Edge", lpcbData=0x73f3ac*=0x1e) returned 0x0 [0267.743] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x1c) returned 0x0 [0267.743] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f3fd78, lpcbData=0x73f3ac*=0x1c | out: lpType=0x73f3b0*=0x1, lpData="108.0.1462.46", lpcbData=0x73f3ac*=0x1c) returned 0x0 [0267.743] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.743] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{B175520C-86A2-35A7-8619-86DC379688B9}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.744] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x7c) returned 0x0 [0267.744] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f400b0, lpcbData=0x73f3ac*=0x7c | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030", lpcbData=0x73f3ac*=0x7c) returned 0x0 [0267.744] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x16) returned 0x0 [0267.744] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f40214, lpcbData=0x73f3ac*=0x16 | out: lpType=0x73f3b0*=0x1, lpData="11.0.61030", lpcbData=0x73f3ac*=0x16) returned 0x0 [0267.744] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.745] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.745] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x76) returned 0x0 [0267.745] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f40590, lpcbData=0x73f3ac*=0x76 | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030", lpcbData=0x73f3ac*=0x76) returned 0x0 [0267.746] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x16) returned 0x0 [0267.746] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f406ec, lpcbData=0x73f3ac*=0x16 | out: lpType=0x73f3b0*=0x1, lpData="11.0.61030", lpcbData=0x73f3ac*=0x16) returned 0x0 [0267.746] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.746] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{C2662EFF-06E6-4FD1-9D6D-FDCA91025757}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.746] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x7e) returned 0x0 [0267.746] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f40a60, lpcbData=0x73f3ac*=0x7e | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31931", lpcbData=0x73f3ac*=0x7e) returned 0x0 [0267.746] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x18) returned 0x0 [0267.747] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f40bcc, lpcbData=0x73f3ac*=0x18 | out: lpType=0x73f3b0*=0x1, lpData="14.34.31931", lpcbData=0x73f3ac*=0x18) returned 0x0 [0267.747] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.747] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.747] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x7a) returned 0x0 [0267.747] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f40f4c, lpcbData=0x73f3ac*=0x7a | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030", lpcbData=0x73f3ac*=0x7a) returned 0x0 [0267.747] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x1a) returned 0x0 [0267.747] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f410b0, lpcbData=0x73f3ac*=0x1a | out: lpType=0x73f3b0*=0x1, lpData="11.0.61030.0", lpcbData=0x73f3ac*=0x1a) returned 0x0 [0267.748] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.748] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{d4cecf3b-b68f-4995-8840-52ea0fab646e}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.748] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x86) returned 0x0 [0267.748] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f41434, lpcbData=0x73f3ac*=0x86 | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931", lpcbData=0x73f3ac*=0x86) returned 0x0 [0267.748] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x1c) returned 0x0 [0267.748] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f415b0, lpcbData=0x73f3ac*=0x1c | out: lpType=0x73f3b0*=0x1, lpData="14.34.31931.0", lpcbData=0x73f3ac*=0x1c) returned 0x0 [0267.749] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.749] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.749] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x78) returned 0x0 [0267.749] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f41944, lpcbData=0x73f3ac*=0x78 | out: lpType=0x73f3b0*=0x1, lpData="Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219", lpcbData=0x73f3ac*=0x78) returned 0x0 [0267.749] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x1, lpData=0x0, lpcbData=0x73f3ac*=0x16) returned 0x0 [0267.749] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x2f41aa0, lpcbData=0x73f3ac*=0x16 | out: lpType=0x73f3b0*=0x1, lpData="10.0.40219", lpcbData=0x73f3ac*=0x16) returned 0x0 [0267.750] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.877] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.877] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.878] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.878] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.878] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.879] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.879] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.879] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.879] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.880] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.880] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.880] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.880] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.880] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.880] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.881] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.881] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.881] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.881] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.881] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.882] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.882] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.882] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.882] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.882] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f390 | out: phkResult=0x73f390*=0x3c0) returned 0x0 [0267.883] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayName", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.883] RegQueryValueExW (in: hKey=0x3c0, lpValueName="DisplayVersion", lpReserved=0x0, lpType=0x73f3b0, lpData=0x0, lpcbData=0x73f3ac*=0x0 | out: lpType=0x73f3b0*=0x0, lpData=0x0, lpcbData=0x73f3ac*=0x0) returned 0x2 [0267.883] RegCloseKey (hKey=0x3c0) returned 0x0 [0267.883] RegCloseKey (hKey=0x3bc) returned 0x0 [0267.893] SysReAllocStringLen (in: pbstr=0x73f190*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73f190*="kernel32") returned 1 [0267.893] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0267.893] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0267.896] GetProcAddress (hModule=0x75ce0000, lpProcName="CompareStringEx") returned 0x75cf9540 [0267.972] SysReAllocStringLen (in: pbstr=0x73bd44*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73bd44*="kernel32.dll") returned 1 [0267.972] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0267.973] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0267.975] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0267.982] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\b7ea621a99f428c18af898966b979326\\system.management.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c0 [0267.983] GetLastError () returned 0x0 [0267.984] SysReAllocStringLen (in: pbstr=0x73b88c*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux", len=0x7e | out: pbstr=0x73b88c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux") returned 1 [0267.984] GetThreadLocale () returned 0x409 [0267.984] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0267.984] GetThreadLocale () returned 0x409 [0267.984] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0267.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x73b610, lpFilePart=0x73b60c | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux", lpFilePart=0x73b60c*="System.Management.ni.dll.aux") returned 0x7e [0267.984] SysReAllocStringLen (in: pbstr=0x73b88c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux", len=0x7e | out: pbstr=0x73b88c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux") returned 1 [0267.984] SysReAllocStringLen (in: pbstr=0x73b83c*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux", len=0x7e | out: pbstr=0x73b83c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux") returned 1 [0267.984] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux", cchLength=0x7e | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\b7ea621a99f428c18af898966b979326\\system.management.ni.dll.aux") returned 0x7e [0267.984] SysReAllocStringLen (in: pbstr=0x73b88c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\b7ea621a99f428c18af898966b979326\\system.management.ni.dll.aux", len=0x7e | out: pbstr=0x73b88c*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\b7ea621a99f428c18af898966b979326\\system.management.ni.dll.aux") returned 1 [0267.986] SetLastError (dwErrCode=0x0) [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] SetEvent (hEvent=0x1f8) returned 1 [0267.986] GetFileSize (in: hFile=0x3c0, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2fc [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.986] GetCurrentThreadId () returned 0xfe0 [0267.987] SetEvent (hEvent=0x1f8) returned 1 [0267.987] ReadFile (in: hFile=0x3c0, lpBuffer=0x9887e8, nNumberOfBytesToRead=0x2fc, lpNumberOfBytesRead=0x73b940, lpOverlapped=0x0 | out: lpBuffer=0x9887e8*, lpNumberOfBytesRead=0x73b940*=0x2fc, lpOverlapped=0x0) returned 1 [0268.121] GetCurrentThreadId () returned 0xfe0 [0268.121] ResetEvent (hEvent=0x1f4) returned 1 [0268.121] GetCurrentThreadId () returned 0xfe0 [0268.121] GetCurrentThreadId () returned 0xfe0 [0268.121] GetCurrentThreadId () returned 0xfe0 [0268.121] GetCurrentThreadId () returned 0xfe0 [0268.121] ResetEvent (hEvent=0x1f4) returned 1 [0268.123] GetCurrentThreadId () returned 0xfe0 [0268.123] GetCurrentThreadId () returned 0xfe0 [0268.123] SetEvent (hEvent=0x1f8) returned 1 [0268.123] SetEvent (hEvent=0x1f4) returned 1 [0268.123] CloseHandle (hObject=0x3c0) returned 1 [0268.334] SysReAllocStringLen (in: pbstr=0x73a754*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73a754*="kernel32.dll") returned 1 [0268.334] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0268.334] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0268.349] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0268.350] GetCurrentThreadId () returned 0xfe0 [0268.350] ResetEvent (hEvent=0x1f4) returned 1 [0268.350] GetCurrentThreadId () returned 0xfe0 [0268.350] GetCurrentThreadId () returned 0xfe0 [0268.350] GetCurrentThreadId () returned 0xfe0 [0268.350] GetCurrentThreadId () returned 0xfe0 [0268.350] ResetEvent (hEvent=0x1f4) returned 1 [0268.350] GetCurrentThreadId () returned 0xfe0 [0268.350] GetCurrentThreadId () returned 0xfe0 [0268.350] SetEvent (hEvent=0x1f8) returned 1 [0268.350] SetEvent (hEvent=0x1f4) returned 1 [0268.350] CloseHandle (hObject=0x3c0) returned 1 [0268.372] SysReAllocStringLen (in: pbstr=0x73a754*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73a754*="kernel32.dll") returned 1 [0268.372] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0268.372] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0268.375] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0268.377] GetCurrentThreadId () returned 0xfe0 [0268.377] ResetEvent (hEvent=0x1f4) returned 1 [0268.377] GetCurrentThreadId () returned 0xfe0 [0268.377] GetCurrentThreadId () returned 0xfe0 [0268.377] GetCurrentThreadId () returned 0xfe0 [0268.377] GetCurrentThreadId () returned 0xfe0 [0268.377] ResetEvent (hEvent=0x1f4) returned 1 [0268.377] GetCurrentThreadId () returned 0xfe0 [0268.377] GetCurrentThreadId () returned 0xfe0 [0268.377] SetEvent (hEvent=0x1f8) returned 1 [0268.377] SetEvent (hEvent=0x1f4) returned 1 [0268.377] CloseHandle (hObject=0x3c0) returned 1 [0268.379] SysReAllocStringLen (in: pbstr=0x73ae54*=0x0, psz="System.Management.ni.dll", len=0x18 | out: pbstr=0x73ae54*="System.Management.ni.dll") returned 1 [0268.379] CharLowerBuffW (in: lpsz="System.Management.ni.dll", cchLength=0x18 | out: lpsz="system.management.ni.dll") returned 0x18 [0268.380] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\b7ea621a99f428c18af898966b979326\\System.Management.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x6cf30000 [0268.876] GetLastError () returned 0x0 [0268.876] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0268.876] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0268.876] SetLastError (dwErrCode=0x0) [0269.128] SysReAllocStringLen (in: pbstr=0x73e788*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73e788*="kernel32.dll") returned 1 [0269.128] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0269.128] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0269.128] GetLastError () returned 0x0 [0269.129] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0269.129] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0269.129] GetModuleFileNameA (in: hModule=0x75ce0000, lpFilename=0x73e66c, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNEL32.DLL" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0269.290] SetLastError (dwErrCode=0x0) [0269.297] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCurrentProcessIdW") returned 0x0 [0269.407] GetProcAddress (hModule=0x75ff0000, lpProcName="LookupPrivilegeValue") returned 0x0 [0269.407] GetProcAddress (hModule=0x75ff0000, lpProcName="LookupPrivilegeValueW") returned 0x760097a0 [0269.407] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x73ecbc | out: lpLuid=0x73ecbc*(LowPart=0x14, HighPart=0)) returned 1 [0269.411] GetProcAddress (hModule=0x75ff0000, lpProcName="OpenProcessToken") returned 0x7600df20 [0269.412] GetProcAddress (hModule=0x75ff0000, lpProcName="OpenProcessTokenW") returned 0x0 [0269.412] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x73ecb8 | out: TokenHandle=0x73ecb8*=0x3bc) returned 1 [0269.412] GetProcAddress (hModule=0x75ff0000, lpProcName="AdjustTokenPrivileges") returned 0x7600ef80 [0269.413] GetProcAddress (hModule=0x75ff0000, lpProcName="AdjustTokenPrivilegesW") returned 0x0 [0269.413] AdjustTokenPrivileges (in: TokenHandle=0x3bc, DisableAllPrivileges=0, NewState=0x2f43584*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0269.414] CloseHandle (hObject=0x3bc) returned 1 [0269.514] SysReAllocStringLen (in: pbstr=0x73e754*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x73e754*="ntdll.dll") returned 1 [0269.514] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0269.514] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\ntdll.dll", hFile=0x0, dwFlags=0x800) returned 0x0 [0269.515] GetLastError () returned 0x7e [0269.515] SetLastError (dwErrCode=0x7e) [0269.519] SysReAllocStringLen (in: pbstr=0x73e754*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x73e754*="ntdll.dll") returned 1 [0269.519] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0269.519] LoadLibraryExW (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x800) returned 0x77d40000 [0269.519] GetLastError () returned 0x0 [0269.520] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0269.520] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0269.520] SetLastError (dwErrCode=0x0) [0269.520] GetProcAddress (hModule=0x77d40000, lpProcName="NtQuerySystemInformation") returned 0x77db1410 [0269.521] GetProcAddress (hModule=0x77d40000, lpProcName="NtQuerySystemInformationW") returned 0x0 [0269.521] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3f35570, Length=0x20000, ResultLength=0x73f39c | out: SystemInformation=0x3f35570, ResultLength=0x73f39c*=0x256c8) returned 0xc0000004 [0269.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3f55590, Length=0x27ec8, ResultLength=0x73f39c | out: SystemInformation=0x3f55590, ResultLength=0x73f39c*=0x1b028) returned 0x0 [0269.652] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateEvent") returned 0x0 [0269.655] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateEventW") returned 0x75d02ec0 [0269.657] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3bc [0269.659] SysReAllocStringLen (in: pbstr=0x73dff0*=0x0, psz="ole32.dll", len=0x9 | out: pbstr=0x73dff0*="ole32.dll") returned 1 [0269.659] CharLowerBuffW (in: lpsz="ole32.dll", cchLength=0x9 | out: lpsz="ole32.dll") returned 0x9 [0269.659] LoadLibraryExW (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x77290000 [0269.660] GetLastError () returned 0x0 [0269.660] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0269.660] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0269.660] GetModuleFileNameA (in: hModule=0x77290000, lpFilename=0x73ded4, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0269.660] GetCurrentProcess () returned 0xffffffff [0269.660] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dfd8*=0x7734d61c, NumberOfBytesToProtect=0x73dfdc, NewAccessProtection=0x4, OldAccessProtection=0x73e010 | out: BaseAddress=0x73dfd8*=0x7734d000, NumberOfBytesToProtect=0x73dfdc, OldAccessProtection=0x73e010*=0x2) returned 0x0 [0269.661] GetCurrentProcess () returned 0xffffffff [0269.661] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dfd8*=0x7734d61c, NumberOfBytesToProtect=0x73dfdc, NewAccessProtection=0x2, OldAccessProtection=0x73e010 | out: BaseAddress=0x73dfd8*=0x7734d000, NumberOfBytesToProtect=0x73dfdc, OldAccessProtection=0x73e010*=0x4) returned 0x0 [0269.661] GetCurrentProcess () returned 0xffffffff [0269.661] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dfd8*=0x7734d63c, NumberOfBytesToProtect=0x73dfdc, NewAccessProtection=0x4, OldAccessProtection=0x73e010 | out: BaseAddress=0x73dfd8*=0x7734d000, NumberOfBytesToProtect=0x73dfdc, OldAccessProtection=0x73e010*=0x2) returned 0x0 [0269.661] GetCurrentProcess () returned 0xffffffff [0269.661] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dfd8*=0x7734d63c, NumberOfBytesToProtect=0x73dfdc, NewAccessProtection=0x2, OldAccessProtection=0x73e010 | out: BaseAddress=0x73dfd8*=0x7734d000, NumberOfBytesToProtect=0x73dfdc, OldAccessProtection=0x73e010*=0x4) returned 0x0 [0269.662] SetLastError (dwErrCode=0x0) [0269.662] GetProcAddress (hModule=0x77290000, lpProcName="CoGetObjectContext") returned 0x778d63f0 [0269.666] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ec58 | out: ppv=0x73ec58*=0x968724) returned 0x0 [0270.118] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x73dc28 | out: phkResult=0x73dc28*=0x0) returned 0x2 [0270.118] RegCloseKey (hKey=0x80000002) returned 0x0 [0270.124] GetProcAddress (hModule=0x75ce0000, lpProcName="LocalFree") returned 0x75cff490 [0270.128] GetProcAddress (hModule=0x75ce0000, lpProcName="LocalAlloc") returned 0x75d003c0 [0270.128] LocalAlloc (uFlags=0x0, uBytes=0x208) returned 0x994528 [0270.131] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFullPathNameW") returned 0x75d03330 [0270.131] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x104, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0270.139] GetProcAddress (hModule=0x75ce0000, lpProcName="LoadLibrary") returned 0x0 [0270.143] GetProcAddress (hModule=0x75ce0000, lpProcName="WideCharToMultiByte") returned 0x75cfdf50 [0270.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x73e3d0, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0270.143] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cbMultiByte=63, lpWideCharStr=0x73d380, cchWideChar=2047 | out: lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dlls\鿝㰙珏退珔栀ッ￿懿輽⭯轁摯鿝퀙珔씀∊) returned 63 [0270.143] SysReAllocStringLen (in: pbstr=0x73e384*=0x0, psz="wminet_utils.dll", len=0x10 | out: pbstr=0x73e384*="wminet_utils.dll") returned 1 [0270.143] CharLowerBuffW (in: lpsz="wminet_utils.dll", cchLength=0x10 | out: lpsz="wminet_utils.dll") returned 0x10 [0270.144] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6cf00000 [0270.329] GetLastError () returned 0x0 [0270.329] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0270.330] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0270.330] GetModuleFileNameA (in: hModule=0x6cf00000, lpFilename=0x73e264, nSize=0x105 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\wminet_utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll")) returned 0x3e [0270.330] GetCurrentProcess () returned 0xffffffff [0270.330] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e368*=0x6cf1c078, NumberOfBytesToProtect=0x73e36c, NewAccessProtection=0x4, OldAccessProtection=0x73e3a0 | out: BaseAddress=0x73e368*=0x6cf1c000, NumberOfBytesToProtect=0x73e36c, OldAccessProtection=0x73e3a0*=0x2) returned 0x0 [0270.331] GetCurrentProcess () returned 0xffffffff [0270.331] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e368*=0x6cf1c078, NumberOfBytesToProtect=0x73e36c, NewAccessProtection=0x2, OldAccessProtection=0x73e3a0 | out: BaseAddress=0x73e368*=0x6cf1c000, NumberOfBytesToProtect=0x73e36c, OldAccessProtection=0x73e3a0*=0x4) returned 0x0 [0270.331] GetCurrentProcess () returned 0xffffffff [0270.331] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e368*=0x6cf1c07c, NumberOfBytesToProtect=0x73e36c, NewAccessProtection=0x4, OldAccessProtection=0x73e3a0 | out: BaseAddress=0x73e368*=0x6cf1c000, NumberOfBytesToProtect=0x73e36c, OldAccessProtection=0x73e3a0*=0x2) returned 0x0 [0270.331] GetCurrentProcess () returned 0xffffffff [0270.331] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e368*=0x6cf1c07c, NumberOfBytesToProtect=0x73e36c, NewAccessProtection=0x2, OldAccessProtection=0x73e3a0 | out: BaseAddress=0x73e368*=0x6cf1c000, NumberOfBytesToProtect=0x73e36c, OldAccessProtection=0x73e3a0*=0x4) returned 0x0 [0270.332] GetCurrentProcess () returned 0xffffffff [0270.332] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e368*=0x6cf1c088, NumberOfBytesToProtect=0x73e36c, NewAccessProtection=0x4, OldAccessProtection=0x73e3a0 | out: BaseAddress=0x73e368*=0x6cf1c000, NumberOfBytesToProtect=0x73e36c, OldAccessProtection=0x73e3a0*=0x2) returned 0x0 [0270.332] GetCurrentProcess () returned 0xffffffff [0270.332] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e368*=0x6cf1c088, NumberOfBytesToProtect=0x73e36c, NewAccessProtection=0x2, OldAccessProtection=0x73e3a0 | out: BaseAddress=0x73e368*=0x6cf1c000, NumberOfBytesToProtect=0x73e36c, OldAccessProtection=0x73e3a0*=0x4) returned 0x0 [0270.333] GetCurrentProcess () returned 0xffffffff [0270.333] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e368*=0x6cf1c08c, NumberOfBytesToProtect=0x73e36c, NewAccessProtection=0x4, OldAccessProtection=0x73e3a0 | out: BaseAddress=0x73e368*=0x6cf1c000, NumberOfBytesToProtect=0x73e36c, OldAccessProtection=0x73e3a0*=0x2) returned 0x0 [0270.333] GetCurrentProcess () returned 0xffffffff [0270.333] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e368*=0x6cf1c08c, NumberOfBytesToProtect=0x73e36c, NewAccessProtection=0x2, OldAccessProtection=0x73e3a0 | out: BaseAddress=0x73e368*=0x6cf1c000, NumberOfBytesToProtect=0x73e36c, OldAccessProtection=0x73e3a0*=0x4) returned 0x0 [0270.334] GetCurrentProcess () returned 0xffffffff [0270.334] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e368*=0x6cf1c0b4, NumberOfBytesToProtect=0x73e36c, NewAccessProtection=0x4, OldAccessProtection=0x73e3a0 | out: BaseAddress=0x73e368*=0x6cf1c000, NumberOfBytesToProtect=0x73e36c, OldAccessProtection=0x73e3a0*=0x2) returned 0x0 [0270.334] GetCurrentProcess () returned 0xffffffff [0270.334] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e368*=0x6cf1c0b4, NumberOfBytesToProtect=0x73e36c, NewAccessProtection=0x2, OldAccessProtection=0x73e3a0 | out: BaseAddress=0x73e368*=0x6cf1c000, NumberOfBytesToProtect=0x73e36c, OldAccessProtection=0x73e3a0*=0x4) returned 0x0 [0270.335] SetLastError (dwErrCode=0x0) [0270.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x73e404, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecuritymÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 13 [0270.351] GetProcAddress (hModule=0x6cf00000, lpProcName="ResetSecurity") returned 0x6cf07dd0 [0270.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x73e404, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity\x02ëmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 11 [0270.467] GetProcAddress (hModule=0x6cf00000, lpProcName="SetSecurity") returned 0x6cf07e20 [0270.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x73e400, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 18 [0270.477] GetProcAddress (hModule=0x6cf00000, lpProcName="BlessIWbemServices") returned 0x6cf06e70 [0270.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x73e3f8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectëmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 24 [0270.562] GetProcAddress (hModule=0x6cf00000, lpProcName="BlessIWbemServicesObject") returned 0x6cf06ed0 [0270.590] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x73e400, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandlemÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 17 [0270.591] GetProcAddress (hModule=0x6cf00000, lpProcName="GetPropertyHandle") returned 0x6cf07820 [0270.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x73e400, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValueÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 18 [0270.609] GetProcAddress (hModule=0x6cf00000, lpProcName="WritePropertyValue") returned 0x6cf07fa0 [0270.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x73e40c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clonemÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 5 [0270.627] GetProcAddress (hModule=0x6cf00000, lpProcName="Clone") returned 0x6cf06f30 [0270.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x73e400, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey\x02ëmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 15 [0270.639] GetProcAddress (hModule=0x6cf00000, lpProcName="VerifyClientKey") returned 0x6cf07f20 [0270.643] GetProcAddress (hModule=0x6cf00000, lpProcName="GetQualifierSet") returned 0x6cf078e0 [0270.644] GetProcAddress (hModule=0x6cf00000, lpProcName="Get") returned 0x6cf075c0 [0270.660] GetProcAddress (hModule=0x6cf00000, lpProcName="Put") returned 0x6cf07a00 [0270.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x73e40c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Deleteÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 6 [0270.670] GetProcAddress (hModule=0x6cf00000, lpProcName="Delete") returned 0x6cf07300 [0270.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x73e408, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNamesëmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 8 [0270.674] GetProcAddress (hModule=0x6cf00000, lpProcName="GetNames") returned 0x6cf077c0 [0270.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x73e400, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumerationëmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 16 [0270.707] GetProcAddress (hModule=0x6cf00000, lpProcName="BeginEnumeration") returned 0x6cf06e30 [0270.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x73e40c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Nextëmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 4 [0270.718] GetProcAddress (hModule=0x6cf00000, lpProcName="Next") returned 0x6cf079a0 [0270.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x73e404, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 14 [0270.737] GetProcAddress (hModule=0x6cf00000, lpProcName="EndEnumeration") returned 0x6cf073c0 [0270.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x73e3f8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet\x02ëmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 23 [0270.750] GetProcAddress (hModule=0x6cf00000, lpProcName="GetPropertyQualifierSet") returned 0x6cf078b0 [0270.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x73e40c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clonemÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 5 [0270.759] GetProcAddress (hModule=0x6cf00000, lpProcName="Clone") returned 0x6cf06f30 [0270.871] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x73e404, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectTextmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 13 [0270.893] GetProcAddress (hModule=0x6cf00000, lpProcName="GetObjectText") returned 0x6cf077f0 [0270.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x73e400, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClassmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 17 [0270.906] GetProcAddress (hModule=0x6cf00000, lpProcName="SpawnDerivedClass") returned 0x6cf07e80 [0270.907] GetProcAddress (hModule=0x6cf00000, lpProcName="SpawnInstance") returned 0x6cf07eb0 [0270.908] GetProcAddress (hModule=0x6cf00000, lpProcName="CompareTo") returned 0x6cf07020 [0270.909] GetProcAddress (hModule=0x6cf00000, lpProcName="GetPropertyOrigin") returned 0x6cf07880 [0270.911] GetProcAddress (hModule=0x6cf00000, lpProcName="InheritsFrom") returned 0x6cf07900 [0270.911] GetProcAddress (hModule=0x6cf00000, lpProcName="GetMethod") returned 0x6cf07730 [0270.913] GetProcAddress (hModule=0x6cf00000, lpProcName="PutMethod") returned 0x6cf07bf0 [0270.914] GetProcAddress (hModule=0x6cf00000, lpProcName="DeleteMethod") returned 0x6cf07320 [0270.915] GetProcAddress (hModule=0x6cf00000, lpProcName="BeginMethodEnumeration") returned 0x6cf06e50 [0270.915] GetProcAddress (hModule=0x6cf00000, lpProcName="NextMethod") returned 0x6cf079d0 [0271.130] GetProcAddress (hModule=0x6cf00000, lpProcName="EndMethodEnumeration") returned 0x6cf073e0 [0271.131] GetProcAddress (hModule=0x6cf00000, lpProcName="GetMethodQualifierSet") returned 0x6cf07790 [0271.132] GetProcAddress (hModule=0x6cf00000, lpProcName="GetMethodOrigin") returned 0x6cf07760 [0271.132] GetProcAddress (hModule=0x6cf00000, lpProcName="QualifierSet_Get") returned 0x6cf07c80 [0271.134] GetProcAddress (hModule=0x6cf00000, lpProcName="QualifierSet_Put") returned 0x6cf07d10 [0271.180] GetProcAddress (hModule=0x6cf00000, lpProcName="QualifierSet_Delete") returned 0x6cf07c40 [0271.181] GetProcAddress (hModule=0x6cf00000, lpProcName="QualifierSet_GetNames") returned 0x6cf07cb0 [0271.184] GetProcAddress (hModule=0x6cf00000, lpProcName="QualifierSet_BeginEnumeration") returned 0x6cf07c20 [0271.184] GetProcAddress (hModule=0x6cf00000, lpProcName="QualifierSet_Next") returned 0x6cf07ce0 [0271.186] GetProcAddress (hModule=0x6cf00000, lpProcName="QualifierSet_EndEnumeration") returned 0x6cf07c60 [0271.186] GetProcAddress (hModule=0x6cf00000, lpProcName="GetCurrentApartmentType") returned 0x6cf078e0 [0271.189] GetProcAddress (hModule=0x6cf00000, lpProcName="GetDemultiplexedStub") returned 0x6cf075f0 [0271.192] GetProcAddress (hModule=0x6cf00000, lpProcName="CreateInstanceEnumWmi") returned 0x6cf07230 [0271.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x73e400, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmiÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 18 [0271.290] GetProcAddress (hModule=0x6cf00000, lpProcName="CreateClassEnumWmi") returned 0x6cf07160 [0271.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x73e404, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmiëmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 12 [0271.292] GetProcAddress (hModule=0x6cf00000, lpProcName="ExecQueryWmi") returned 0x6cf074e0 [0271.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x73e3f8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmiëmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 24 [0271.498] GetProcAddress (hModule=0x6cf00000, lpProcName="ExecNotificationQueryWmi") returned 0x6cf07400 [0271.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x73e404, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmiÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 14 [0271.500] GetProcAddress (hModule=0x6cf00000, lpProcName="PutInstanceWmi") returned 0x6cf07b10 [0271.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x73e404, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi\x02ëmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 11 [0271.506] GetProcAddress (hModule=0x6cf00000, lpProcName="PutClassWmi") returned 0x6cf07a30 [0271.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x73e3f8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObjectëmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 24 [0271.508] GetProcAddress (hModule=0x6cf00000, lpProcName="CloneEnumWbemClassObject") returned 0x6cf06f50 [0271.527] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x73e400, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmiëmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 16 [0271.527] GetProcAddress (hModule=0x6cf00000, lpProcName="ConnectServerWmi") returned 0x6cf07050 [0271.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetErrorInfo", cchWideChar=12, lpMultiByteStr=0x73e404, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetErrorInfoëmÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 12 [0271.686] GetProcAddress (hModule=0x6cf00000, lpProcName="GetErrorInfo") returned 0x6cf07650 [0271.689] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Initialize", cchWideChar=10, lpMultiByteStr=0x73e408, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Initializeÿl\x93:q\x18\x84þ…oàæs", lpUsedDefaultChar=0x0) returned 10 [0271.690] GetProcAddress (hModule=0x6cf00000, lpProcName="Initialize") returned 0x6cf07920 [0271.696] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x73e3b8 | out: phkResult=0x73e3b8*=0x3f0) returned 0x0 [0271.697] RegQueryValueExW (in: hKey=0x3f0, lpValueName="WMIDisableCOMSecurity", lpReserved=0x0, lpType=0x73e3d4, lpData=0x0, lpcbData=0x73e3d0*=0x0 | out: lpType=0x73e3d4*=0x0, lpData=0x0, lpcbData=0x73e3d0*=0x0) returned 0x2 [0271.697] RegCloseKey (hKey=0x3f0) returned 0x0 [0271.698] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73ec50 | out: pAptType=0x73ec50*=1) returned 0x0 [0271.698] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73ec54 | out: ppvObject=0x73ec54*=0x0) returned 0x80004002 [0271.698] IUnknown:Release (This=0x968724) returned 0x0 [0271.884] SysReAllocStringLen (in: pbstr=0x73e7bc*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73e7bc*="kernel32") returned 1 [0271.935] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0271.935] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0271.961] GetProcAddress (hModule=0x75ce0000, lpProcName="LCMapStringEx") returned 0x75cf87a0 [0271.963] GetProcAddress (hModule=0x77290000, lpProcName="IIDFromString") returned 0x778dddc0 [0271.964] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x73e8a4 | out: lpiid=0x73e8a4) returned 0x0 [0271.967] GetProcAddress (hModule=0x77290000, lpProcName="CoGetClassObject") returned 0x778fe450 [0271.968] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73e5c0 | out: ppv=0x73e5c0*=0x989ed0) returned 0x0 [0272.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ed0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e7d8 | out: ppvObject=0x73e7d8*=0x0) returned 0x80004002 [0272.064] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ed0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e7e4 | out: ppvObject=0x73e7e4*=0x987dd0) returned 0x0 [0272.065] WbemDefPath:IUnknown:Release (This=0x989ed0) returned 0x0 [0272.065] WbemDefPath:IUnknown:QueryInterface (in: This=0x987dd0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e404 | out: ppvObject=0x73e404*=0x987dd0) returned 0x0 [0272.066] WbemDefPath:IUnknown:QueryInterface (in: This=0x987dd0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e3b8 | out: ppvObject=0x73e3b8*=0x0) returned 0x80004002 [0272.066] WbemDefPath:IUnknown:QueryInterface (in: This=0x987dd0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73dfc0 | out: ppvObject=0x73dfc0*=0x0) returned 0x80004002 [0272.066] WbemDefPath:IUnknown:AddRef (This=0x987dd0) returned 0x3 [0272.066] WbemDefPath:IUnknown:QueryInterface (in: This=0x987dd0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73dd14 | out: ppvObject=0x73dd14*=0x0) returned 0x80004002 [0272.066] WbemDefPath:IUnknown:QueryInterface (in: This=0x987dd0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73dcc4 | out: ppvObject=0x73dcc4*=0x0) returned 0x80004002 [0272.066] WbemDefPath:IUnknown:QueryInterface (in: This=0x987dd0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73dcd0 | out: ppvObject=0x73dcd0*=0x991c50) returned 0x0 [0272.066] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x991c50, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73dcd8 | out: pCid=0x73dcd8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0272.067] WbemDefPath:IUnknown:Release (This=0x991c50) returned 0x3 [0272.067] GetProcAddress (hModule=0x77290000, lpProcName="CoGetContextToken") returned 0x778fe200 [0272.068] CoGetContextToken (in: pToken=0x73dd30 | out: pToken=0x73dd30) returned 0x0 [0272.068] CoGetContextToken (in: pToken=0x73e144 | out: pToken=0x73e144) returned 0x0 [0272.068] WbemDefPath:IUnknown:QueryInterface (in: This=0x987dd0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e1c4 | out: ppvObject=0x73e1c4*=0x0) returned 0x80004002 [0272.068] WbemDefPath:IUnknown:Release (This=0x987dd0) returned 0x2 [0272.068] WbemDefPath:IUnknown:Release (This=0x987dd0) returned 0x1 [0272.069] CoGetContextToken (in: pToken=0x73eadc | out: pToken=0x73eadc) returned 0x0 [0272.069] CoGetContextToken (in: pToken=0x73ea3c | out: pToken=0x73ea3c) returned 0x0 [0272.069] WbemDefPath:IUnknown:QueryInterface (in: This=0x987dd0, riid=0x73eb0c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73eb08 | out: ppvObject=0x73eb08*=0x987dd0) returned 0x0 [0272.069] WbemDefPath:IUnknown:AddRef (This=0x987dd0) returned 0x3 [0272.069] WbemDefPath:IUnknown:Release (This=0x987dd0) returned 0x2 [0272.071] WbemDefPath:IWbemPath:SetText (This=0x987dd0, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0272.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f388 | out: puCount=0x73f388*=0x2) returned 0x0 [0272.073] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f384*=0x0, pszText=0x0 | out: puBuffLength=0x73f384*=0xf, pszText=0x0) returned 0x0 [0272.073] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f384*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f384*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0272.075] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f310 | out: ppv=0x73f310*=0x968724) returned 0x0 [0272.076] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f308 | out: pAptType=0x73f308*=1) returned 0x0 [0272.076] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f30c | out: ppvObject=0x73f30c*=0x0) returned 0x80004002 [0272.076] IUnknown:Release (This=0x968724) returned 0x0 [0272.076] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x73f214 | out: lpiid=0x73f214) returned 0x0 [0272.078] CoGetClassObject (in: rclsid=0x990794*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ef30 | out: ppv=0x73ef30*=0x992178) returned 0x0 [0272.107] WbemLocator:IUnknown:QueryInterface (in: This=0x992178, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73f148 | out: ppvObject=0x73f148*=0x0) returned 0x80004002 [0272.108] WbemLocator:IClassFactory:CreateInstance (in: This=0x992178, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73f154 | out: ppvObject=0x73f154*=0x989f50) returned 0x0 [0272.108] WbemLocator:IUnknown:Release (This=0x992178) returned 0x0 [0272.108] WbemLocator:IUnknown:QueryInterface (in: This=0x989f50, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73ed74 | out: ppvObject=0x73ed74*=0x989f50) returned 0x0 [0272.108] WbemLocator:IUnknown:QueryInterface (in: This=0x989f50, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73ed28 | out: ppvObject=0x73ed28*=0x0) returned 0x80004002 [0272.108] WbemLocator:IUnknown:QueryInterface (in: This=0x989f50, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e930 | out: ppvObject=0x73e930*=0x0) returned 0x80004002 [0272.108] WbemLocator:IUnknown:AddRef (This=0x989f50) returned 0x3 [0272.109] WbemLocator:IUnknown:QueryInterface (in: This=0x989f50, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e684 | out: ppvObject=0x73e684*=0x0) returned 0x80004002 [0272.109] WbemLocator:IUnknown:QueryInterface (in: This=0x989f50, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e634 | out: ppvObject=0x73e634*=0x0) returned 0x80004002 [0272.109] WbemLocator:IUnknown:QueryInterface (in: This=0x989f50, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e640 | out: ppvObject=0x73e640*=0x0) returned 0x80004002 [0272.109] CoGetContextToken (in: pToken=0x73e6a0 | out: pToken=0x73e6a0) returned 0x0 [0272.109] GetProcAddress (hModule=0x77290000, lpProcName="CoGetObjectContext") returned 0x778d63f0 [0272.110] CoGetObjectContext (in: riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x992194 | out: ppv=0x992194*=0x968718) returned 0x0 [0272.110] CoGetContextToken (in: pToken=0x73eab4 | out: pToken=0x73eab4) returned 0x0 [0272.110] WbemLocator:IUnknown:QueryInterface (in: This=0x989f50, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eb34 | out: ppvObject=0x73eb34*=0x0) returned 0x80004002 [0272.111] WbemLocator:IUnknown:Release (This=0x989f50) returned 0x2 [0272.111] WbemLocator:IUnknown:Release (This=0x989f50) returned 0x1 [0272.111] CoGetContextToken (in: pToken=0x73f12c | out: pToken=0x73f12c) returned 0x0 [0272.111] CoGetContextToken (in: pToken=0x73f08c | out: pToken=0x73f08c) returned 0x0 [0272.111] WbemLocator:IUnknown:QueryInterface (in: This=0x989f50, riid=0x73f15c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73f158 | out: ppvObject=0x73f158*=0x989f50) returned 0x0 [0272.111] WbemLocator:IUnknown:AddRef (This=0x989f50) returned 0x3 [0272.111] WbemLocator:IUnknown:Release (This=0x989f50) returned 0x2 [0272.115] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f2ec | out: puCount=0x73f2ec*=0x2) returned 0x0 [0272.115] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=8, puBuffLength=0x73f2e8*=0x0, pszText=0x0 | out: puBuffLength=0x73f2e8*=0xf, pszText=0x0) returned 0x0 [0272.115] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=8, puBuffLength=0x73f2e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f2e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0272.115] CoCreateInstance (in: rclsid=0x6cf03734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6cf03794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x73f198 | out: ppv=0x73f198*=0x989ee0) returned 0x0 [0272.116] WbemLocator:IWbemLocator:ConnectServer (in: This=0x989ee0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x73f238 | out: ppNamespace=0x73f238*=0x967ed0) returned 0x0 [0274.275] SysReAllocStringLen (in: pbstr=0x73d6b0*=0x0, psz="api-ms-win-core-synch-l1-2-0", len=0x1c | out: pbstr=0x73d6b0*="api-ms-win-core-synch-l1-2-0") returned 1 [0274.276] CharLowerBuffW (in: lpsz="api-ms-win-core-synch-l1-2-0", cchLength=0x1c | out: lpsz="api-ms-win-core-synch-l1-2-0") returned 0x1c [0274.276] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0274.276] GetLastError () returned 0x0 [0274.303] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0274.303] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0274.303] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73d594, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0274.393] SetLastError (dwErrCode=0x0) [0274.393] GetProcAddress (hModule=0x77580000, lpProcName="InitializeCriticalSectionEx") returned 0x776a1900 [0274.395] SysReAllocStringLen (in: pbstr=0x73d6c0*=0x0, psz="api-ms-win-core-fibers-l1-1-1", len=0x1d | out: pbstr=0x73d6c0*="api-ms-win-core-fibers-l1-1-1") returned 1 [0274.395] CharLowerBuffW (in: lpsz="api-ms-win-core-fibers-l1-1-1", cchLength=0x1d | out: lpsz="api-ms-win-core-fibers-l1-1-1") returned 0x1d [0274.395] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0274.396] GetLastError () returned 0x0 [0274.396] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0274.396] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0274.396] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73d5a4, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0274.397] SetLastError (dwErrCode=0x0) [0274.397] GetProcAddress (hModule=0x77580000, lpProcName="FlsAlloc") returned 0x776a7280 [0274.397] GetProcAddress (hModule=0x77580000, lpProcName="FlsSetValue") returned 0x77699870 [0274.400] SysReAllocStringLen (in: pbstr=0x73d694*=0x0, psz="api-ms-win-core-synch-l1-2-0", len=0x1c | out: pbstr=0x73d694*="api-ms-win-core-synch-l1-2-0") returned 1 [0274.400] CharLowerBuffW (in: lpsz="api-ms-win-core-synch-l1-2-0", cchLength=0x1c | out: lpsz="api-ms-win-core-synch-l1-2-0") returned 0x1c [0274.401] LoadLibraryExW (lpLibFileName="api-ms-win-core-synch-l1-2-0", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0274.401] GetLastError () returned 0x0 [0274.401] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0274.401] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0274.401] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73d578, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0274.402] SetLastError (dwErrCode=0x0) [0274.402] GetProcAddress (hModule=0x77580000, lpProcName="InitializeCriticalSectionEx") returned 0x776a1900 [0274.402] SysReAllocStringLen (in: pbstr=0x73d6a4*=0x0, psz="api-ms-win-core-fibers-l1-1-1", len=0x1d | out: pbstr=0x73d6a4*="api-ms-win-core-fibers-l1-1-1") returned 1 [0274.403] CharLowerBuffW (in: lpsz="api-ms-win-core-fibers-l1-1-1", cchLength=0x1d | out: lpsz="api-ms-win-core-fibers-l1-1-1") returned 0x1d [0274.403] LoadLibraryExW (lpLibFileName="api-ms-win-core-fibers-l1-1-1", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0274.403] GetLastError () returned 0x0 [0274.403] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0274.404] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0274.404] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73d588, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0274.404] SetLastError (dwErrCode=0x0) [0274.405] GetProcAddress (hModule=0x77580000, lpProcName="FlsAlloc") returned 0x776a7280 [0274.405] GetProcAddress (hModule=0x77580000, lpProcName="FlsGetValue") returned 0x77691270 [0274.405] GetProcAddress (hModule=0x77580000, lpProcName="FlsSetValue") returned 0x77699870 [0274.406] SysReAllocStringLen (in: pbstr=0x73cc30*=0x0, psz="api-ms-win-core-localization-l1-2-1", len=0x23 | out: pbstr=0x73cc30*="api-ms-win-core-localization-l1-2-1") returned 1 [0274.406] CharLowerBuffW (in: lpsz="api-ms-win-core-localization-l1-2-1", cchLength=0x23 | out: lpsz="api-ms-win-core-localization-l1-2-1") returned 0x23 [0274.406] LoadLibraryExW (lpLibFileName="api-ms-win-core-localization-l1-2-1", hFile=0x0, dwFlags=0x800) returned 0x77580000 [0274.407] GetLastError () returned 0x0 [0274.407] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0274.412] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0274.412] GetModuleFileNameA (in: hModule=0x77580000, lpFilename=0x73cb14, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0274.412] SetLastError (dwErrCode=0x0) [0274.412] GetProcAddress (hModule=0x77580000, lpProcName="LCMapStringEx") returned 0x7768ab10 [0274.414] SysReAllocStringLen (in: pbstr=0x73d720*=0x0, psz="api-ms-win-core-synch-l1-2-0.dll", len=0x20 | out: pbstr=0x73d720*="api-ms-win-core-synch-l1-2-0.dll") returned 1 [0274.414] CharLowerBuffW (in: lpsz="api-ms-win-core-synch-l1-2-0.dll", cchLength=0x20 | out: lpsz="api-ms-win-core-synch-l1-2-0.dll") returned 0x20 [0274.414] GetModuleHandleW (lpModuleName="api-ms-win-core-synch-l1-2-0.dll") returned 0x77580000 [0274.415] GetProcAddress (hModule=0x77580000, lpProcName="InitializeConditionVariable") returned 0x77da50b0 [0274.415] GetProcAddress (hModule=0x77580000, lpProcName="SleepConditionVariableCS") returned 0x777325e0 [0274.415] GetProcAddress (hModule=0x77580000, lpProcName="WakeAllConditionVariable") returned 0x77da9190 [0274.418] SysReAllocStringLen (in: pbstr=0x73d668*=0x0, psz="version.dll", len=0xb | out: pbstr=0x73d668*="version.dll") returned 1 [0274.418] CharLowerBuffW (in: lpsz="version.dll", cchLength=0xb | out: lpsz="version.dll") returned 0xb [0274.418] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\version.dll", hFile=0x0, dwFlags=0x8) returned 0x752b0000 [0274.418] GetLastError () returned 0x0 [0274.419] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0274.419] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0274.419] GetModuleFileNameA (in: hModule=0x752b0000, lpFilename=0x73d54c, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0274.419] GetCurrentProcess () returned 0xffffffff [0274.444] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73d650*=0x752b50bc, NumberOfBytesToProtect=0x73d654, NewAccessProtection=0x4, OldAccessProtection=0x73d688 | out: BaseAddress=0x73d650*=0x752b5000, NumberOfBytesToProtect=0x73d654, OldAccessProtection=0x73d688*=0x2) returned 0x0 [0274.445] GetCurrentProcess () returned 0xffffffff [0274.445] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73d650*=0x752b50bc, NumberOfBytesToProtect=0x73d654, NewAccessProtection=0x2, OldAccessProtection=0x73d688 | out: BaseAddress=0x73d650*=0x752b5000, NumberOfBytesToProtect=0x73d654, OldAccessProtection=0x73d688*=0x4) returned 0x0 [0274.445] GetCurrentProcess () returned 0xffffffff [0274.445] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73d650*=0x752b50c8, NumberOfBytesToProtect=0x73d654, NewAccessProtection=0x4, OldAccessProtection=0x73d688 | out: BaseAddress=0x73d650*=0x752b5000, NumberOfBytesToProtect=0x73d654, OldAccessProtection=0x73d688*=0x2) returned 0x0 [0274.445] GetCurrentProcess () returned 0xffffffff [0274.445] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73d650*=0x752b50c8, NumberOfBytesToProtect=0x73d654, NewAccessProtection=0x2, OldAccessProtection=0x73d688 | out: BaseAddress=0x73d650*=0x752b5000, NumberOfBytesToProtect=0x73d654, OldAccessProtection=0x73d688*=0x4) returned 0x0 [0274.446] SetLastError (dwErrCode=0x0) [0274.446] SysReAllocStringLen (in: pbstr=0x73d6a4*=0x0, psz="version.dll", len=0xb | out: pbstr=0x73d6a4*="version.dll") returned 1 [0274.446] CharLowerBuffW (in: lpsz="version.dll", cchLength=0xb | out: lpsz="version.dll") returned 0xb [0274.446] GetModuleHandleW (lpModuleName="version.dll") returned 0x752b0000 [0274.447] GetProcAddress (hModule=0x752b0000, lpProcName="GetFileVersionInfoSizeExW") returned 0x752b15a0 [0274.447] SysReAllocStringLen (in: pbstr=0x73d6a4*=0x0, psz="version.dll", len=0xb | out: pbstr=0x73d6a4*="version.dll") returned 1 [0274.447] CharLowerBuffW (in: lpsz="version.dll", cchLength=0xb | out: lpsz="version.dll") returned 0xb [0274.448] GetModuleHandleW (lpModuleName="version.dll") returned 0x752b0000 [0274.448] GetProcAddress (hModule=0x752b0000, lpProcName="GetFileVersionInfoExW") returned 0x752b1580 [0274.448] SysReAllocStringLen (in: pbstr=0x73d6a4*=0x0, psz="version.dll", len=0xb | out: pbstr=0x73d6a4*="version.dll") returned 1 [0274.448] CharLowerBuffW (in: lpsz="version.dll", cchLength=0xb | out: lpsz="version.dll") returned 0xb [0274.449] GetModuleHandleW (lpModuleName="version.dll") returned 0x752b0000 [0274.449] GetProcAddress (hModule=0x752b0000, lpProcName="VerQueryValueW") returned 0x752b1560 [0274.456] WbemLocator:IUnknown:QueryInterface (in: This=0x967ed0, riid=0x6cf035b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73f0bc | out: ppvObject=0x73f0bc*=0x99a570) returned 0x0 [0274.456] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x99a570, pProxy=0x967ed0, pAuthnSvc=0x73f10c, pAuthzSvc=0x73f108, pServerPrincName=0x73f100, pAuthnLevel=0x73f104, pImpLevel=0x73f0f4, pAuthInfo=0x73f0f8, pCapabilites=0x73f0fc | out: pAuthnSvc=0x73f10c*=0xa, pAuthzSvc=0x73f108*=0x0, pServerPrincName=0x73f100, pAuthnLevel=0x73f104*=0x6, pImpLevel=0x73f0f4*=0x2, pAuthInfo=0x73f0f8, pCapabilites=0x73f0fc*=0x1) returned 0x0 [0274.456] WbemLocator:IUnknown:Release (This=0x99a570) returned 0x1 [0274.456] WbemLocator:IUnknown:QueryInterface (in: This=0x967ed0, riid=0x6cf035a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73f0b0 | out: ppvObject=0x73f0b0*=0x99a594) returned 0x0 [0274.456] WbemLocator:IUnknown:QueryInterface (in: This=0x967ed0, riid=0x6cf035b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73f09c | out: ppvObject=0x73f09c*=0x99a570) returned 0x0 [0274.456] WbemLocator:IClientSecurity:SetBlanket (This=0x99a570, pProxy=0x967ed0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0274.457] WbemLocator:IUnknown:Release (This=0x99a570) returned 0x2 [0274.457] WbemLocator:IUnknown:Release (This=0x99a594) returned 0x1 [0274.457] CoTaskMemFree (pv=0x99dd18) [0274.457] WbemLocator:IUnknown:AddRef (This=0x967ed0) returned 0x2 [0274.457] WbemLocator:IUnknown:Release (This=0x989ee0) returned 0x0 [0274.458] CoGetContextToken (in: pToken=0x73e5f0 | out: pToken=0x73e5f0) returned 0x0 [0274.458] CoGetContextToken (in: pToken=0x73ea04 | out: pToken=0x73ea04) returned 0x0 [0274.458] WbemLocator:IUnknown:QueryInterface (in: This=0x967ed0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e99c | out: ppvObject=0x73e99c*=0x99a578) returned 0x0 [0274.459] WbemLocator:IRpcOptions:Query (in: This=0x99a578, pPrx=0x9921d8, dwProperty=2, pdwValue=0x73ea90 | out: pdwValue=0x73ea90) returned 0x80004002 [0274.459] WbemLocator:IUnknown:Release (This=0x99a578) returned 0x2 [0274.459] CoGetContextToken (in: pToken=0x73efd4 | out: pToken=0x73efd4) returned 0x0 [0274.459] CoGetContextToken (in: pToken=0x73ef34 | out: pToken=0x73ef34) returned 0x0 [0274.459] WbemLocator:IUnknown:QueryInterface (in: This=0x967ed0, riid=0x73f004*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x967ed0) returned 0x0 [0274.459] WbemLocator:IUnknown:Release (This=0x967ed0) returned 0x2 [0274.461] SysReAllocStringLen (in: pbstr=0x73e740*=0x0, psz="oleaut32.dll", len=0xc | out: pbstr=0x73e740*="oleaut32.dll") returned 1 [0274.461] CharLowerBuffW (in: lpsz="oleaut32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0274.461] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\oleaut32.dll", hFile=0x0, dwFlags=0x800) returned 0x0 [0274.462] GetLastError () returned 0x7e [0274.462] SetLastError (dwErrCode=0x7e) [0274.469] SysReAllocStringLen (in: pbstr=0x73e740*=0x0, psz="oleaut32.dll", len=0xc | out: pbstr=0x73e740*="oleaut32.dll") returned 1 [0274.469] CharLowerBuffW (in: lpsz="oleaut32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0274.469] LoadLibraryExW (lpLibFileName="oleaut32.dll", hFile=0x0, dwFlags=0x800) returned 0x76ca0000 [0274.469] GetLastError () returned 0x0 [0274.469] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0274.470] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0274.470] GetModuleFileNameA (in: hModule=0x76ca0000, lpFilename=0x73e624, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0274.470] GetCurrentProcess () returned 0xffffffff [0274.470] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e728*=0x76d2f180, NumberOfBytesToProtect=0x73e72c, NewAccessProtection=0x4, OldAccessProtection=0x73e760 | out: BaseAddress=0x73e728*=0x76d2f000, NumberOfBytesToProtect=0x73e72c, OldAccessProtection=0x73e760*=0x2) returned 0x0 [0274.470] GetCurrentProcess () returned 0xffffffff [0274.470] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e728*=0x76d2f180, NumberOfBytesToProtect=0x73e72c, NewAccessProtection=0x2, OldAccessProtection=0x73e760 | out: BaseAddress=0x73e728*=0x76d2f000, NumberOfBytesToProtect=0x73e72c, OldAccessProtection=0x73e760*=0x4) returned 0x0 [0274.471] GetCurrentProcess () returned 0xffffffff [0274.471] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e728*=0x76d2f184, NumberOfBytesToProtect=0x73e72c, NewAccessProtection=0x4, OldAccessProtection=0x73e760 | out: BaseAddress=0x73e728*=0x76d2f000, NumberOfBytesToProtect=0x73e72c, OldAccessProtection=0x73e760*=0x2) returned 0x0 [0274.471] GetCurrentProcess () returned 0xffffffff [0274.471] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e728*=0x76d2f184, NumberOfBytesToProtect=0x73e72c, NewAccessProtection=0x2, OldAccessProtection=0x73e760 | out: BaseAddress=0x73e728*=0x76d2f000, NumberOfBytesToProtect=0x73e72c, OldAccessProtection=0x73e760*=0x4) returned 0x0 [0274.472] SetLastError (dwErrCode=0x0) [0274.472] GetProcAddress (hModule=0x76ca0000, lpProcName="SysStringLen") returned 0x76cb4510 [0274.472] SysStringLen (param_1=0x0) returned 0x0 [0274.475] GetProcAddress (hModule=0x75ce0000, lpProcName="RtlZeroMemory") returned 0x77dc59e0 [0274.476] CoGetContextToken (in: pToken=0x73f0cc | out: pToken=0x73f0cc) returned 0x0 [0274.476] IWbemServices:ExecQuery (in: This=0x967ed0, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Process Where SessionId='1'", lFlags=16, pCtx=0x0, ppEnum=0x73f2f8 | out: ppEnum=0x73f2f8*=0x9a4fd8) returned 0x0 [0274.572] IUnknown:QueryInterface (in: This=0x9a4fd8, riid=0x6cf035b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73f130 | out: ppvObject=0x73f130*=0x9a4fdc) returned 0x0 [0274.573] IClientSecurity:QueryBlanket (in: This=0x9a4fdc, pProxy=0x9a4fd8, pAuthnSvc=0x73f180, pAuthzSvc=0x73f17c, pServerPrincName=0x73f174, pAuthnLevel=0x73f178, pImpLevel=0x73f168, pAuthInfo=0x73f16c, pCapabilites=0x73f170 | out: pAuthnSvc=0x73f180*=0xa, pAuthzSvc=0x73f17c*=0x0, pServerPrincName=0x73f174, pAuthnLevel=0x73f178*=0x6, pImpLevel=0x73f168*=0x2, pAuthInfo=0x73f16c, pCapabilites=0x73f170*=0x1) returned 0x0 [0274.573] IUnknown:Release (This=0x9a4fdc) returned 0x1 [0274.573] IUnknown:QueryInterface (in: This=0x9a4fd8, riid=0x6cf035a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73f124 | out: ppvObject=0x73f124*=0x999ebc) returned 0x0 [0274.573] IUnknown:QueryInterface (in: This=0x9a4fd8, riid=0x6cf035b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73f110 | out: ppvObject=0x73f110*=0x9a4fdc) returned 0x0 [0274.573] IClientSecurity:SetBlanket (This=0x9a4fdc, pProxy=0x9a4fd8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0274.580] IUnknown:Release (This=0x9a4fdc) returned 0x2 [0274.580] WbemLocator:IUnknown:Release (This=0x999ebc) returned 0x1 [0274.580] CoTaskMemFree (pv=0x99de08) [0274.580] IUnknown:AddRef (This=0x9a4fd8) returned 0x2 [0274.580] CoGetContextToken (in: pToken=0x73e650 | out: pToken=0x73e650) returned 0x0 [0274.581] CoGetContextToken (in: pToken=0x73ea64 | out: pToken=0x73ea64) returned 0x0 [0274.581] IUnknown:QueryInterface (in: This=0x9a4fd8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9fc | out: ppvObject=0x73e9fc*=0x999ea0) returned 0x0 [0274.581] WbemLocator:IRpcOptions:Query (in: This=0x999ea0, pPrx=0x992388, dwProperty=2, pdwValue=0x73eaf0 | out: pdwValue=0x73eaf0) returned 0x80004002 [0274.581] WbemLocator:IUnknown:Release (This=0x999ea0) returned 0x2 [0274.581] CoGetContextToken (in: pToken=0x73f034 | out: pToken=0x73f034) returned 0x0 [0274.581] CoGetContextToken (in: pToken=0x73ef94 | out: pToken=0x73ef94) returned 0x0 [0274.581] IUnknown:QueryInterface (in: This=0x9a4fd8, riid=0x73f064*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x73ef30 | out: ppvObject=0x73ef30*=0x9a4fd8) returned 0x0 [0274.582] IUnknown:Release (This=0x9a4fd8) returned 0x2 [0274.582] SysStringLen (param_1=0x0) returned 0x0 [0274.582] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f344 | out: puCount=0x73f344*=0x2) returned 0x0 [0274.582] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f340*=0x0, pszText=0x0 | out: puBuffLength=0x73f340*=0xf, pszText=0x0) returned 0x0 [0274.582] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f340*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f340*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0274.583] CoGetContextToken (in: pToken=0x73f19c | out: pToken=0x73f19c) returned 0x0 [0274.586] IEnumWbemClassObject:Clone (in: This=0x9a4fd8, ppEnum=0x73f350 | out: ppEnum=0x73f350*=0x9a66c0) returned 0x0 [0274.673] IUnknown:QueryInterface (in: This=0x9a66c0, riid=0x6cf035b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73f20c | out: ppvObject=0x73f20c*=0x9a66c4) returned 0x0 [0274.674] IClientSecurity:QueryBlanket (in: This=0x9a66c4, pProxy=0x9a66c0, pAuthnSvc=0x73f25c, pAuthzSvc=0x73f258, pServerPrincName=0x73f250, pAuthnLevel=0x73f254, pImpLevel=0x73f244, pAuthInfo=0x73f248, pCapabilites=0x73f24c | out: pAuthnSvc=0x73f25c*=0xa, pAuthzSvc=0x73f258*=0x0, pServerPrincName=0x73f250, pAuthnLevel=0x73f254*=0x6, pImpLevel=0x73f244*=0x2, pAuthInfo=0x73f248, pCapabilites=0x73f24c*=0x1) returned 0x0 [0274.674] IUnknown:Release (This=0x9a66c4) returned 0x1 [0274.674] IUnknown:QueryInterface (in: This=0x9a66c0, riid=0x6cf035a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9a65dc) returned 0x0 [0274.674] IUnknown:QueryInterface (in: This=0x9a66c0, riid=0x6cf035b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73f1ec | out: ppvObject=0x73f1ec*=0x9a66c4) returned 0x0 [0274.674] IClientSecurity:SetBlanket (This=0x9a66c4, pProxy=0x9a66c0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0274.677] IUnknown:Release (This=0x9a66c4) returned 0x2 [0274.677] WbemLocator:IUnknown:Release (This=0x9a65dc) returned 0x1 [0274.677] CoTaskMemFree (pv=0x99dec8) [0274.677] IUnknown:AddRef (This=0x9a66c0) returned 0x2 [0274.678] CoGetContextToken (in: pToken=0x73e71c | out: pToken=0x73e71c) returned 0x0 [0274.678] CoGetContextToken (in: pToken=0x73eb2c | out: pToken=0x73eb2c) returned 0x0 [0274.678] IUnknown:QueryInterface (in: This=0x9a66c0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eac8 | out: ppvObject=0x73eac8*=0x9a65c0) returned 0x0 [0274.678] WbemLocator:IRpcOptions:Query (in: This=0x9a65c0, pPrx=0x992280, dwProperty=2, pdwValue=0x73ebbc | out: pdwValue=0x73ebbc) returned 0x80004002 [0274.678] WbemLocator:IUnknown:Release (This=0x9a65c0) returned 0x2 [0274.678] CoGetContextToken (in: pToken=0x73f0fc | out: pToken=0x73f0fc) returned 0x0 [0274.678] CoGetContextToken (in: pToken=0x73f05c | out: pToken=0x73f05c) returned 0x0 [0274.678] IUnknown:QueryInterface (in: This=0x9a66c0, riid=0x73f12c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x73eff8 | out: ppvObject=0x73eff8*=0x9a66c0) returned 0x0 [0274.679] IUnknown:Release (This=0x9a66c0) returned 0x2 [0274.679] SysStringLen (param_1=0x0) returned 0x0 [0274.680] IEnumWbemClassObject:Reset (This=0x9a66c0) returned 0x0 [0274.686] GetProcAddress (hModule=0x77290000, lpProcName="CoTaskMemAlloc") returned 0x778e1e30 [0274.686] CoTaskMemAlloc (cb=0x4) returned 0x989c90 [0274.687] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989c90, puReturned=0x2f500f0 | out: apObjects=0x989c90*=0x9a9f90, puReturned=0x2f500f0*=0x1) returned 0x0 [0275.395] IUnknown:QueryInterface (in: This=0x9a9f90, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9a9f90) returned 0x0 [0275.395] IUnknown:QueryInterface (in: This=0x9a9f90, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0275.395] IUnknown:QueryInterface (in: This=0x9a9f90, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0275.395] IUnknown:QueryInterface (in: This=0x9a9f90, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0275.396] IUnknown:AddRef (This=0x9a9f90) returned 0x3 [0275.396] IUnknown:QueryInterface (in: This=0x9a9f90, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0275.396] IUnknown:QueryInterface (in: This=0x9a9f90, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0275.396] IUnknown:QueryInterface (in: This=0x9a9f90, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9a9f94) returned 0x0 [0275.396] IMarshal:GetUnmarshalClass (in: This=0x9a9f94, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0275.396] IUnknown:Release (This=0x9a9f94) returned 0x3 [0275.396] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0275.396] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0275.397] IUnknown:QueryInterface (in: This=0x9a9f90, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0275.397] IUnknown:Release (This=0x9a9f90) returned 0x2 [0275.397] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0275.397] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0275.397] IUnknown:QueryInterface (in: This=0x9a9f90, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9a9f90) returned 0x0 [0275.397] IUnknown:AddRef (This=0x9a9f90) returned 0x4 [0275.397] IUnknown:Release (This=0x9a9f90) returned 0x3 [0275.397] IUnknown:Release (This=0x9a9f90) returned 0x2 [0275.398] GetProcAddress (hModule=0x77290000, lpProcName="CoTaskMemFree") returned 0x778e1fb0 [0275.399] CoTaskMemFree (pv=0x989c90) [0275.399] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0275.399] IUnknown:AddRef (This=0x9a9f90) returned 0x3 [0275.401] SysReAllocStringLen (in: pbstr=0x73ebb4*=0x0, psz="OLEAUT32.dll", len=0xc | out: pbstr=0x73ebb4*="OLEAUT32.dll") returned 1 [0275.401] CharLowerBuffW (in: lpsz="OLEAUT32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0275.401] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\OLEAUT32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0275.402] GetLastError () returned 0x7e [0275.402] SetLastError (dwErrCode=0x7e) [0275.402] SysReAllocStringLen (in: pbstr=0x73ebb4*=0x0, psz="OLEAUT32.dll", len=0xc | out: pbstr=0x73ebb4*="OLEAUT32.dll") returned 1 [0275.402] CharLowerBuffW (in: lpsz="OLEAUT32.dll", cchLength=0xc | out: lpsz="oleaut32.dll") returned 0xc [0275.403] LoadLibraryExW (lpLibFileName="OLEAUT32.dll", hFile=0x0, dwFlags=0x800) returned 0x76ca0000 [0275.403] GetLastError () returned 0x0 [0275.403] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0275.403] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0275.403] GetModuleFileNameA (in: hModule=0x76ca0000, lpFilename=0x73ea98, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0275.404] GetCurrentProcess () returned 0xffffffff [0275.404] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73eb9c*=0x76d2f180, NumberOfBytesToProtect=0x73eba0, NewAccessProtection=0x4, OldAccessProtection=0x73ebd4 | out: BaseAddress=0x73eb9c*=0x76d2f000, NumberOfBytesToProtect=0x73eba0, OldAccessProtection=0x73ebd4*=0x2) returned 0x0 [0275.404] GetCurrentProcess () returned 0xffffffff [0275.404] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73eb9c*=0x76d2f180, NumberOfBytesToProtect=0x73eba0, NewAccessProtection=0x2, OldAccessProtection=0x73ebd4 | out: BaseAddress=0x73eb9c*=0x76d2f000, NumberOfBytesToProtect=0x73eba0, OldAccessProtection=0x73ebd4*=0x4) returned 0x0 [0275.405] GetCurrentProcess () returned 0xffffffff [0275.405] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73eb9c*=0x76d2f184, NumberOfBytesToProtect=0x73eba0, NewAccessProtection=0x4, OldAccessProtection=0x73ebd4 | out: BaseAddress=0x73eb9c*=0x76d2f000, NumberOfBytesToProtect=0x73eba0, OldAccessProtection=0x73ebd4*=0x2) returned 0x0 [0275.405] GetCurrentProcess () returned 0xffffffff [0275.405] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73eb9c*=0x76d2f184, NumberOfBytesToProtect=0x73eba0, NewAccessProtection=0x2, OldAccessProtection=0x73ebd4 | out: BaseAddress=0x73eb9c*=0x76d2f000, NumberOfBytesToProtect=0x73eba0, OldAccessProtection=0x73ebd4*=0x4) returned 0x0 [0275.406] SetLastError (dwErrCode=0x0) [0275.406] GetProcAddress (hModule=0x76ca0000, lpProcName=0x9) returned 0x76cbe960 [0275.407] IWbemClassObject:Get (in: This=0x9a9f90, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0275.410] IWbemClassObject:Get (in: This=0x9a9f90, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"528\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0275.412] GetProcAddress (hModule=0x76ca0000, lpProcName=0x95) returned 0x76cb6400 [0275.412] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"528\"") returned 0x64 [0275.413] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"528\"") returned 0x64 [0275.413] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0275.414] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0275.414] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0275.414] IUnknown:Release (This=0x968724) returned 0x1 [0275.418] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989db0) returned 0x0 [0275.419] WbemDefPath:IUnknown:QueryInterface (in: This=0x989db0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0275.419] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989db0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x99c8a0) returned 0x0 [0275.419] WbemDefPath:IUnknown:Release (This=0x989db0) returned 0x0 [0275.419] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c8a0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x99c8a0) returned 0x0 [0275.420] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c8a0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0275.420] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c8a0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0275.420] WbemDefPath:IUnknown:AddRef (This=0x99c8a0) returned 0x3 [0275.420] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c8a0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0275.420] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c8a0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0275.420] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c8a0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x992328) returned 0x0 [0275.420] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x992328, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0275.420] WbemDefPath:IUnknown:Release (This=0x992328) returned 0x3 [0275.420] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0275.420] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0275.420] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c8a0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0275.421] WbemDefPath:IUnknown:Release (This=0x99c8a0) returned 0x2 [0275.421] WbemDefPath:IUnknown:Release (This=0x99c8a0) returned 0x1 [0275.421] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0275.421] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0275.421] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c8a0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x99c8a0) returned 0x0 [0275.421] WbemDefPath:IUnknown:AddRef (This=0x99c8a0) returned 0x3 [0275.421] WbemDefPath:IUnknown:Release (This=0x99c8a0) returned 0x2 [0275.421] WbemDefPath:IWbemPath:SetText (This=0x99c8a0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"528\"") returned 0x0 [0275.421] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0275.421] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0275.421] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0275.422] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0275.422] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0275.422] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0275.423] IWbemClassObject:Get (in: This=0x9a9f90, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f50a20*=0, plFlavor=0x2f50a24*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x210, varVal2=0x0), pType=0x2f50a20*=19, plFlavor=0x2f50a24*=0) returned 0x0 [0275.423] IWbemClassObject:Get (in: This=0x9a9f90, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f50a20*=19, plFlavor=0x2f50a24*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x210, varVal2=0x0), pType=0x2f50a20*=19, plFlavor=0x2f50a24*=0) returned 0x0 [0276.124] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.124] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.124] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.124] IWbemClassObject:Get (in: This=0x9a9f90, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f50d74*=0, plFlavor=0x2f50d78*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x2f50d74*=8, plFlavor=0x2f50d78*=0) returned 0x0 [0276.124] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0276.124] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0276.124] IWbemClassObject:Get (in: This=0x9a9f90, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f50d74*=8, plFlavor=0x2f50d78*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="csrss.exe", varVal2=0x0), pType=0x2f50d74*=8, plFlavor=0x2f50d78*=0) returned 0x0 [0276.125] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0276.125] SysStringByteLen (bstr="csrss.exe") returned 0x12 [0276.125] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.125] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.125] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.125] IWbemClassObject:Get (in: This=0x9a9f90, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f50ea8*=0, plFlavor=0x2f50eac*=0 | out: pVal=0x73f344*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f50ea8*=8, plFlavor=0x2f50eac*=32) returned 0x0 [0276.126] IWbemClassObject:Get (in: This=0x9a9f90, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f50ea8*=8, plFlavor=0x2f50eac*=32 | out: pVal=0x73f34c*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f50ea8*=8, plFlavor=0x2f50eac*=32) returned 0x0 [0276.126] CoTaskMemAlloc (cb=0x4) returned 0x989d70 [0276.126] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d70, puReturned=0x2f500f0 | out: apObjects=0x989d70*=0x9a8410, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.128] IUnknown:QueryInterface (in: This=0x9a8410, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9a8410) returned 0x0 [0276.128] IUnknown:QueryInterface (in: This=0x9a8410, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.128] IUnknown:QueryInterface (in: This=0x9a8410, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.128] IUnknown:QueryInterface (in: This=0x9a8410, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.128] IUnknown:AddRef (This=0x9a8410) returned 0x3 [0276.128] IUnknown:QueryInterface (in: This=0x9a8410, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.128] IUnknown:QueryInterface (in: This=0x9a8410, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.128] IUnknown:QueryInterface (in: This=0x9a8410, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9a8414) returned 0x0 [0276.129] IMarshal:GetUnmarshalClass (in: This=0x9a8414, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.129] IUnknown:Release (This=0x9a8414) returned 0x3 [0276.129] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.129] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.129] IUnknown:QueryInterface (in: This=0x9a8410, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.129] IUnknown:Release (This=0x9a8410) returned 0x2 [0276.129] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.129] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.129] IUnknown:QueryInterface (in: This=0x9a8410, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9a8410) returned 0x0 [0276.129] IUnknown:AddRef (This=0x9a8410) returned 0x4 [0276.129] IUnknown:Release (This=0x9a8410) returned 0x3 [0276.129] IUnknown:Release (This=0x9a8410) returned 0x2 [0276.129] CoTaskMemFree (pv=0x989d70) [0276.130] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.130] IUnknown:AddRef (This=0x9a8410) returned 0x3 [0276.130] IWbemClassObject:Get (in: This=0x9a8410, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.130] IWbemClassObject:Get (in: This=0x9a8410, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"588\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.130] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"588\"") returned 0x64 [0276.130] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"588\"") returned 0x64 [0276.130] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.130] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.130] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.130] IUnknown:Release (This=0x968724) returned 0x1 [0276.132] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989ca0) returned 0x0 [0276.132] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ca0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.132] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ca0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x99ca60) returned 0x0 [0276.132] WbemDefPath:IUnknown:Release (This=0x989ca0) returned 0x0 [0276.132] WbemDefPath:IUnknown:QueryInterface (in: This=0x99ca60, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x99ca60) returned 0x0 [0276.133] WbemDefPath:IUnknown:QueryInterface (in: This=0x99ca60, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.133] WbemDefPath:IUnknown:QueryInterface (in: This=0x99ca60, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.133] WbemDefPath:IUnknown:AddRef (This=0x99ca60) returned 0x3 [0276.133] WbemDefPath:IUnknown:QueryInterface (in: This=0x99ca60, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.133] WbemDefPath:IUnknown:QueryInterface (in: This=0x99ca60, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.133] WbemDefPath:IUnknown:QueryInterface (in: This=0x99ca60, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9a81f0) returned 0x0 [0276.133] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9a81f0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.133] WbemDefPath:IUnknown:Release (This=0x9a81f0) returned 0x3 [0276.133] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.133] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.133] WbemDefPath:IUnknown:QueryInterface (in: This=0x99ca60, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.133] WbemDefPath:IUnknown:Release (This=0x99ca60) returned 0x2 [0276.133] WbemDefPath:IUnknown:Release (This=0x99ca60) returned 0x1 [0276.134] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.134] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.134] WbemDefPath:IUnknown:QueryInterface (in: This=0x99ca60, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x99ca60) returned 0x0 [0276.134] WbemDefPath:IUnknown:AddRef (This=0x99ca60) returned 0x3 [0276.134] WbemDefPath:IUnknown:Release (This=0x99ca60) returned 0x2 [0276.134] WbemDefPath:IWbemPath:SetText (This=0x99ca60, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"588\"") returned 0x0 [0276.134] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.134] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.134] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.134] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.134] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.134] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.135] IWbemClassObject:Get (in: This=0x9a8410, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f517cc*=0, plFlavor=0x2f517d0*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24c, varVal2=0x0), pType=0x2f517cc*=19, plFlavor=0x2f517d0*=0) returned 0x0 [0276.135] IWbemClassObject:Get (in: This=0x9a8410, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f517cc*=19, plFlavor=0x2f517d0*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x24c, varVal2=0x0), pType=0x2f517cc*=19, plFlavor=0x2f517d0*=0) returned 0x0 [0276.135] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.135] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.135] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.136] IWbemClassObject:Get (in: This=0x9a8410, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f518cc*=0, plFlavor=0x2f518d0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x2f518cc*=8, plFlavor=0x2f518d0*=0) returned 0x0 [0276.136] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0276.136] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0276.136] IWbemClassObject:Get (in: This=0x9a8410, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f518cc*=8, plFlavor=0x2f518d0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x2f518cc*=8, plFlavor=0x2f518d0*=0) returned 0x0 [0276.136] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0276.136] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0276.136] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.136] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.136] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.136] IWbemClassObject:Get (in: This=0x9a8410, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f51a10*=0, plFlavor=0x2f51a14*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x2f51a10*=8, plFlavor=0x2f51a14*=0) returned 0x0 [0276.136] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0276.136] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0276.136] IWbemClassObject:Get (in: This=0x9a8410, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f51a10*=8, plFlavor=0x2f51a14*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winlogon.exe", varVal2=0x0), pType=0x2f51a10*=8, plFlavor=0x2f51a14*=0) returned 0x0 [0276.136] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0276.136] SysStringByteLen (bstr="winlogon.exe") returned 0x18 [0276.137] CoTaskMemAlloc (cb=0x4) returned 0x989d80 [0276.137] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d80, puReturned=0x2f500f0 | out: apObjects=0x989d80*=0x9a8870, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.138] IUnknown:QueryInterface (in: This=0x9a8870, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9a8870) returned 0x0 [0276.138] IUnknown:QueryInterface (in: This=0x9a8870, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.138] IUnknown:QueryInterface (in: This=0x9a8870, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.138] IUnknown:QueryInterface (in: This=0x9a8870, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.138] IUnknown:AddRef (This=0x9a8870) returned 0x3 [0276.139] IUnknown:QueryInterface (in: This=0x9a8870, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.139] IUnknown:QueryInterface (in: This=0x9a8870, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.139] IUnknown:QueryInterface (in: This=0x9a8870, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9a8874) returned 0x0 [0276.139] IMarshal:GetUnmarshalClass (in: This=0x9a8874, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.139] IUnknown:Release (This=0x9a8874) returned 0x3 [0276.139] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.139] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.139] IUnknown:QueryInterface (in: This=0x9a8870, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.139] IUnknown:Release (This=0x9a8870) returned 0x2 [0276.139] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.139] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.139] IUnknown:QueryInterface (in: This=0x9a8870, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9a8870) returned 0x0 [0276.139] IUnknown:AddRef (This=0x9a8870) returned 0x4 [0276.139] IUnknown:Release (This=0x9a8870) returned 0x3 [0276.139] IUnknown:Release (This=0x9a8870) returned 0x2 [0276.139] CoTaskMemFree (pv=0x989d80) [0276.139] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.139] IUnknown:AddRef (This=0x9a8870) returned 0x3 [0276.140] IWbemClassObject:Get (in: This=0x9a8870, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.140] IWbemClassObject:Get (in: This=0x9a8870, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"716\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.140] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"716\"") returned 0x64 [0276.140] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"716\"") returned 0x64 [0276.140] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.140] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.140] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.140] IUnknown:Release (This=0x968724) returned 0x1 [0276.143] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e20) returned 0x0 [0276.143] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e20, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.143] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e20, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x99c910) returned 0x0 [0276.143] WbemDefPath:IUnknown:Release (This=0x989e20) returned 0x0 [0276.143] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c910, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x99c910) returned 0x0 [0276.144] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c910, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.144] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c910, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.144] WbemDefPath:IUnknown:AddRef (This=0x99c910) returned 0x3 [0276.144] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c910, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.144] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c910, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.144] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c910, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9a7fb0) returned 0x0 [0276.144] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9a7fb0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.144] WbemDefPath:IUnknown:Release (This=0x9a7fb0) returned 0x3 [0276.144] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.144] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.144] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c910, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.144] WbemDefPath:IUnknown:Release (This=0x99c910) returned 0x2 [0276.144] WbemDefPath:IUnknown:Release (This=0x99c910) returned 0x1 [0276.144] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.144] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.144] WbemDefPath:IUnknown:QueryInterface (in: This=0x99c910, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x99c910) returned 0x0 [0276.145] WbemDefPath:IUnknown:AddRef (This=0x99c910) returned 0x3 [0276.145] WbemDefPath:IUnknown:Release (This=0x99c910) returned 0x2 [0276.145] WbemDefPath:IWbemPath:SetText (This=0x99c910, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"716\"") returned 0x0 [0276.145] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.145] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.145] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.145] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.145] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.145] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.145] IWbemClassObject:Get (in: This=0x9a8870, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f52394*=0, plFlavor=0x2f52398*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2cc, varVal2=0x0), pType=0x2f52394*=19, plFlavor=0x2f52398*=0) returned 0x0 [0276.145] IWbemClassObject:Get (in: This=0x9a8870, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f52394*=19, plFlavor=0x2f52398*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2cc, varVal2=0x0), pType=0x2f52394*=19, plFlavor=0x2f52398*=0) returned 0x0 [0276.146] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.146] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.146] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.146] IWbemClassObject:Get (in: This=0x9a8870, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f52494*=0, plFlavor=0x2f52498*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fontdrvhost.exe", varVal2=0x0), pType=0x2f52494*=8, plFlavor=0x2f52498*=0) returned 0x0 [0276.146] SysStringByteLen (bstr="fontdrvhost.exe") returned 0x1e [0276.146] SysStringByteLen (bstr="fontdrvhost.exe") returned 0x1e [0276.146] IWbemClassObject:Get (in: This=0x9a8870, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f52494*=8, plFlavor=0x2f52498*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fontdrvhost.exe", varVal2=0x0), pType=0x2f52494*=8, plFlavor=0x2f52498*=0) returned 0x0 [0276.146] SysStringByteLen (bstr="fontdrvhost.exe") returned 0x1e [0276.146] SysStringByteLen (bstr="fontdrvhost.exe") returned 0x1e [0276.146] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.146] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.146] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.146] IWbemClassObject:Get (in: This=0x9a8870, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f525e0*=0, plFlavor=0x2f525e4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"fontdrvhost.exe\"", varVal2=0x0), pType=0x2f525e0*=8, plFlavor=0x2f525e4*=0) returned 0x0 [0276.146] SysStringByteLen (bstr="\"fontdrvhost.exe\"") returned 0x22 [0276.146] SysStringByteLen (bstr="\"fontdrvhost.exe\"") returned 0x22 [0276.146] IWbemClassObject:Get (in: This=0x9a8870, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f525e0*=8, plFlavor=0x2f525e4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"fontdrvhost.exe\"", varVal2=0x0), pType=0x2f525e0*=8, plFlavor=0x2f525e4*=0) returned 0x0 [0276.147] SysStringByteLen (bstr="\"fontdrvhost.exe\"") returned 0x22 [0276.147] SysStringByteLen (bstr="\"fontdrvhost.exe\"") returned 0x22 [0276.147] CoTaskMemAlloc (cb=0x4) returned 0x989d80 [0276.147] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d80, puReturned=0x2f500f0 | out: apObjects=0x989d80*=0x9a9c90, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.307] IUnknown:QueryInterface (in: This=0x9a9c90, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9a9c90) returned 0x0 [0276.308] IUnknown:QueryInterface (in: This=0x9a9c90, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.405] IUnknown:QueryInterface (in: This=0x9a9c90, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.405] IUnknown:QueryInterface (in: This=0x9a9c90, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.406] IUnknown:AddRef (This=0x9a9c90) returned 0x3 [0276.406] IUnknown:QueryInterface (in: This=0x9a9c90, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.406] IUnknown:QueryInterface (in: This=0x9a9c90, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.406] IUnknown:QueryInterface (in: This=0x9a9c90, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9a9c94) returned 0x0 [0276.406] IMarshal:GetUnmarshalClass (in: This=0x9a9c94, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.406] IUnknown:Release (This=0x9a9c94) returned 0x3 [0276.406] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.407] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.407] IUnknown:QueryInterface (in: This=0x9a9c90, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.407] IUnknown:Release (This=0x9a9c90) returned 0x2 [0276.407] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.407] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.407] IUnknown:QueryInterface (in: This=0x9a9c90, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9a9c90) returned 0x0 [0276.407] IUnknown:AddRef (This=0x9a9c90) returned 0x4 [0276.407] IUnknown:Release (This=0x9a9c90) returned 0x3 [0276.407] IUnknown:Release (This=0x9a9c90) returned 0x2 [0276.407] CoTaskMemFree (pv=0x989d80) [0276.407] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.407] IUnknown:AddRef (This=0x9a9c90) returned 0x3 [0276.407] IWbemClassObject:Get (in: This=0x9a9c90, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.408] IWbemClassObject:Get (in: This=0x9a9c90, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"920\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.408] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"920\"") returned 0x64 [0276.408] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"920\"") returned 0x64 [0276.408] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.408] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.409] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.409] IUnknown:Release (This=0x968724) returned 0x1 [0276.411] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989cd0) returned 0x0 [0276.411] WbemDefPath:IUnknown:QueryInterface (in: This=0x989cd0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.411] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989cd0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x99cd70) returned 0x0 [0276.411] WbemDefPath:IUnknown:Release (This=0x989cd0) returned 0x0 [0276.411] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cd70, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x99cd70) returned 0x0 [0276.411] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cd70, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.411] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cd70, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.412] WbemDefPath:IUnknown:AddRef (This=0x99cd70) returned 0x3 [0276.412] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cd70, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.412] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cd70, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.412] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cd70, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9a8388) returned 0x0 [0276.412] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9a8388, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.412] WbemDefPath:IUnknown:Release (This=0x9a8388) returned 0x3 [0276.412] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.412] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.412] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cd70, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.412] WbemDefPath:IUnknown:Release (This=0x99cd70) returned 0x2 [0276.412] WbemDefPath:IUnknown:Release (This=0x99cd70) returned 0x1 [0276.412] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.412] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.412] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cd70, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x99cd70) returned 0x0 [0276.413] WbemDefPath:IUnknown:AddRef (This=0x99cd70) returned 0x3 [0276.413] WbemDefPath:IUnknown:Release (This=0x99cd70) returned 0x2 [0276.413] WbemDefPath:IWbemPath:SetText (This=0x99cd70, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"920\"") returned 0x0 [0276.413] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.413] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.413] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.413] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.413] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.413] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.413] IWbemClassObject:Get (in: This=0x9a9c90, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f52f78*=0, plFlavor=0x2f52f7c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x398, varVal2=0x0), pType=0x2f52f78*=19, plFlavor=0x2f52f7c*=0) returned 0x0 [0276.413] IWbemClassObject:Get (in: This=0x9a9c90, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f52f78*=19, plFlavor=0x2f52f7c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x398, varVal2=0x0), pType=0x2f52f78*=19, plFlavor=0x2f52f7c*=0) returned 0x0 [0276.414] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.414] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.414] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.414] IWbemClassObject:Get (in: This=0x9a9c90, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f53078*=0, plFlavor=0x2f5307c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x2f53078*=8, plFlavor=0x2f5307c*=0) returned 0x0 [0276.414] SysStringByteLen (bstr="dwm.exe") returned 0xe [0276.414] SysStringByteLen (bstr="dwm.exe") returned 0xe [0276.414] IWbemClassObject:Get (in: This=0x9a9c90, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f53078*=8, plFlavor=0x2f5307c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="dwm.exe", varVal2=0x0), pType=0x2f53078*=8, plFlavor=0x2f5307c*=0) returned 0x0 [0276.414] SysStringByteLen (bstr="dwm.exe") returned 0xe [0276.414] SysStringByteLen (bstr="dwm.exe") returned 0xe [0276.414] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.414] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.414] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.415] IWbemClassObject:Get (in: This=0x9a9c90, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f531a4*=0, plFlavor=0x2f531a8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"dwm.exe\"", varVal2=0x0), pType=0x2f531a4*=8, plFlavor=0x2f531a8*=0) returned 0x0 [0276.415] SysStringByteLen (bstr="\"dwm.exe\"") returned 0x12 [0276.415] SysStringByteLen (bstr="\"dwm.exe\"") returned 0x12 [0276.415] IWbemClassObject:Get (in: This=0x9a9c90, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f531a4*=8, plFlavor=0x2f531a8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"dwm.exe\"", varVal2=0x0), pType=0x2f531a4*=8, plFlavor=0x2f531a8*=0) returned 0x0 [0276.415] SysStringByteLen (bstr="\"dwm.exe\"") returned 0x12 [0276.415] SysStringByteLen (bstr="\"dwm.exe\"") returned 0x12 [0276.415] CoTaskMemAlloc (cb=0x4) returned 0x989d90 [0276.415] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d90, puReturned=0x2f500f0 | out: apObjects=0x989d90*=0x9aec10, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.448] IUnknown:QueryInterface (in: This=0x9aec10, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9aec10) returned 0x0 [0276.448] IUnknown:QueryInterface (in: This=0x9aec10, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.448] IUnknown:QueryInterface (in: This=0x9aec10, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.448] IUnknown:QueryInterface (in: This=0x9aec10, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.461] IUnknown:AddRef (This=0x9aec10) returned 0x3 [0276.461] IUnknown:QueryInterface (in: This=0x9aec10, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.461] IUnknown:QueryInterface (in: This=0x9aec10, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.461] IUnknown:QueryInterface (in: This=0x9aec10, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9aec14) returned 0x0 [0276.461] IMarshal:GetUnmarshalClass (in: This=0x9aec14, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.461] IUnknown:Release (This=0x9aec14) returned 0x3 [0276.461] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.461] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.461] IUnknown:QueryInterface (in: This=0x9aec10, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.462] IUnknown:Release (This=0x9aec10) returned 0x2 [0276.462] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.462] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.462] IUnknown:QueryInterface (in: This=0x9aec10, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9aec10) returned 0x0 [0276.462] IUnknown:AddRef (This=0x9aec10) returned 0x4 [0276.462] IUnknown:Release (This=0x9aec10) returned 0x3 [0276.462] IUnknown:Release (This=0x9aec10) returned 0x2 [0276.462] CoTaskMemFree (pv=0x989d90) [0276.462] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.462] IUnknown:AddRef (This=0x9aec10) returned 0x3 [0276.462] IWbemClassObject:Get (in: This=0x9aec10, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.463] IWbemClassObject:Get (in: This=0x9aec10, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2272\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.463] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2272\"") returned 0x66 [0276.463] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2272\"") returned 0x66 [0276.463] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.463] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.463] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.463] IUnknown:Release (This=0x968724) returned 0x1 [0276.467] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d90) returned 0x0 [0276.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.467] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x99d470) returned 0x0 [0276.467] WbemDefPath:IUnknown:Release (This=0x989d90) returned 0x0 [0276.467] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d470, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x99d470) returned 0x0 [0276.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d470, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d470, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.468] WbemDefPath:IUnknown:AddRef (This=0x99d470) returned 0x3 [0276.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d470, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d470, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d470, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9a7de8) returned 0x0 [0276.468] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9a7de8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.468] WbemDefPath:IUnknown:Release (This=0x9a7de8) returned 0x3 [0276.468] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.468] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d470, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.468] WbemDefPath:IUnknown:Release (This=0x99d470) returned 0x2 [0276.468] WbemDefPath:IUnknown:Release (This=0x99d470) returned 0x1 [0276.469] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.469] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d470, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x99d470) returned 0x0 [0276.469] WbemDefPath:IUnknown:AddRef (This=0x99d470) returned 0x3 [0276.469] WbemDefPath:IUnknown:Release (This=0x99d470) returned 0x2 [0276.469] WbemDefPath:IWbemPath:SetText (This=0x99d470, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2272\"") returned 0x0 [0276.469] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.469] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.469] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.469] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.469] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.469] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.469] IWbemClassObject:Get (in: This=0x9aec10, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f53afc*=0, plFlavor=0x2f53b00*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8e0, varVal2=0x0), pType=0x2f53afc*=19, plFlavor=0x2f53b00*=0) returned 0x0 [0276.469] IWbemClassObject:Get (in: This=0x9aec10, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f53afc*=19, plFlavor=0x2f53b00*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8e0, varVal2=0x0), pType=0x2f53afc*=19, plFlavor=0x2f53b00*=0) returned 0x0 [0276.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.470] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.470] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.470] IWbemClassObject:Get (in: This=0x9aec10, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f53c00*=0, plFlavor=0x2f53c04*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sihost.exe", varVal2=0x0), pType=0x2f53c00*=8, plFlavor=0x2f53c04*=0) returned 0x0 [0276.470] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0276.470] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0276.470] IWbemClassObject:Get (in: This=0x9aec10, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f53c00*=8, plFlavor=0x2f53c04*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sihost.exe", varVal2=0x0), pType=0x2f53c00*=8, plFlavor=0x2f53c04*=0) returned 0x0 [0276.470] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0276.470] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0276.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.470] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.470] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.470] IWbemClassObject:Get (in: This=0x9aec10, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f53d3c*=0, plFlavor=0x2f53d40*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sihost.exe", varVal2=0x0), pType=0x2f53d3c*=8, plFlavor=0x2f53d40*=0) returned 0x0 [0276.470] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0276.470] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0276.471] IWbemClassObject:Get (in: This=0x9aec10, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f53d3c*=8, plFlavor=0x2f53d40*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sihost.exe", varVal2=0x0), pType=0x2f53d3c*=8, plFlavor=0x2f53d40*=0) returned 0x0 [0276.471] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0276.471] SysStringByteLen (bstr="sihost.exe") returned 0x14 [0276.471] CoTaskMemAlloc (cb=0x4) returned 0x989e50 [0276.471] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e50, puReturned=0x2f500f0 | out: apObjects=0x989e50*=0x9af060, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.472] IUnknown:QueryInterface (in: This=0x9af060, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9af060) returned 0x0 [0276.472] IUnknown:QueryInterface (in: This=0x9af060, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.472] IUnknown:QueryInterface (in: This=0x9af060, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.472] IUnknown:QueryInterface (in: This=0x9af060, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.473] IUnknown:AddRef (This=0x9af060) returned 0x3 [0276.473] IUnknown:QueryInterface (in: This=0x9af060, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.473] IUnknown:QueryInterface (in: This=0x9af060, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.473] IUnknown:QueryInterface (in: This=0x9af060, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9af064) returned 0x0 [0276.473] IMarshal:GetUnmarshalClass (in: This=0x9af064, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.473] IUnknown:Release (This=0x9af064) returned 0x3 [0276.473] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.473] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.473] IUnknown:QueryInterface (in: This=0x9af060, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.473] IUnknown:Release (This=0x9af060) returned 0x2 [0276.473] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.473] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.473] IUnknown:QueryInterface (in: This=0x9af060, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9af060) returned 0x0 [0276.473] IUnknown:AddRef (This=0x9af060) returned 0x4 [0276.473] IUnknown:Release (This=0x9af060) returned 0x3 [0276.473] IUnknown:Release (This=0x9af060) returned 0x2 [0276.473] CoTaskMemFree (pv=0x989e50) [0276.474] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.474] IUnknown:AddRef (This=0x9af060) returned 0x3 [0276.474] IWbemClassObject:Get (in: This=0x9af060, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.474] IWbemClassObject:Get (in: This=0x9af060, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2288\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.474] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2288\"") returned 0x66 [0276.474] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2288\"") returned 0x66 [0276.474] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.474] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.474] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.474] IUnknown:Release (This=0x968724) returned 0x1 [0276.476] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e30) returned 0x0 [0276.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e30, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.477] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e30, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x99d320) returned 0x0 [0276.477] WbemDefPath:IUnknown:Release (This=0x989e30) returned 0x0 [0276.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d320, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x99d320) returned 0x0 [0276.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d320, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d320, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.477] WbemDefPath:IUnknown:AddRef (This=0x99d320) returned 0x3 [0276.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d320, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d320, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.477] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d320, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9a7f08) returned 0x0 [0276.477] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9a7f08, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.477] WbemDefPath:IUnknown:Release (This=0x9a7f08) returned 0x3 [0276.478] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.478] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d320, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.478] WbemDefPath:IUnknown:Release (This=0x99d320) returned 0x2 [0276.478] WbemDefPath:IUnknown:Release (This=0x99d320) returned 0x1 [0276.478] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.478] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.478] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d320, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x99d320) returned 0x0 [0276.478] WbemDefPath:IUnknown:AddRef (This=0x99d320) returned 0x3 [0276.478] WbemDefPath:IUnknown:Release (This=0x99d320) returned 0x2 [0276.478] WbemDefPath:IWbemPath:SetText (This=0x99d320, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2288\"") returned 0x0 [0276.478] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.478] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.479] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.479] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.479] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.479] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.479] IWbemClassObject:Get (in: This=0x9af060, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f546dc*=0, plFlavor=0x2f546e0*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8f0, varVal2=0x0), pType=0x2f546dc*=19, plFlavor=0x2f546e0*=0) returned 0x0 [0276.479] IWbemClassObject:Get (in: This=0x9af060, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f546dc*=19, plFlavor=0x2f546e0*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8f0, varVal2=0x0), pType=0x2f546dc*=19, plFlavor=0x2f546e0*=0) returned 0x0 [0276.479] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.479] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.479] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.480] IWbemClassObject:Get (in: This=0x9af060, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f547e0*=0, plFlavor=0x2f547e4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="svchost.exe", varVal2=0x0), pType=0x2f547e0*=8, plFlavor=0x2f547e4*=0) returned 0x0 [0276.480] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0276.480] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0276.506] IWbemClassObject:Get (in: This=0x9af060, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f547e0*=8, plFlavor=0x2f547e4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="svchost.exe", varVal2=0x0), pType=0x2f547e0*=8, plFlavor=0x2f547e4*=0) returned 0x0 [0276.506] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0276.506] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0276.506] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.506] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.506] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.506] IWbemClassObject:Get (in: This=0x9af060, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5491c*=0, plFlavor=0x2f54920*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup", varVal2=0x0), pType=0x2f5491c*=8, plFlavor=0x2f54920*=0) returned 0x0 [0276.506] SysStringByteLen (bstr="C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup") returned 0x66 [0276.506] SysStringByteLen (bstr="C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup") returned 0x66 [0276.506] IWbemClassObject:Get (in: This=0x9af060, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5491c*=8, plFlavor=0x2f54920*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup", varVal2=0x0), pType=0x2f5491c*=8, plFlavor=0x2f54920*=0) returned 0x0 [0276.506] SysStringByteLen (bstr="C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup") returned 0x66 [0276.506] SysStringByteLen (bstr="C:\\Windows\\system32\\svchost.exe -k UnistackSvcGroup") returned 0x66 [0276.506] CoTaskMemAlloc (cb=0x4) returned 0x989db0 [0276.506] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989db0, puReturned=0x2f500f0 | out: apObjects=0x989db0*=0x9ac130, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.508] IUnknown:QueryInterface (in: This=0x9ac130, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9ac130) returned 0x0 [0276.508] IUnknown:QueryInterface (in: This=0x9ac130, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.508] IUnknown:QueryInterface (in: This=0x9ac130, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.508] IUnknown:QueryInterface (in: This=0x9ac130, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.508] IUnknown:AddRef (This=0x9ac130) returned 0x3 [0276.508] IUnknown:QueryInterface (in: This=0x9ac130, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.509] IUnknown:QueryInterface (in: This=0x9ac130, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.509] IUnknown:QueryInterface (in: This=0x9ac130, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9ac134) returned 0x0 [0276.509] IMarshal:GetUnmarshalClass (in: This=0x9ac134, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.509] IUnknown:Release (This=0x9ac134) returned 0x3 [0276.509] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.509] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.509] IUnknown:QueryInterface (in: This=0x9ac130, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.509] IUnknown:Release (This=0x9ac130) returned 0x2 [0276.509] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.509] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.509] IUnknown:QueryInterface (in: This=0x9ac130, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9ac130) returned 0x0 [0276.509] IUnknown:AddRef (This=0x9ac130) returned 0x4 [0276.509] IUnknown:Release (This=0x9ac130) returned 0x3 [0276.509] IUnknown:Release (This=0x9ac130) returned 0x2 [0276.509] CoTaskMemFree (pv=0x989db0) [0276.509] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.509] IUnknown:AddRef (This=0x9ac130) returned 0x3 [0276.510] IWbemClassObject:Get (in: This=0x9ac130, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.510] IWbemClassObject:Get (in: This=0x9ac130, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2372\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.510] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2372\"") returned 0x66 [0276.510] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2372\"") returned 0x66 [0276.510] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.510] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.510] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.510] IUnknown:Release (This=0x968724) returned 0x1 [0276.514] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d20) returned 0x0 [0276.514] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d20, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.514] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d20, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x99d2b0) returned 0x0 [0276.515] WbemDefPath:IUnknown:Release (This=0x989d20) returned 0x0 [0276.515] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d2b0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x99d2b0) returned 0x0 [0276.515] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d2b0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.515] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d2b0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.515] WbemDefPath:IUnknown:AddRef (This=0x99d2b0) returned 0x3 [0276.515] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d2b0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.515] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d2b0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.515] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d2b0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9afff0) returned 0x0 [0276.515] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9afff0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.515] WbemDefPath:IUnknown:Release (This=0x9afff0) returned 0x3 [0276.515] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.516] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d2b0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.516] WbemDefPath:IUnknown:Release (This=0x99d2b0) returned 0x2 [0276.516] WbemDefPath:IUnknown:Release (This=0x99d2b0) returned 0x1 [0276.516] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.516] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.516] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d2b0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x99d2b0) returned 0x0 [0276.516] WbemDefPath:IUnknown:AddRef (This=0x99d2b0) returned 0x3 [0276.516] WbemDefPath:IUnknown:Release (This=0x99d2b0) returned 0x2 [0276.516] WbemDefPath:IWbemPath:SetText (This=0x99d2b0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2372\"") returned 0x0 [0276.516] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.516] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.516] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.516] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.516] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.516] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.516] IWbemClassObject:Get (in: This=0x9ac130, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f55378*=0, plFlavor=0x2f5537c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x944, varVal2=0x0), pType=0x2f55378*=19, plFlavor=0x2f5537c*=0) returned 0x0 [0276.517] IWbemClassObject:Get (in: This=0x9ac130, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f55378*=19, plFlavor=0x2f5537c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x944, varVal2=0x0), pType=0x2f55378*=19, plFlavor=0x2f5537c*=0) returned 0x0 [0276.517] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.517] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.517] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.517] IWbemClassObject:Get (in: This=0x9ac130, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5547c*=0, plFlavor=0x2f55480*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhostw.exe", varVal2=0x0), pType=0x2f5547c*=8, plFlavor=0x2f55480*=0) returned 0x0 [0276.517] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0276.517] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0276.517] IWbemClassObject:Get (in: This=0x9ac130, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5547c*=8, plFlavor=0x2f55480*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhostw.exe", varVal2=0x0), pType=0x2f5547c*=8, plFlavor=0x2f55480*=0) returned 0x0 [0276.517] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0276.517] SysStringByteLen (bstr="taskhostw.exe") returned 0x1a [0276.517] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.517] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.517] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.517] IWbemClassObject:Get (in: This=0x9ac130, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f555c0*=0, plFlavor=0x2f555c4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}", varVal2=0x0), pType=0x2f555c0*=8, plFlavor=0x2f555c4*=0) returned 0x0 [0276.518] SysStringByteLen (bstr="taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}") returned 0x68 [0276.518] SysStringByteLen (bstr="taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}") returned 0x68 [0276.518] IWbemClassObject:Get (in: This=0x9ac130, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f555c0*=8, plFlavor=0x2f555c4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}", varVal2=0x0), pType=0x2f555c0*=8, plFlavor=0x2f555c4*=0) returned 0x0 [0276.518] SysStringByteLen (bstr="taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}") returned 0x68 [0276.518] SysStringByteLen (bstr="taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}") returned 0x68 [0276.518] CoTaskMemAlloc (cb=0x4) returned 0x989c90 [0276.518] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989c90, puReturned=0x2f500f0 | out: apObjects=0x989c90*=0x9b0ac0, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.632] IUnknown:QueryInterface (in: This=0x9b0ac0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b0ac0) returned 0x0 [0276.632] IUnknown:QueryInterface (in: This=0x9b0ac0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.632] IUnknown:QueryInterface (in: This=0x9b0ac0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.632] IUnknown:QueryInterface (in: This=0x9b0ac0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.632] IUnknown:AddRef (This=0x9b0ac0) returned 0x3 [0276.632] IUnknown:QueryInterface (in: This=0x9b0ac0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.632] IUnknown:QueryInterface (in: This=0x9b0ac0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.632] IUnknown:QueryInterface (in: This=0x9b0ac0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b0ac4) returned 0x0 [0276.633] IMarshal:GetUnmarshalClass (in: This=0x9b0ac4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.633] IUnknown:Release (This=0x9b0ac4) returned 0x3 [0276.633] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.633] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.633] IUnknown:QueryInterface (in: This=0x9b0ac0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.633] IUnknown:Release (This=0x9b0ac0) returned 0x2 [0276.633] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.633] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.633] IUnknown:QueryInterface (in: This=0x9b0ac0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b0ac0) returned 0x0 [0276.633] IUnknown:AddRef (This=0x9b0ac0) returned 0x4 [0276.633] IUnknown:Release (This=0x9b0ac0) returned 0x3 [0276.633] IUnknown:Release (This=0x9b0ac0) returned 0x2 [0276.633] CoTaskMemFree (pv=0x989c90) [0276.633] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.633] IUnknown:AddRef (This=0x9b0ac0) returned 0x3 [0276.633] IWbemClassObject:Get (in: This=0x9b0ac0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.634] IWbemClassObject:Get (in: This=0x9b0ac0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2660\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.634] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2660\"") returned 0x66 [0276.634] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2660\"") returned 0x66 [0276.634] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.634] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.634] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.634] IUnknown:Release (This=0x968724) returned 0x1 [0276.636] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989ca0) returned 0x0 [0276.637] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ca0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.637] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ca0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x99d010) returned 0x0 [0276.637] WbemDefPath:IUnknown:Release (This=0x989ca0) returned 0x0 [0276.637] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d010, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x99d010) returned 0x0 [0276.637] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d010, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.639] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d010, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.639] WbemDefPath:IUnknown:AddRef (This=0x99d010) returned 0x3 [0276.639] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d010, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.639] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d010, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.639] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d010, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9b0038) returned 0x0 [0276.639] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9b0038, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.639] WbemDefPath:IUnknown:Release (This=0x9b0038) returned 0x3 [0276.639] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.640] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d010, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.640] WbemDefPath:IUnknown:Release (This=0x99d010) returned 0x2 [0276.640] WbemDefPath:IUnknown:Release (This=0x99d010) returned 0x1 [0276.640] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.640] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.640] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d010, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x99d010) returned 0x0 [0276.640] WbemDefPath:IUnknown:AddRef (This=0x99d010) returned 0x3 [0276.640] WbemDefPath:IUnknown:Release (This=0x99d010) returned 0x2 [0276.640] WbemDefPath:IWbemPath:SetText (This=0x99d010, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2660\"") returned 0x0 [0276.640] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.640] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.640] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.640] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.640] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.641] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.641] IWbemClassObject:Get (in: This=0x9b0ac0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f56038*=0, plFlavor=0x2f5603c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa64, varVal2=0x0), pType=0x2f56038*=19, plFlavor=0x2f5603c*=0) returned 0x0 [0276.641] IWbemClassObject:Get (in: This=0x9b0ac0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f56038*=19, plFlavor=0x2f5603c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xa64, varVal2=0x0), pType=0x2f56038*=19, plFlavor=0x2f5603c*=0) returned 0x0 [0276.641] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.641] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.641] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.641] IWbemClassObject:Get (in: This=0x9b0ac0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5613c*=0, plFlavor=0x2f56140*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x2f5613c*=8, plFlavor=0x2f56140*=0) returned 0x0 [0276.641] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0276.641] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0276.641] IWbemClassObject:Get (in: This=0x9b0ac0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5613c*=8, plFlavor=0x2f56140*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="explorer.exe", varVal2=0x0), pType=0x2f5613c*=8, plFlavor=0x2f56140*=0) returned 0x0 [0276.642] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0276.642] SysStringByteLen (bstr="explorer.exe") returned 0x18 [0276.642] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.642] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.642] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.642] IWbemClassObject:Get (in: This=0x9b0ac0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f56280*=0, plFlavor=0x2f56284*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\Explorer.EXE", varVal2=0x0), pType=0x2f56280*=8, plFlavor=0x2f56284*=0) returned 0x0 [0276.642] SysStringByteLen (bstr="C:\\Windows\\Explorer.EXE") returned 0x2e [0276.642] SysStringByteLen (bstr="C:\\Windows\\Explorer.EXE") returned 0x2e [0276.642] IWbemClassObject:Get (in: This=0x9b0ac0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f56280*=8, plFlavor=0x2f56284*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\Explorer.EXE", varVal2=0x0), pType=0x2f56280*=8, plFlavor=0x2f56284*=0) returned 0x0 [0276.642] SysStringByteLen (bstr="C:\\Windows\\Explorer.EXE") returned 0x2e [0276.642] SysStringByteLen (bstr="C:\\Windows\\Explorer.EXE") returned 0x2e [0276.642] CoTaskMemAlloc (cb=0x4) returned 0x989e20 [0276.642] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e20, puReturned=0x2f500f0 | out: apObjects=0x989e20*=0x9b1f98, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.643] IUnknown:QueryInterface (in: This=0x9b1f98, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b1f98) returned 0x0 [0276.644] IUnknown:QueryInterface (in: This=0x9b1f98, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.644] IUnknown:QueryInterface (in: This=0x9b1f98, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.644] IUnknown:QueryInterface (in: This=0x9b1f98, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.644] IUnknown:AddRef (This=0x9b1f98) returned 0x3 [0276.644] IUnknown:QueryInterface (in: This=0x9b1f98, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.644] IUnknown:QueryInterface (in: This=0x9b1f98, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.644] IUnknown:QueryInterface (in: This=0x9b1f98, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b1f9c) returned 0x0 [0276.644] IMarshal:GetUnmarshalClass (in: This=0x9b1f9c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.644] IUnknown:Release (This=0x9b1f9c) returned 0x3 [0276.644] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.644] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.644] IUnknown:QueryInterface (in: This=0x9b1f98, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.644] IUnknown:Release (This=0x9b1f98) returned 0x2 [0276.645] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.645] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.645] IUnknown:QueryInterface (in: This=0x9b1f98, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b1f98) returned 0x0 [0276.645] IUnknown:AddRef (This=0x9b1f98) returned 0x4 [0276.645] IUnknown:Release (This=0x9b1f98) returned 0x3 [0276.645] IUnknown:Release (This=0x9b1f98) returned 0x2 [0276.645] CoTaskMemFree (pv=0x989e20) [0276.645] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.645] IUnknown:AddRef (This=0x9b1f98) returned 0x3 [0276.645] IWbemClassObject:Get (in: This=0x9b1f98, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.645] IWbemClassObject:Get (in: This=0x9b1f98, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2776\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.645] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2776\"") returned 0x66 [0276.645] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2776\"") returned 0x66 [0276.646] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.646] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.646] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.646] IUnknown:Release (This=0x968724) returned 0x1 [0276.647] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e30) returned 0x0 [0276.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e30, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.648] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e30, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x99cb40) returned 0x0 [0276.648] WbemDefPath:IUnknown:Release (This=0x989e30) returned 0x0 [0276.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cb40, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x99cb40) returned 0x0 [0276.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cb40, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cb40, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.648] WbemDefPath:IUnknown:AddRef (This=0x99cb40) returned 0x3 [0276.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cb40, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cb40, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.648] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cb40, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9b0368) returned 0x0 [0276.648] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9b0368, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.648] WbemDefPath:IUnknown:Release (This=0x9b0368) returned 0x3 [0276.648] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.649] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cb40, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.649] WbemDefPath:IUnknown:Release (This=0x99cb40) returned 0x2 [0276.649] WbemDefPath:IUnknown:Release (This=0x99cb40) returned 0x1 [0276.649] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.649] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.649] WbemDefPath:IUnknown:QueryInterface (in: This=0x99cb40, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x99cb40) returned 0x0 [0276.649] WbemDefPath:IUnknown:AddRef (This=0x99cb40) returned 0x3 [0276.649] WbemDefPath:IUnknown:Release (This=0x99cb40) returned 0x2 [0276.649] WbemDefPath:IWbemPath:SetText (This=0x99cb40, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2776\"") returned 0x0 [0276.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.649] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.649] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.649] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.649] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.649] IWbemClassObject:Get (in: This=0x9b1f98, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f56c38*=0, plFlavor=0x2f56c3c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xad8, varVal2=0x0), pType=0x2f56c38*=19, plFlavor=0x2f56c3c*=0) returned 0x0 [0276.650] IWbemClassObject:Get (in: This=0x9b1f98, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f56c38*=19, plFlavor=0x2f56c3c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xad8, varVal2=0x0), pType=0x2f56c38*=19, plFlavor=0x2f56c3c*=0) returned 0x0 [0276.650] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.650] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.650] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.650] IWbemClassObject:Get (in: This=0x9b1f98, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f56d3c*=0, plFlavor=0x2f56d40*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="svchost.exe", varVal2=0x0), pType=0x2f56d3c*=8, plFlavor=0x2f56d40*=0) returned 0x0 [0276.650] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0276.650] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0276.650] IWbemClassObject:Get (in: This=0x9b1f98, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f56d3c*=8, plFlavor=0x2f56d40*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="svchost.exe", varVal2=0x0), pType=0x2f56d3c*=8, plFlavor=0x2f56d40*=0) returned 0x0 [0276.650] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0276.650] SysStringByteLen (bstr="svchost.exe") returned 0x16 [0276.650] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.650] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.650] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.650] IWbemClassObject:Get (in: This=0x9b1f98, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f56e78*=0, plFlavor=0x2f56e7c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\svchost.exe -k ClipboardSvcGroup -p", varVal2=0x0), pType=0x2f56e78*=8, plFlavor=0x2f56e7c*=0) returned 0x0 [0276.651] SysStringByteLen (bstr="C:\\Windows\\system32\\svchost.exe -k ClipboardSvcGroup -p") returned 0x6e [0276.651] SysStringByteLen (bstr="C:\\Windows\\system32\\svchost.exe -k ClipboardSvcGroup -p") returned 0x6e [0276.651] IWbemClassObject:Get (in: This=0x9b1f98, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f56e78*=8, plFlavor=0x2f56e7c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\svchost.exe -k ClipboardSvcGroup -p", varVal2=0x0), pType=0x2f56e78*=8, plFlavor=0x2f56e7c*=0) returned 0x0 [0276.651] SysStringByteLen (bstr="C:\\Windows\\system32\\svchost.exe -k ClipboardSvcGroup -p") returned 0x6e [0276.651] SysStringByteLen (bstr="C:\\Windows\\system32\\svchost.exe -k ClipboardSvcGroup -p") returned 0x6e [0276.651] CoTaskMemAlloc (cb=0x4) returned 0x989cf0 [0276.651] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989cf0, puReturned=0x2f500f0 | out: apObjects=0x989cf0*=0x9b04c0, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.655] IUnknown:QueryInterface (in: This=0x9b04c0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b04c0) returned 0x0 [0276.655] IUnknown:QueryInterface (in: This=0x9b04c0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.655] IUnknown:QueryInterface (in: This=0x9b04c0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.655] IUnknown:QueryInterface (in: This=0x9b04c0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.655] IUnknown:AddRef (This=0x9b04c0) returned 0x3 [0276.655] IUnknown:QueryInterface (in: This=0x9b04c0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.655] IUnknown:QueryInterface (in: This=0x9b04c0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.655] IUnknown:QueryInterface (in: This=0x9b04c0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b04c4) returned 0x0 [0276.656] IMarshal:GetUnmarshalClass (in: This=0x9b04c4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.656] IUnknown:Release (This=0x9b04c4) returned 0x3 [0276.656] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.656] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.656] IUnknown:QueryInterface (in: This=0x9b04c0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.656] IUnknown:Release (This=0x9b04c0) returned 0x2 [0276.656] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.656] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.656] IUnknown:QueryInterface (in: This=0x9b04c0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b04c0) returned 0x0 [0276.656] IUnknown:AddRef (This=0x9b04c0) returned 0x4 [0276.656] IUnknown:Release (This=0x9b04c0) returned 0x3 [0276.656] IUnknown:Release (This=0x9b04c0) returned 0x2 [0276.656] CoTaskMemFree (pv=0x989cf0) [0276.656] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.656] IUnknown:AddRef (This=0x9b04c0) returned 0x3 [0276.656] IWbemClassObject:Get (in: This=0x9b04c0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.657] IWbemClassObject:Get (in: This=0x9b04c0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3004\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.657] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3004\"") returned 0x66 [0276.657] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3004\"") returned 0x66 [0276.657] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.657] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.657] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.657] IUnknown:Release (This=0x968724) returned 0x1 [0276.659] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989dd0) returned 0x0 [0276.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x989dd0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.659] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989dd0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x99d240) returned 0x0 [0276.659] WbemDefPath:IUnknown:Release (This=0x989dd0) returned 0x0 [0276.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d240, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x99d240) returned 0x0 [0276.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d240, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.659] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d240, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.659] WbemDefPath:IUnknown:AddRef (This=0x99d240) returned 0x3 [0276.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d240, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d240, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d240, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9b01b8) returned 0x0 [0276.660] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9b01b8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.660] WbemDefPath:IUnknown:Release (This=0x9b01b8) returned 0x3 [0276.660] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.660] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d240, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.660] WbemDefPath:IUnknown:Release (This=0x99d240) returned 0x2 [0276.660] WbemDefPath:IUnknown:Release (This=0x99d240) returned 0x1 [0276.660] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.660] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.660] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d240, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x99d240) returned 0x0 [0276.660] WbemDefPath:IUnknown:AddRef (This=0x99d240) returned 0x3 [0276.660] WbemDefPath:IUnknown:Release (This=0x99d240) returned 0x2 [0276.660] WbemDefPath:IWbemPath:SetText (This=0x99d240, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3004\"") returned 0x0 [0276.660] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.661] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.661] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.661] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.661] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.661] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.661] IWbemClassObject:Get (in: This=0x9b04c0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f57938*=0, plFlavor=0x2f5793c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xbbc, varVal2=0x0), pType=0x2f57938*=19, plFlavor=0x2f5793c*=0) returned 0x0 [0276.662] IWbemClassObject:Get (in: This=0x9b04c0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f57938*=19, plFlavor=0x2f5793c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xbbc, varVal2=0x0), pType=0x2f57938*=19, plFlavor=0x2f5793c*=0) returned 0x0 [0276.662] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.662] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.662] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.662] IWbemClassObject:Get (in: This=0x9b04c0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f57a3c*=0, plFlavor=0x2f57a40*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="StartMenuExperienceHost.exe", varVal2=0x0), pType=0x2f57a3c*=8, plFlavor=0x2f57a40*=0) returned 0x0 [0276.662] SysStringByteLen (bstr="StartMenuExperienceHost.exe") returned 0x36 [0276.662] SysStringByteLen (bstr="StartMenuExperienceHost.exe") returned 0x36 [0276.662] IWbemClassObject:Get (in: This=0x9b04c0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f57a3c*=8, plFlavor=0x2f57a40*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="StartMenuExperienceHost.exe", varVal2=0x0), pType=0x2f57a3c*=8, plFlavor=0x2f57a40*=0) returned 0x0 [0276.662] SysStringByteLen (bstr="StartMenuExperienceHost.exe") returned 0x36 [0276.662] SysStringByteLen (bstr="StartMenuExperienceHost.exe") returned 0x36 [0276.662] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.662] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.662] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.663] IWbemClassObject:Get (in: This=0x9b04c0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f57bb8*=0, plFlavor=0x2f57bbc*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe\" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca", varVal2=0x0), pType=0x2f57bb8*=8, plFlavor=0x2f57bbc*=0) returned 0x0 [0276.663] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe\" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca") returned 0x148 [0276.663] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe\" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca") returned 0x148 [0276.663] IWbemClassObject:Get (in: This=0x9b04c0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f57bb8*=8, plFlavor=0x2f57bbc*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe\" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca", varVal2=0x0), pType=0x2f57bb8*=8, plFlavor=0x2f57bbc*=0) returned 0x0 [0276.663] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe\" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca") returned 0x148 [0276.663] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe\" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca") returned 0x148 [0276.663] CoTaskMemAlloc (cb=0x4) returned 0x989db0 [0276.663] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989db0, puReturned=0x2f500f0 | out: apObjects=0x989db0*=0x9b0658, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.664] IUnknown:QueryInterface (in: This=0x9b0658, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b0658) returned 0x0 [0276.665] IUnknown:QueryInterface (in: This=0x9b0658, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.665] IUnknown:QueryInterface (in: This=0x9b0658, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.665] IUnknown:QueryInterface (in: This=0x9b0658, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.665] IUnknown:AddRef (This=0x9b0658) returned 0x3 [0276.665] IUnknown:QueryInterface (in: This=0x9b0658, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.665] IUnknown:QueryInterface (in: This=0x9b0658, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.665] IUnknown:QueryInterface (in: This=0x9b0658, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b065c) returned 0x0 [0276.665] IMarshal:GetUnmarshalClass (in: This=0x9b065c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.665] IUnknown:Release (This=0x9b065c) returned 0x3 [0276.665] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.665] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.665] IUnknown:QueryInterface (in: This=0x9b0658, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.666] IUnknown:Release (This=0x9b0658) returned 0x2 [0276.666] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.666] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.666] IUnknown:QueryInterface (in: This=0x9b0658, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b0658) returned 0x0 [0276.666] IUnknown:AddRef (This=0x9b0658) returned 0x4 [0276.666] IUnknown:Release (This=0x9b0658) returned 0x3 [0276.666] IUnknown:Release (This=0x9b0658) returned 0x2 [0276.666] CoTaskMemFree (pv=0x989db0) [0276.666] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.666] IUnknown:AddRef (This=0x9b0658) returned 0x3 [0276.666] IWbemClassObject:Get (in: This=0x9b0658, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.666] IWbemClassObject:Get (in: This=0x9b0658, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3100\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.666] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3100\"") returned 0x66 [0276.667] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3100\"") returned 0x66 [0276.667] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.667] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.667] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.667] IUnknown:Release (This=0x968724) returned 0x1 [0276.670] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989cd0) returned 0x0 [0276.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x989cd0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.671] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989cd0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x99d710) returned 0x0 [0276.671] WbemDefPath:IUnknown:Release (This=0x989cd0) returned 0x0 [0276.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d710, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x99d710) returned 0x0 [0276.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d710, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d710, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.671] WbemDefPath:IUnknown:AddRef (This=0x99d710) returned 0x3 [0276.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d710, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d710, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.671] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d710, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9af570) returned 0x0 [0276.671] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9af570, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.671] WbemDefPath:IUnknown:Release (This=0x9af570) returned 0x3 [0276.671] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.672] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d710, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.672] WbemDefPath:IUnknown:Release (This=0x99d710) returned 0x2 [0276.672] WbemDefPath:IUnknown:Release (This=0x99d710) returned 0x1 [0276.672] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.672] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.672] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d710, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x99d710) returned 0x0 [0276.672] WbemDefPath:IUnknown:AddRef (This=0x99d710) returned 0x3 [0276.672] WbemDefPath:IUnknown:Release (This=0x99d710) returned 0x2 [0276.672] WbemDefPath:IWbemPath:SetText (This=0x99d710, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3100\"") returned 0x0 [0276.672] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.672] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.672] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.672] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.672] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.672] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.672] IWbemClassObject:Get (in: This=0x9b0658, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f588ec*=0, plFlavor=0x2f588f0*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc1c, varVal2=0x0), pType=0x2f588ec*=19, plFlavor=0x2f588f0*=0) returned 0x0 [0276.673] IWbemClassObject:Get (in: This=0x9b0658, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f588ec*=19, plFlavor=0x2f588f0*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc1c, varVal2=0x0), pType=0x2f588ec*=19, plFlavor=0x2f588f0*=0) returned 0x0 [0276.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.673] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.673] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.673] IWbemClassObject:Get (in: This=0x9b0658, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f589f0*=0, plFlavor=0x2f589f4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RuntimeBroker.exe", varVal2=0x0), pType=0x2f589f0*=8, plFlavor=0x2f589f4*=0) returned 0x0 [0276.673] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0276.673] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0276.673] IWbemClassObject:Get (in: This=0x9b0658, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f589f0*=8, plFlavor=0x2f589f4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RuntimeBroker.exe", varVal2=0x0), pType=0x2f589f0*=8, plFlavor=0x2f589f4*=0) returned 0x0 [0276.673] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0276.673] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0276.673] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.673] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.673] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.673] IWbemClassObject:Get (in: This=0x9b0658, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f58b44*=0, plFlavor=0x2f58b48*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding", varVal2=0x0), pType=0x2f58b44*=8, plFlavor=0x2f58b48*=0) returned 0x0 [0276.674] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0276.674] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0276.674] IWbemClassObject:Get (in: This=0x9b0658, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f58b44*=8, plFlavor=0x2f58b48*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding", varVal2=0x0), pType=0x2f58b44*=8, plFlavor=0x2f58b48*=0) returned 0x0 [0276.674] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0276.674] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0276.674] CoTaskMemAlloc (cb=0x4) returned 0x989d90 [0276.674] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d90, puReturned=0x2f500f0 | out: apObjects=0x989d90*=0x9b30e8, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.735] IUnknown:QueryInterface (in: This=0x9b30e8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b30e8) returned 0x0 [0276.736] IUnknown:QueryInterface (in: This=0x9b30e8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.736] IUnknown:QueryInterface (in: This=0x9b30e8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.736] IUnknown:QueryInterface (in: This=0x9b30e8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.736] IUnknown:AddRef (This=0x9b30e8) returned 0x3 [0276.736] IUnknown:QueryInterface (in: This=0x9b30e8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.736] IUnknown:QueryInterface (in: This=0x9b30e8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.736] IUnknown:QueryInterface (in: This=0x9b30e8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b30ec) returned 0x0 [0276.736] IMarshal:GetUnmarshalClass (in: This=0x9b30ec, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.736] IUnknown:Release (This=0x9b30ec) returned 0x3 [0276.736] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.737] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.737] IUnknown:QueryInterface (in: This=0x9b30e8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.737] IUnknown:Release (This=0x9b30e8) returned 0x2 [0276.737] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.737] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.737] IUnknown:QueryInterface (in: This=0x9b30e8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b30e8) returned 0x0 [0276.737] IUnknown:AddRef (This=0x9b30e8) returned 0x4 [0276.737] IUnknown:Release (This=0x9b30e8) returned 0x3 [0276.737] IUnknown:Release (This=0x9b30e8) returned 0x2 [0276.737] CoTaskMemFree (pv=0x989d90) [0276.737] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.737] IUnknown:AddRef (This=0x9b30e8) returned 0x3 [0276.737] IWbemClassObject:Get (in: This=0x9b30e8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.738] IWbemClassObject:Get (in: This=0x9b30e8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3236\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.738] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3236\"") returned 0x66 [0276.738] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3236\"") returned 0x66 [0276.738] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.738] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.738] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.738] IUnknown:Release (This=0x968724) returned 0x1 [0276.740] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989cf0) returned 0x0 [0276.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x989cf0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.740] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989cf0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x99d6a0) returned 0x0 [0276.740] WbemDefPath:IUnknown:Release (This=0x989cf0) returned 0x0 [0276.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d6a0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x99d6a0) returned 0x0 [0276.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d6a0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.740] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d6a0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.741] WbemDefPath:IUnknown:AddRef (This=0x99d6a0) returned 0x3 [0276.741] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d6a0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.741] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d6a0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.741] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d6a0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9af7b0) returned 0x0 [0276.741] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9af7b0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.741] WbemDefPath:IUnknown:Release (This=0x9af7b0) returned 0x3 [0276.741] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.741] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.741] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d6a0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.741] WbemDefPath:IUnknown:Release (This=0x99d6a0) returned 0x2 [0276.741] WbemDefPath:IUnknown:Release (This=0x99d6a0) returned 0x1 [0276.741] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.741] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.741] WbemDefPath:IUnknown:QueryInterface (in: This=0x99d6a0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x99d6a0) returned 0x0 [0276.742] WbemDefPath:IUnknown:AddRef (This=0x99d6a0) returned 0x3 [0276.742] WbemDefPath:IUnknown:Release (This=0x99d6a0) returned 0x2 [0276.742] WbemDefPath:IWbemPath:SetText (This=0x99d6a0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3236\"") returned 0x0 [0276.742] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.742] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.742] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.743] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.743] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.743] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.743] IWbemClassObject:Get (in: This=0x9b30e8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f595a0*=0, plFlavor=0x2f595a4*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xca4, varVal2=0x0), pType=0x2f595a0*=19, plFlavor=0x2f595a4*=0) returned 0x0 [0276.743] IWbemClassObject:Get (in: This=0x9b30e8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f595a0*=19, plFlavor=0x2f595a4*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xca4, varVal2=0x0), pType=0x2f595a0*=19, plFlavor=0x2f595a4*=0) returned 0x0 [0276.744] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.744] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.744] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.744] IWbemClassObject:Get (in: This=0x9b30e8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f596a4*=0, plFlavor=0x2f596a8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SearchApp.exe", varVal2=0x0), pType=0x2f596a4*=8, plFlavor=0x2f596a8*=0) returned 0x0 [0276.744] SysStringByteLen (bstr="SearchApp.exe") returned 0x1a [0276.744] SysStringByteLen (bstr="SearchApp.exe") returned 0x1a [0276.744] IWbemClassObject:Get (in: This=0x9b30e8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f596a4*=8, plFlavor=0x2f596a8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="SearchApp.exe", varVal2=0x0), pType=0x2f596a4*=8, plFlavor=0x2f596a8*=0) returned 0x0 [0276.744] SysStringByteLen (bstr="SearchApp.exe") returned 0x1a [0276.744] SysStringByteLen (bstr="SearchApp.exe") returned 0x1a [0276.744] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.744] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.744] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.744] IWbemClassObject:Get (in: This=0x9b30e8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f597e8*=0, plFlavor=0x2f597ec*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca", varVal2=0x0), pType=0x2f597e8*=8, plFlavor=0x2f597ec*=0) returned 0x0 [0276.744] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca") returned 0x116 [0276.744] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca") returned 0x116 [0276.745] IWbemClassObject:Get (in: This=0x9b30e8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f597e8*=8, plFlavor=0x2f597ec*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca", varVal2=0x0), pType=0x2f597e8*=8, plFlavor=0x2f597ec*=0) returned 0x0 [0276.745] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca") returned 0x116 [0276.745] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\Microsoft.Windows.Search_cw5n1h2txyewy\\SearchApp.exe\" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca") returned 0x116 [0276.745] CoTaskMemAlloc (cb=0x4) returned 0x989db0 [0276.745] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989db0, puReturned=0x2f500f0 | out: apObjects=0x989db0*=0x9b48e8, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.749] IUnknown:QueryInterface (in: This=0x9b48e8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b48e8) returned 0x0 [0276.749] IUnknown:QueryInterface (in: This=0x9b48e8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.749] IUnknown:QueryInterface (in: This=0x9b48e8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.749] IUnknown:QueryInterface (in: This=0x9b48e8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.750] IUnknown:AddRef (This=0x9b48e8) returned 0x3 [0276.750] IUnknown:QueryInterface (in: This=0x9b48e8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.750] IUnknown:QueryInterface (in: This=0x9b48e8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.750] IUnknown:QueryInterface (in: This=0x9b48e8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b48ec) returned 0x0 [0276.750] IMarshal:GetUnmarshalClass (in: This=0x9b48ec, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.750] IUnknown:Release (This=0x9b48ec) returned 0x3 [0276.750] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.750] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.750] IUnknown:QueryInterface (in: This=0x9b48e8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.750] IUnknown:Release (This=0x9b48e8) returned 0x2 [0276.750] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.750] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.750] IUnknown:QueryInterface (in: This=0x9b48e8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b48e8) returned 0x0 [0276.750] IUnknown:AddRef (This=0x9b48e8) returned 0x4 [0276.750] IUnknown:Release (This=0x9b48e8) returned 0x3 [0276.750] IUnknown:Release (This=0x9b48e8) returned 0x2 [0276.750] CoTaskMemFree (pv=0x989db0) [0276.751] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.751] IUnknown:AddRef (This=0x9b48e8) returned 0x3 [0276.751] IWbemClassObject:Get (in: This=0x9b48e8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.751] IWbemClassObject:Get (in: This=0x9b48e8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3332\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.751] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3332\"") returned 0x66 [0276.751] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3332\"") returned 0x66 [0276.751] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.751] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.752] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.752] IUnknown:Release (This=0x968724) returned 0x1 [0276.753] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989da0) returned 0x0 [0276.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x989da0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.754] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989da0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b44e0) returned 0x0 [0276.754] WbemDefPath:IUnknown:Release (This=0x989da0) returned 0x0 [0276.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b44e0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b44e0) returned 0x0 [0276.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b44e0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b44e0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.754] WbemDefPath:IUnknown:AddRef (This=0x9b44e0) returned 0x3 [0276.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b44e0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b44e0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.754] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b44e0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9afa38) returned 0x0 [0276.755] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9afa38, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.755] WbemDefPath:IUnknown:Release (This=0x9afa38) returned 0x3 [0276.755] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.755] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.755] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b44e0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.755] WbemDefPath:IUnknown:Release (This=0x9b44e0) returned 0x2 [0276.755] WbemDefPath:IUnknown:Release (This=0x9b44e0) returned 0x1 [0276.755] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.755] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.755] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b44e0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b44e0) returned 0x0 [0276.755] WbemDefPath:IUnknown:AddRef (This=0x9b44e0) returned 0x3 [0276.755] WbemDefPath:IUnknown:Release (This=0x9b44e0) returned 0x2 [0276.755] WbemDefPath:IWbemPath:SetText (This=0x9b44e0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3332\"") returned 0x0 [0276.755] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.755] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.756] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.756] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.756] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.756] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.756] IWbemClassObject:Get (in: This=0x9b48e8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5a464*=0, plFlavor=0x2f5a468*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd04, varVal2=0x0), pType=0x2f5a464*=19, plFlavor=0x2f5a468*=0) returned 0x0 [0276.756] IWbemClassObject:Get (in: This=0x9b48e8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5a464*=19, plFlavor=0x2f5a468*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd04, varVal2=0x0), pType=0x2f5a464*=19, plFlavor=0x2f5a468*=0) returned 0x0 [0276.757] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.757] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.757] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.757] IWbemClassObject:Get (in: This=0x9b48e8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5a568*=0, plFlavor=0x2f5a56c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RuntimeBroker.exe", varVal2=0x0), pType=0x2f5a568*=8, plFlavor=0x2f5a56c*=0) returned 0x0 [0276.757] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0276.757] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0276.757] IWbemClassObject:Get (in: This=0x9b48e8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5a568*=8, plFlavor=0x2f5a56c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RuntimeBroker.exe", varVal2=0x0), pType=0x2f5a568*=8, plFlavor=0x2f5a56c*=0) returned 0x0 [0276.757] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0276.757] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0276.757] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.757] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.757] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.757] IWbemClassObject:Get (in: This=0x9b48e8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5a6bc*=0, plFlavor=0x2f5a6c0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding", varVal2=0x0), pType=0x2f5a6bc*=8, plFlavor=0x2f5a6c0*=0) returned 0x0 [0276.757] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0276.757] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0276.758] IWbemClassObject:Get (in: This=0x9b48e8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5a6bc*=8, plFlavor=0x2f5a6c0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding", varVal2=0x0), pType=0x2f5a6bc*=8, plFlavor=0x2f5a6c0*=0) returned 0x0 [0276.758] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0276.758] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0276.758] CoTaskMemAlloc (cb=0x4) returned 0x989e20 [0276.758] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e20, puReturned=0x2f500f0 | out: apObjects=0x989e20*=0x9b50e0, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.759] IUnknown:QueryInterface (in: This=0x9b50e0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b50e0) returned 0x0 [0276.759] IUnknown:QueryInterface (in: This=0x9b50e0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.759] IUnknown:QueryInterface (in: This=0x9b50e0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.759] IUnknown:QueryInterface (in: This=0x9b50e0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.760] IUnknown:AddRef (This=0x9b50e0) returned 0x3 [0276.760] IUnknown:QueryInterface (in: This=0x9b50e0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.760] IUnknown:QueryInterface (in: This=0x9b50e0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.760] IUnknown:QueryInterface (in: This=0x9b50e0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b50e4) returned 0x0 [0276.760] IMarshal:GetUnmarshalClass (in: This=0x9b50e4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.760] IUnknown:Release (This=0x9b50e4) returned 0x3 [0276.760] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.760] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.760] IUnknown:QueryInterface (in: This=0x9b50e0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.760] IUnknown:Release (This=0x9b50e0) returned 0x2 [0276.760] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.760] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.760] IUnknown:QueryInterface (in: This=0x9b50e0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b50e0) returned 0x0 [0276.760] IUnknown:AddRef (This=0x9b50e0) returned 0x4 [0276.760] IUnknown:Release (This=0x9b50e0) returned 0x3 [0276.760] IUnknown:Release (This=0x9b50e0) returned 0x2 [0276.760] CoTaskMemFree (pv=0x989e20) [0276.761] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.761] IUnknown:AddRef (This=0x9b50e0) returned 0x3 [0276.761] IWbemClassObject:Get (in: This=0x9b50e0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.827] IWbemClassObject:Get (in: This=0x9b50e0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"1372\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.828] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"1372\"") returned 0x66 [0276.828] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"1372\"") returned 0x66 [0276.828] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.828] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.828] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.828] IUnknown:Release (This=0x968724) returned 0x1 [0276.830] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e20) returned 0x0 [0276.830] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e20, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.830] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e20, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b3e50) returned 0x0 [0276.831] WbemDefPath:IUnknown:Release (This=0x989e20) returned 0x0 [0276.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3e50, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b3e50) returned 0x0 [0276.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3e50, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3e50, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.831] WbemDefPath:IUnknown:AddRef (This=0x9b3e50) returned 0x3 [0276.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3e50, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3e50, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3e50, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9af930) returned 0x0 [0276.831] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9af930, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.831] WbemDefPath:IUnknown:Release (This=0x9af930) returned 0x3 [0276.832] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.832] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3e50, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.832] WbemDefPath:IUnknown:Release (This=0x9b3e50) returned 0x2 [0276.832] WbemDefPath:IUnknown:Release (This=0x9b3e50) returned 0x1 [0276.832] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.832] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3e50, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b3e50) returned 0x0 [0276.832] WbemDefPath:IUnknown:AddRef (This=0x9b3e50) returned 0x3 [0276.832] WbemDefPath:IUnknown:Release (This=0x9b3e50) returned 0x2 [0276.832] WbemDefPath:IWbemPath:SetText (This=0x9b3e50, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"1372\"") returned 0x0 [0276.832] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.832] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.832] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.832] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.832] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.832] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.833] IWbemClassObject:Get (in: This=0x9b50e0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5b118*=0, plFlavor=0x2f5b11c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x55c, varVal2=0x0), pType=0x2f5b118*=19, plFlavor=0x2f5b11c*=0) returned 0x0 [0276.833] IWbemClassObject:Get (in: This=0x9b50e0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5b118*=19, plFlavor=0x2f5b11c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x55c, varVal2=0x0), pType=0x2f5b118*=19, plFlavor=0x2f5b11c*=0) returned 0x0 [0276.833] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.833] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.833] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.833] IWbemClassObject:Get (in: This=0x9b50e0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5b21c*=0, plFlavor=0x2f5b220*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="UserOOBEBroker.exe", varVal2=0x0), pType=0x2f5b21c*=8, plFlavor=0x2f5b220*=0) returned 0x0 [0276.833] SysStringByteLen (bstr="UserOOBEBroker.exe") returned 0x24 [0276.833] SysStringByteLen (bstr="UserOOBEBroker.exe") returned 0x24 [0276.833] IWbemClassObject:Get (in: This=0x9b50e0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5b21c*=8, plFlavor=0x2f5b220*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="UserOOBEBroker.exe", varVal2=0x0), pType=0x2f5b21c*=8, plFlavor=0x2f5b220*=0) returned 0x0 [0276.834] SysStringByteLen (bstr="UserOOBEBroker.exe") returned 0x24 [0276.834] SysStringByteLen (bstr="UserOOBEBroker.exe") returned 0x24 [0276.834] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.834] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.834] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.834] IWbemClassObject:Get (in: This=0x9b50e0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5b378*=0, plFlavor=0x2f5b37c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\oobe\\UserOOBEBroker.exe -Embedding", varVal2=0x0), pType=0x2f5b378*=8, plFlavor=0x2f5b37c*=0) returned 0x0 [0276.834] SysStringByteLen (bstr="C:\\Windows\\System32\\oobe\\UserOOBEBroker.exe -Embedding") returned 0x6c [0276.834] SysStringByteLen (bstr="C:\\Windows\\System32\\oobe\\UserOOBEBroker.exe -Embedding") returned 0x6c [0276.834] IWbemClassObject:Get (in: This=0x9b50e0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5b378*=8, plFlavor=0x2f5b37c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\oobe\\UserOOBEBroker.exe -Embedding", varVal2=0x0), pType=0x2f5b378*=8, plFlavor=0x2f5b37c*=0) returned 0x0 [0276.834] SysStringByteLen (bstr="C:\\Windows\\System32\\oobe\\UserOOBEBroker.exe -Embedding") returned 0x6c [0276.834] SysStringByteLen (bstr="C:\\Windows\\System32\\oobe\\UserOOBEBroker.exe -Embedding") returned 0x6c [0276.834] CoTaskMemAlloc (cb=0x4) returned 0x989dd0 [0276.834] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989dd0, puReturned=0x2f500f0 | out: apObjects=0x989dd0*=0x9b5278, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.836] IUnknown:QueryInterface (in: This=0x9b5278, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b5278) returned 0x0 [0276.836] IUnknown:QueryInterface (in: This=0x9b5278, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.836] IUnknown:QueryInterface (in: This=0x9b5278, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.836] IUnknown:QueryInterface (in: This=0x9b5278, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.837] IUnknown:AddRef (This=0x9b5278) returned 0x3 [0276.837] IUnknown:QueryInterface (in: This=0x9b5278, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.837] IUnknown:QueryInterface (in: This=0x9b5278, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.837] IUnknown:QueryInterface (in: This=0x9b5278, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b527c) returned 0x0 [0276.837] IMarshal:GetUnmarshalClass (in: This=0x9b527c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.837] IUnknown:Release (This=0x9b527c) returned 0x3 [0276.837] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.837] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.837] IUnknown:QueryInterface (in: This=0x9b5278, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.837] IUnknown:Release (This=0x9b5278) returned 0x2 [0276.837] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.837] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.837] IUnknown:QueryInterface (in: This=0x9b5278, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b5278) returned 0x0 [0276.838] IUnknown:AddRef (This=0x9b5278) returned 0x4 [0276.838] IUnknown:Release (This=0x9b5278) returned 0x3 [0276.838] IUnknown:Release (This=0x9b5278) returned 0x2 [0276.838] CoTaskMemFree (pv=0x989dd0) [0276.838] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.838] IUnknown:AddRef (This=0x9b5278) returned 0x3 [0276.838] IWbemClassObject:Get (in: This=0x9b5278, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.838] IWbemClassObject:Get (in: This=0x9b5278, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"1716\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.839] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"1716\"") returned 0x66 [0276.839] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"1716\"") returned 0x66 [0276.839] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.839] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.839] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.839] IUnknown:Release (This=0x968724) returned 0x1 [0276.845] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e30) returned 0x0 [0276.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e30, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.845] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e30, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b4240) returned 0x0 [0276.845] WbemDefPath:IUnknown:Release (This=0x989e30) returned 0x0 [0276.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4240, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b4240) returned 0x0 [0276.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4240, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.845] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4240, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.846] WbemDefPath:IUnknown:AddRef (This=0x9b4240) returned 0x3 [0276.846] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4240, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.846] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4240, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.846] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4240, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9afd68) returned 0x0 [0276.846] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9afd68, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.846] WbemDefPath:IUnknown:Release (This=0x9afd68) returned 0x3 [0276.846] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.846] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.846] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4240, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.846] WbemDefPath:IUnknown:Release (This=0x9b4240) returned 0x2 [0276.846] WbemDefPath:IUnknown:Release (This=0x9b4240) returned 0x1 [0276.846] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.846] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.846] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4240, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b4240) returned 0x0 [0276.846] WbemDefPath:IUnknown:AddRef (This=0x9b4240) returned 0x3 [0276.847] WbemDefPath:IUnknown:Release (This=0x9b4240) returned 0x2 [0276.847] WbemDefPath:IWbemPath:SetText (This=0x9b4240, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"1716\"") returned 0x0 [0276.847] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.847] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.847] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.847] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.847] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.847] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.847] IWbemClassObject:Get (in: This=0x9b5278, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5bdf8*=0, plFlavor=0x2f5bdfc*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6b4, varVal2=0x0), pType=0x2f5bdf8*=19, plFlavor=0x2f5bdfc*=0) returned 0x0 [0276.847] IWbemClassObject:Get (in: This=0x9b5278, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5bdf8*=19, plFlavor=0x2f5bdfc*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x6b4, varVal2=0x0), pType=0x2f5bdf8*=19, plFlavor=0x2f5bdfc*=0) returned 0x0 [0276.848] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.848] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.848] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.848] IWbemClassObject:Get (in: This=0x9b5278, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5befc*=0, plFlavor=0x2f5bf00*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x2f5befc*=8, plFlavor=0x2f5bf00*=0) returned 0x0 [0276.848] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0276.848] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0276.848] IWbemClassObject:Get (in: This=0x9b5278, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5befc*=8, plFlavor=0x2f5bf00*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x2f5befc*=8, plFlavor=0x2f5bf00*=0) returned 0x0 [0276.848] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0276.848] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0276.848] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.849] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.849] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.849] IWbemClassObject:Get (in: This=0x9b5278, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5c04c*=0, plFlavor=0x2f5c050*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank", varVal2=0x0), pType=0x2f5c04c*=8, plFlavor=0x2f5c050*=0) returned 0x0 [0276.849] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank") returned 0x7a [0276.849] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank") returned 0x7a [0276.849] IWbemClassObject:Get (in: This=0x9b5278, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5c04c*=8, plFlavor=0x2f5c050*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank", varVal2=0x0), pType=0x2f5c04c*=8, plFlavor=0x2f5c050*=0) returned 0x0 [0276.849] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank") returned 0x7a [0276.849] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" about:blank") returned 0x7a [0276.849] CoTaskMemAlloc (cb=0x4) returned 0x989cd0 [0276.849] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989cd0, puReturned=0x2f500f0 | out: apObjects=0x989cd0*=0x9b5410, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.851] IUnknown:QueryInterface (in: This=0x9b5410, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b5410) returned 0x0 [0276.851] IUnknown:QueryInterface (in: This=0x9b5410, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.851] IUnknown:QueryInterface (in: This=0x9b5410, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.851] IUnknown:QueryInterface (in: This=0x9b5410, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.851] IUnknown:AddRef (This=0x9b5410) returned 0x3 [0276.851] IUnknown:QueryInterface (in: This=0x9b5410, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.851] IUnknown:QueryInterface (in: This=0x9b5410, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.852] IUnknown:QueryInterface (in: This=0x9b5410, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b5414) returned 0x0 [0276.852] IMarshal:GetUnmarshalClass (in: This=0x9b5414, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.852] IUnknown:Release (This=0x9b5414) returned 0x3 [0276.852] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.852] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.852] IUnknown:QueryInterface (in: This=0x9b5410, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.852] IUnknown:Release (This=0x9b5410) returned 0x2 [0276.852] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.852] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.852] IUnknown:QueryInterface (in: This=0x9b5410, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b5410) returned 0x0 [0276.852] IUnknown:AddRef (This=0x9b5410) returned 0x4 [0276.852] IUnknown:Release (This=0x9b5410) returned 0x3 [0276.852] IUnknown:Release (This=0x9b5410) returned 0x2 [0276.852] CoTaskMemFree (pv=0x989cd0) [0276.853] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.853] IUnknown:AddRef (This=0x9b5410) returned 0x3 [0276.853] IWbemClassObject:Get (in: This=0x9b5410, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.853] IWbemClassObject:Get (in: This=0x9b5410, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3108\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.854] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3108\"") returned 0x66 [0276.854] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3108\"") returned 0x66 [0276.854] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.854] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.854] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.854] IUnknown:Release (This=0x968724) returned 0x1 [0276.859] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989db0) returned 0x0 [0276.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x989db0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.859] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989db0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b4470) returned 0x0 [0276.859] WbemDefPath:IUnknown:Release (This=0x989db0) returned 0x0 [0276.859] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4470, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b4470) returned 0x0 [0276.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4470, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4470, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.860] WbemDefPath:IUnknown:AddRef (This=0x9b4470) returned 0x3 [0276.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4470, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4470, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.860] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4470, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9afd50) returned 0x0 [0276.860] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9afd50, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.860] WbemDefPath:IUnknown:Release (This=0x9afd50) returned 0x3 [0276.860] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.860] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.861] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4470, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.861] WbemDefPath:IUnknown:Release (This=0x9b4470) returned 0x2 [0276.861] WbemDefPath:IUnknown:Release (This=0x9b4470) returned 0x1 [0276.861] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.861] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.861] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4470, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b4470) returned 0x0 [0276.861] WbemDefPath:IUnknown:AddRef (This=0x9b4470) returned 0x3 [0276.861] WbemDefPath:IUnknown:Release (This=0x9b4470) returned 0x2 [0276.861] WbemDefPath:IWbemPath:SetText (This=0x9b4470, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3108\"") returned 0x0 [0276.862] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.862] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.862] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.862] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.862] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.862] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.862] IWbemClassObject:Get (in: This=0x9b5410, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5cae8*=0, plFlavor=0x2f5caec*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc24, varVal2=0x0), pType=0x2f5cae8*=19, plFlavor=0x2f5caec*=0) returned 0x0 [0276.862] IWbemClassObject:Get (in: This=0x9b5410, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5cae8*=19, plFlavor=0x2f5caec*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xc24, varVal2=0x0), pType=0x2f5cae8*=19, plFlavor=0x2f5caec*=0) returned 0x0 [0276.863] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.863] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.863] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.863] IWbemClassObject:Get (in: This=0x9b5410, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5cbec*=0, plFlavor=0x2f5cbf0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x2f5cbec*=8, plFlavor=0x2f5cbf0*=0) returned 0x0 [0276.863] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0276.863] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0276.863] IWbemClassObject:Get (in: This=0x9b5410, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5cbec*=8, plFlavor=0x2f5cbf0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="iexplore.exe", varVal2=0x0), pType=0x2f5cbec*=8, plFlavor=0x2f5cbf0*=0) returned 0x0 [0276.863] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0276.863] SysStringByteLen (bstr="iexplore.exe") returned 0x18 [0276.863] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.863] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.863] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.864] IWbemClassObject:Get (in: This=0x9b5410, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5cd30*=0, plFlavor=0x2f5cd34*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE\" SCODEF:1716 CREDAT:82946 /prefetch:2", varVal2=0x0), pType=0x2f5cd30*=8, plFlavor=0x2f5cd34*=0) returned 0x0 [0276.864] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE\" SCODEF:1716 CREDAT:82946 /prefetch:2") returned 0xb8 [0276.864] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE\" SCODEF:1716 CREDAT:82946 /prefetch:2") returned 0xb8 [0276.864] IWbemClassObject:Get (in: This=0x9b5410, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5cd30*=8, plFlavor=0x2f5cd34*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE\" SCODEF:1716 CREDAT:82946 /prefetch:2", varVal2=0x0), pType=0x2f5cd30*=8, plFlavor=0x2f5cd34*=0) returned 0x0 [0276.864] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE\" SCODEF:1716 CREDAT:82946 /prefetch:2") returned 0xb8 [0276.864] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE\" SCODEF:1716 CREDAT:82946 /prefetch:2") returned 0xb8 [0276.864] CoTaskMemAlloc (cb=0x4) returned 0x989e20 [0276.864] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e20, puReturned=0x2f500f0 | out: apObjects=0x989e20*=0x9b4750, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.866] IUnknown:QueryInterface (in: This=0x9b4750, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b4750) returned 0x0 [0276.866] IUnknown:QueryInterface (in: This=0x9b4750, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.866] IUnknown:QueryInterface (in: This=0x9b4750, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.866] IUnknown:QueryInterface (in: This=0x9b4750, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.866] IUnknown:AddRef (This=0x9b4750) returned 0x3 [0276.866] IUnknown:QueryInterface (in: This=0x9b4750, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.866] IUnknown:QueryInterface (in: This=0x9b4750, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.866] IUnknown:QueryInterface (in: This=0x9b4750, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b4754) returned 0x0 [0276.866] IMarshal:GetUnmarshalClass (in: This=0x9b4754, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.867] IUnknown:Release (This=0x9b4754) returned 0x3 [0276.867] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.867] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.867] IUnknown:QueryInterface (in: This=0x9b4750, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.867] IUnknown:Release (This=0x9b4750) returned 0x2 [0276.867] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.867] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.867] IUnknown:QueryInterface (in: This=0x9b4750, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b4750) returned 0x0 [0276.867] IUnknown:AddRef (This=0x9b4750) returned 0x4 [0276.867] IUnknown:Release (This=0x9b4750) returned 0x3 [0276.867] IUnknown:Release (This=0x9b4750) returned 0x2 [0276.867] CoTaskMemFree (pv=0x989e20) [0276.867] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.867] IUnknown:AddRef (This=0x9b4750) returned 0x3 [0276.867] IWbemClassObject:Get (in: This=0x9b4750, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.868] IWbemClassObject:Get (in: This=0x9b4750, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4108\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.868] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4108\"") returned 0x66 [0276.868] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4108\"") returned 0x66 [0276.868] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0276.868] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0276.868] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0276.869] IUnknown:Release (This=0x968724) returned 0x1 [0276.873] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e20) returned 0x0 [0276.874] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e20, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0276.874] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e20, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b42b0) returned 0x0 [0276.874] WbemDefPath:IUnknown:Release (This=0x989e20) returned 0x0 [0276.874] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b42b0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b42b0) returned 0x0 [0276.874] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b42b0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0276.874] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b42b0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0276.875] WbemDefPath:IUnknown:AddRef (This=0x9b42b0) returned 0x3 [0276.875] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b42b0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0276.875] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b42b0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0276.875] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b42b0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9b6d58) returned 0x0 [0276.875] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9b6d58, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0276.875] WbemDefPath:IUnknown:Release (This=0x9b6d58) returned 0x3 [0276.875] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0276.875] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0276.875] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b42b0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0276.875] WbemDefPath:IUnknown:Release (This=0x9b42b0) returned 0x2 [0276.875] WbemDefPath:IUnknown:Release (This=0x9b42b0) returned 0x1 [0276.875] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0276.875] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0276.875] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b42b0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b42b0) returned 0x0 [0276.875] WbemDefPath:IUnknown:AddRef (This=0x9b42b0) returned 0x3 [0276.876] WbemDefPath:IUnknown:Release (This=0x9b42b0) returned 0x2 [0276.876] WbemDefPath:IWbemPath:SetText (This=0x9b42b0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4108\"") returned 0x0 [0276.876] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0276.876] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0276.876] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.876] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.876] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.876] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.876] IWbemClassObject:Get (in: This=0x9b4750, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5d888*=0, plFlavor=0x2f5d88c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x100c, varVal2=0x0), pType=0x2f5d888*=19, plFlavor=0x2f5d88c*=0) returned 0x0 [0276.876] IWbemClassObject:Get (in: This=0x9b4750, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5d888*=19, plFlavor=0x2f5d88c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x100c, varVal2=0x0), pType=0x2f5d888*=19, plFlavor=0x2f5d88c*=0) returned 0x0 [0276.877] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.877] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.877] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.877] IWbemClassObject:Get (in: This=0x9b4750, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5d98c*=0, plFlavor=0x2f5d990*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ShellExperienceHost.exe", varVal2=0x0), pType=0x2f5d98c*=8, plFlavor=0x2f5d990*=0) returned 0x0 [0276.877] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0276.877] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0276.877] IWbemClassObject:Get (in: This=0x9b4750, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5d98c*=8, plFlavor=0x2f5d990*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ShellExperienceHost.exe", varVal2=0x0), pType=0x2f5d98c*=8, plFlavor=0x2f5d990*=0) returned 0x0 [0276.877] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0276.877] SysStringByteLen (bstr="ShellExperienceHost.exe") returned 0x2e [0276.877] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0276.877] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0276.877] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0276.878] IWbemClassObject:Get (in: This=0x9b4750, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5daf8*=0, plFlavor=0x2f5dafc*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca", varVal2=0x0), pType=0x2f5daf8*=8, plFlavor=0x2f5dafc*=0) returned 0x0 [0276.878] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca") returned 0x114 [0276.878] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca") returned 0x114 [0276.878] IWbemClassObject:Get (in: This=0x9b4750, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5daf8*=8, plFlavor=0x2f5dafc*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca", varVal2=0x0), pType=0x2f5daf8*=8, plFlavor=0x2f5dafc*=0) returned 0x0 [0276.878] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca") returned 0x114 [0276.878] SysStringByteLen (bstr="\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca") returned 0x114 [0276.878] CoTaskMemAlloc (cb=0x4) returned 0x989da0 [0276.878] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989da0, puReturned=0x2f500f0 | out: apObjects=0x989da0*=0x9b4c18, puReturned=0x2f500f0*=0x1) returned 0x0 [0276.961] IUnknown:QueryInterface (in: This=0x9b4c18, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b4c18) returned 0x0 [0276.962] IUnknown:QueryInterface (in: This=0x9b4c18, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0276.962] IUnknown:QueryInterface (in: This=0x9b4c18, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0276.962] IUnknown:QueryInterface (in: This=0x9b4c18, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0276.962] IUnknown:AddRef (This=0x9b4c18) returned 0x3 [0276.962] IUnknown:QueryInterface (in: This=0x9b4c18, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0276.962] IUnknown:QueryInterface (in: This=0x9b4c18, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0276.962] IUnknown:QueryInterface (in: This=0x9b4c18, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b4c1c) returned 0x0 [0276.962] IMarshal:GetUnmarshalClass (in: This=0x9b4c1c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0276.963] IUnknown:Release (This=0x9b4c1c) returned 0x3 [0276.963] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0276.963] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0276.963] IUnknown:QueryInterface (in: This=0x9b4c18, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0276.963] IUnknown:Release (This=0x9b4c18) returned 0x2 [0276.963] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0276.963] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0276.963] IUnknown:QueryInterface (in: This=0x9b4c18, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b4c18) returned 0x0 [0276.963] IUnknown:AddRef (This=0x9b4c18) returned 0x4 [0276.963] IUnknown:Release (This=0x9b4c18) returned 0x3 [0276.963] IUnknown:Release (This=0x9b4c18) returned 0x2 [0276.963] CoTaskMemFree (pv=0x989da0) [0276.963] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0276.963] IUnknown:AddRef (This=0x9b4c18) returned 0x3 [0276.963] IWbemClassObject:Get (in: This=0x9b4c18, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0276.964] IWbemClassObject:Get (in: This=0x9b4c18, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4796\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0276.964] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4796\"") returned 0x66 [0276.964] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4796\"") returned 0x66 [0276.964] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.070] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.070] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.070] IUnknown:Release (This=0x968724) returned 0x1 [0277.075] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989da0) returned 0x0 [0277.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x989da0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.076] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989da0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b3fa0) returned 0x0 [0277.076] WbemDefPath:IUnknown:Release (This=0x989da0) returned 0x0 [0277.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3fa0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b3fa0) returned 0x0 [0277.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3fa0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3fa0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.077] WbemDefPath:IUnknown:AddRef (This=0x9b3fa0) returned 0x3 [0277.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3fa0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3fa0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3fa0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9b6ce0) returned 0x0 [0277.077] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9b6ce0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.077] WbemDefPath:IUnknown:Release (This=0x9b6ce0) returned 0x3 [0277.077] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.077] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3fa0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.077] WbemDefPath:IUnknown:Release (This=0x9b3fa0) returned 0x2 [0277.077] WbemDefPath:IUnknown:Release (This=0x9b3fa0) returned 0x1 [0277.078] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.078] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.078] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3fa0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b3fa0) returned 0x0 [0277.078] WbemDefPath:IUnknown:AddRef (This=0x9b3fa0) returned 0x3 [0277.078] WbemDefPath:IUnknown:Release (This=0x9b3fa0) returned 0x2 [0277.078] WbemDefPath:IWbemPath:SetText (This=0x9b3fa0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4796\"") returned 0x0 [0277.078] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.078] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.078] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.078] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.078] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.078] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.078] IWbemClassObject:Get (in: This=0x9b4c18, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5e814*=0, plFlavor=0x2f5e818*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12bc, varVal2=0x0), pType=0x2f5e814*=19, plFlavor=0x2f5e818*=0) returned 0x0 [0277.079] IWbemClassObject:Get (in: This=0x9b4c18, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5e814*=19, plFlavor=0x2f5e818*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12bc, varVal2=0x0), pType=0x2f5e814*=19, plFlavor=0x2f5e818*=0) returned 0x0 [0277.079] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.079] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.079] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.079] IWbemClassObject:Get (in: This=0x9b4c18, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5e918*=0, plFlavor=0x2f5e91c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="difference.exe", varVal2=0x0), pType=0x2f5e918*=8, plFlavor=0x2f5e91c*=0) returned 0x0 [0277.079] SysStringByteLen (bstr="difference.exe") returned 0x1c [0277.079] SysStringByteLen (bstr="difference.exe") returned 0x1c [0277.079] IWbemClassObject:Get (in: This=0x9b4c18, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5e918*=8, plFlavor=0x2f5e91c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="difference.exe", varVal2=0x0), pType=0x2f5e918*=8, plFlavor=0x2f5e91c*=0) returned 0x0 [0277.079] SysStringByteLen (bstr="difference.exe") returned 0x1c [0277.080] SysStringByteLen (bstr="difference.exe") returned 0x1c [0277.080] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.080] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.080] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.080] IWbemClassObject:Get (in: This=0x9b4c18, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5ea64*=0, plFlavor=0x2f5ea68*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\difference.exe\" ", varVal2=0x0), pType=0x2f5ea64*=8, plFlavor=0x2f5ea68*=0) returned 0x0 [0277.080] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\difference.exe\" ") returned 0x74 [0277.080] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\difference.exe\" ") returned 0x74 [0277.080] IWbemClassObject:Get (in: This=0x9b4c18, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5ea64*=8, plFlavor=0x2f5ea68*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\difference.exe\" ", varVal2=0x0), pType=0x2f5ea64*=8, plFlavor=0x2f5ea68*=0) returned 0x0 [0277.080] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\difference.exe\" ") returned 0x74 [0277.080] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\difference.exe\" ") returned 0x74 [0277.080] CoTaskMemAlloc (cb=0x4) returned 0x989e20 [0277.080] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e20, puReturned=0x2f500f0 | out: apObjects=0x989e20*=0x9b4a80, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.082] IUnknown:QueryInterface (in: This=0x9b4a80, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b4a80) returned 0x0 [0277.082] IUnknown:QueryInterface (in: This=0x9b4a80, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.082] IUnknown:QueryInterface (in: This=0x9b4a80, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.083] IUnknown:QueryInterface (in: This=0x9b4a80, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.083] IUnknown:AddRef (This=0x9b4a80) returned 0x3 [0277.083] IUnknown:QueryInterface (in: This=0x9b4a80, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.083] IUnknown:QueryInterface (in: This=0x9b4a80, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.083] IUnknown:QueryInterface (in: This=0x9b4a80, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b4a84) returned 0x0 [0277.083] IMarshal:GetUnmarshalClass (in: This=0x9b4a84, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.083] IUnknown:Release (This=0x9b4a84) returned 0x3 [0277.083] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.083] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.084] IUnknown:QueryInterface (in: This=0x9b4a80, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.084] IUnknown:Release (This=0x9b4a80) returned 0x2 [0277.084] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.084] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.084] IUnknown:QueryInterface (in: This=0x9b4a80, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b4a80) returned 0x0 [0277.084] IUnknown:AddRef (This=0x9b4a80) returned 0x4 [0277.084] IUnknown:Release (This=0x9b4a80) returned 0x3 [0277.084] IUnknown:Release (This=0x9b4a80) returned 0x2 [0277.084] CoTaskMemFree (pv=0x989e20) [0277.084] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.084] IUnknown:AddRef (This=0x9b4a80) returned 0x3 [0277.084] IWbemClassObject:Get (in: This=0x9b4a80, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.085] IWbemClassObject:Get (in: This=0x9b4a80, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4808\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.085] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4808\"") returned 0x66 [0277.085] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4808\"") returned 0x66 [0277.085] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.085] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.085] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.085] IUnknown:Release (This=0x968724) returned 0x1 [0277.088] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e30) returned 0x0 [0277.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e30, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.088] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e30, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b3750) returned 0x0 [0277.088] WbemDefPath:IUnknown:Release (This=0x989e30) returned 0x0 [0277.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3750, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b3750) returned 0x0 [0277.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3750, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.088] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3750, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.089] WbemDefPath:IUnknown:AddRef (This=0x9b3750) returned 0x3 [0277.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3750, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3750, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.089] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3750, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9b7028) returned 0x0 [0277.089] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9b7028, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.089] WbemDefPath:IUnknown:Release (This=0x9b7028) returned 0x3 [0277.093] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.093] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3750, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.093] WbemDefPath:IUnknown:Release (This=0x9b3750) returned 0x2 [0277.093] WbemDefPath:IUnknown:Release (This=0x9b3750) returned 0x1 [0277.093] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.093] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3750, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b3750) returned 0x0 [0277.093] WbemDefPath:IUnknown:AddRef (This=0x9b3750) returned 0x3 [0277.093] WbemDefPath:IUnknown:Release (This=0x9b3750) returned 0x2 [0277.093] WbemDefPath:IWbemPath:SetText (This=0x9b3750, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4808\"") returned 0x0 [0277.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.094] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.094] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.094] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.094] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.094] IWbemClassObject:Get (in: This=0x9b4a80, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5f4f4*=0, plFlavor=0x2f5f4f8*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12c8, varVal2=0x0), pType=0x2f5f4f4*=19, plFlavor=0x2f5f4f8*=0) returned 0x0 [0277.094] IWbemClassObject:Get (in: This=0x9b4a80, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5f4f4*=19, plFlavor=0x2f5f4f8*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12c8, varVal2=0x0), pType=0x2f5f4f4*=19, plFlavor=0x2f5f4f8*=0) returned 0x0 [0277.095] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.095] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.095] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.095] IWbemClassObject:Get (in: This=0x9b4a80, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5f5f8*=0, plFlavor=0x2f5f5fc*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="north audience skill.exe", varVal2=0x0), pType=0x2f5f5f8*=8, plFlavor=0x2f5f5fc*=0) returned 0x0 [0277.095] SysStringByteLen (bstr="north audience skill.exe") returned 0x30 [0277.095] SysStringByteLen (bstr="north audience skill.exe") returned 0x30 [0277.095] IWbemClassObject:Get (in: This=0x9b4a80, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5f5f8*=8, plFlavor=0x2f5f5fc*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="north audience skill.exe", varVal2=0x0), pType=0x2f5f5f8*=8, plFlavor=0x2f5f5fc*=0) returned 0x0 [0277.095] SysStringByteLen (bstr="north audience skill.exe") returned 0x30 [0277.095] SysStringByteLen (bstr="north audience skill.exe") returned 0x30 [0277.095] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.095] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.095] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.096] IWbemClassObject:Get (in: This=0x9b4a80, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5f76c*=0, plFlavor=0x2f5f770*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Sidebar\\north audience skill.exe\" ", varVal2=0x0), pType=0x2f5f76c*=8, plFlavor=0x2f5f770*=0) returned 0x0 [0277.096] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Sidebar\\north audience skill.exe\" ") returned 0x84 [0277.096] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Sidebar\\north audience skill.exe\" ") returned 0x84 [0277.096] IWbemClassObject:Get (in: This=0x9b4a80, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f5f76c*=8, plFlavor=0x2f5f770*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Sidebar\\north audience skill.exe\" ", varVal2=0x0), pType=0x2f5f76c*=8, plFlavor=0x2f5f770*=0) returned 0x0 [0277.096] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Sidebar\\north audience skill.exe\" ") returned 0x84 [0277.096] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Sidebar\\north audience skill.exe\" ") returned 0x84 [0277.096] CoTaskMemAlloc (cb=0x4) returned 0x989e50 [0277.096] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e50, puReturned=0x2f500f0 | out: apObjects=0x989e50*=0x9b4db0, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.098] IUnknown:QueryInterface (in: This=0x9b4db0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b4db0) returned 0x0 [0277.098] IUnknown:QueryInterface (in: This=0x9b4db0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.098] IUnknown:QueryInterface (in: This=0x9b4db0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.098] IUnknown:QueryInterface (in: This=0x9b4db0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.099] IUnknown:AddRef (This=0x9b4db0) returned 0x3 [0277.099] IUnknown:QueryInterface (in: This=0x9b4db0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.099] IUnknown:QueryInterface (in: This=0x9b4db0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.099] IUnknown:QueryInterface (in: This=0x9b4db0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b4db4) returned 0x0 [0277.099] IMarshal:GetUnmarshalClass (in: This=0x9b4db4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.099] IUnknown:Release (This=0x9b4db4) returned 0x3 [0277.099] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.099] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.099] IUnknown:QueryInterface (in: This=0x9b4db0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.099] IUnknown:Release (This=0x9b4db0) returned 0x2 [0277.099] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.100] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.100] IUnknown:QueryInterface (in: This=0x9b4db0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b4db0) returned 0x0 [0277.100] IUnknown:AddRef (This=0x9b4db0) returned 0x4 [0277.100] IUnknown:Release (This=0x9b4db0) returned 0x3 [0277.100] IUnknown:Release (This=0x9b4db0) returned 0x2 [0277.100] CoTaskMemFree (pv=0x989e50) [0277.100] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.100] IUnknown:AddRef (This=0x9b4db0) returned 0x3 [0277.100] IWbemClassObject:Get (in: This=0x9b4db0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.101] IWbemClassObject:Get (in: This=0x9b4db0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4816\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.101] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4816\"") returned 0x66 [0277.101] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4816\"") returned 0x66 [0277.101] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.101] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.101] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.101] IUnknown:Release (This=0x968724) returned 0x1 [0277.103] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989dd0) returned 0x0 [0277.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x989dd0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.104] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989dd0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b3b40) returned 0x0 [0277.104] WbemDefPath:IUnknown:Release (This=0x989dd0) returned 0x0 [0277.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3b40, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b3b40) returned 0x0 [0277.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3b40, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.104] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3b40, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.104] WbemDefPath:IUnknown:AddRef (This=0x9b3b40) returned 0x3 [0277.105] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3b40, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.105] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3b40, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.105] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3b40, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9b70b8) returned 0x0 [0277.211] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9b70b8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.211] WbemDefPath:IUnknown:Release (This=0x9b70b8) returned 0x3 [0277.211] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.211] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3b40, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.211] WbemDefPath:IUnknown:Release (This=0x9b3b40) returned 0x2 [0277.211] WbemDefPath:IUnknown:Release (This=0x9b3b40) returned 0x1 [0277.211] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.211] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.211] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3b40, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b3b40) returned 0x0 [0277.212] WbemDefPath:IUnknown:AddRef (This=0x9b3b40) returned 0x3 [0277.212] WbemDefPath:IUnknown:Release (This=0x9b3b40) returned 0x2 [0277.212] WbemDefPath:IWbemPath:SetText (This=0x9b3b40, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4816\"") returned 0x0 [0277.212] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.212] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.213] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.213] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.213] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.213] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.213] IWbemClassObject:Get (in: This=0x9b4db0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6024c*=0, plFlavor=0x2f60250*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12d0, varVal2=0x0), pType=0x2f6024c*=19, plFlavor=0x2f60250*=0) returned 0x0 [0277.213] IWbemClassObject:Get (in: This=0x9b4db0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6024c*=19, plFlavor=0x2f60250*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12d0, varVal2=0x0), pType=0x2f6024c*=19, plFlavor=0x2f60250*=0) returned 0x0 [0277.214] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.214] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.214] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.214] IWbemClassObject:Get (in: This=0x9b4db0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f60350*=0, plFlavor=0x2f60354*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="setafter.exe", varVal2=0x0), pType=0x2f60350*=8, plFlavor=0x2f60354*=0) returned 0x0 [0277.214] SysStringByteLen (bstr="setafter.exe") returned 0x18 [0277.214] SysStringByteLen (bstr="setafter.exe") returned 0x18 [0277.214] IWbemClassObject:Get (in: This=0x9b4db0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f60350*=8, plFlavor=0x2f60354*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="setafter.exe", varVal2=0x0), pType=0x2f60350*=8, plFlavor=0x2f60354*=0) returned 0x0 [0277.214] SysStringByteLen (bstr="setafter.exe") returned 0x18 [0277.214] SysStringByteLen (bstr="setafter.exe") returned 0x18 [0277.218] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.218] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.218] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.218] IWbemClassObject:Get (in: This=0x9b4db0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f60494*=0, plFlavor=0x2f60498*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Mail\\setafter.exe\" ", varVal2=0x0), pType=0x2f60494*=8, plFlavor=0x2f60498*=0) returned 0x0 [0277.218] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Mail\\setafter.exe\" ") returned 0x5a [0277.218] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Mail\\setafter.exe\" ") returned 0x5a [0277.219] IWbemClassObject:Get (in: This=0x9b4db0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f60494*=8, plFlavor=0x2f60498*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Mail\\setafter.exe\" ", varVal2=0x0), pType=0x2f60494*=8, plFlavor=0x2f60498*=0) returned 0x0 [0277.219] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Mail\\setafter.exe\" ") returned 0x5a [0277.219] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Mail\\setafter.exe\" ") returned 0x5a [0277.219] CoTaskMemAlloc (cb=0x4) returned 0x989c90 [0277.219] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989c90, puReturned=0x2f500f0 | out: apObjects=0x989c90*=0x9b4f48, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.220] IUnknown:QueryInterface (in: This=0x9b4f48, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b4f48) returned 0x0 [0277.220] IUnknown:QueryInterface (in: This=0x9b4f48, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.220] IUnknown:QueryInterface (in: This=0x9b4f48, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.220] IUnknown:QueryInterface (in: This=0x9b4f48, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.221] IUnknown:AddRef (This=0x9b4f48) returned 0x3 [0277.221] IUnknown:QueryInterface (in: This=0x9b4f48, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.221] IUnknown:QueryInterface (in: This=0x9b4f48, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.221] IUnknown:QueryInterface (in: This=0x9b4f48, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b4f4c) returned 0x0 [0277.221] IMarshal:GetUnmarshalClass (in: This=0x9b4f4c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.221] IUnknown:Release (This=0x9b4f4c) returned 0x3 [0277.221] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.221] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.221] IUnknown:QueryInterface (in: This=0x9b4f48, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.221] IUnknown:Release (This=0x9b4f48) returned 0x2 [0277.221] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.221] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.221] IUnknown:QueryInterface (in: This=0x9b4f48, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b4f48) returned 0x0 [0277.222] IUnknown:AddRef (This=0x9b4f48) returned 0x4 [0277.222] IUnknown:Release (This=0x9b4f48) returned 0x3 [0277.222] IUnknown:Release (This=0x9b4f48) returned 0x2 [0277.222] CoTaskMemFree (pv=0x989c90) [0277.222] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.222] IUnknown:AddRef (This=0x9b4f48) returned 0x3 [0277.222] IWbemClassObject:Get (in: This=0x9b4f48, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.222] IWbemClassObject:Get (in: This=0x9b4f48, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4888\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.222] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4888\"") returned 0x66 [0277.222] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4888\"") returned 0x66 [0277.222] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.223] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.223] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.223] IUnknown:Release (This=0x968724) returned 0x1 [0277.224] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989de0) returned 0x0 [0277.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x989de0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.225] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989de0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b4160) returned 0x0 [0277.225] WbemDefPath:IUnknown:Release (This=0x989de0) returned 0x0 [0277.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4160, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b4160) returned 0x0 [0277.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4160, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4160, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.225] WbemDefPath:IUnknown:AddRef (This=0x9b4160) returned 0x3 [0277.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4160, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4160, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4160, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9b6488) returned 0x0 [0277.225] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9b6488, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.226] WbemDefPath:IUnknown:Release (This=0x9b6488) returned 0x3 [0277.226] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.226] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4160, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.226] WbemDefPath:IUnknown:Release (This=0x9b4160) returned 0x2 [0277.226] WbemDefPath:IUnknown:Release (This=0x9b4160) returned 0x1 [0277.226] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.226] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4160, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b4160) returned 0x0 [0277.226] WbemDefPath:IUnknown:AddRef (This=0x9b4160) returned 0x3 [0277.226] WbemDefPath:IUnknown:Release (This=0x9b4160) returned 0x2 [0277.226] WbemDefPath:IWbemPath:SetText (This=0x9b4160, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4888\"") returned 0x0 [0277.226] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.226] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.226] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.226] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.226] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.226] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.226] IWbemClassObject:Get (in: This=0x9b4f48, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f60ed0*=0, plFlavor=0x2f60ed4*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1318, varVal2=0x0), pType=0x2f60ed0*=19, plFlavor=0x2f60ed4*=0) returned 0x0 [0277.227] IWbemClassObject:Get (in: This=0x9b4f48, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f60ed0*=19, plFlavor=0x2f60ed4*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1318, varVal2=0x0), pType=0x2f60ed0*=19, plFlavor=0x2f60ed4*=0) returned 0x0 [0277.227] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.227] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.227] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.227] IWbemClassObject:Get (in: This=0x9b4f48, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f60fd4*=0, plFlavor=0x2f60fd8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sound.exe", varVal2=0x0), pType=0x2f60fd4*=8, plFlavor=0x2f60fd8*=0) returned 0x0 [0277.227] SysStringByteLen (bstr="sound.exe") returned 0x12 [0277.227] SysStringByteLen (bstr="sound.exe") returned 0x12 [0277.227] IWbemClassObject:Get (in: This=0x9b4f48, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f60fd4*=8, plFlavor=0x2f60fd8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="sound.exe", varVal2=0x0), pType=0x2f60fd4*=8, plFlavor=0x2f60fd8*=0) returned 0x0 [0277.227] SysStringByteLen (bstr="sound.exe") returned 0x12 [0277.227] SysStringByteLen (bstr="sound.exe") returned 0x12 [0277.227] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.228] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.228] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.228] IWbemClassObject:Get (in: This=0x9b4f48, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f61108*=0, plFlavor=0x2f6110c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Mozilla Firefox\\sound.exe\" ", varVal2=0x0), pType=0x2f61108*=8, plFlavor=0x2f6110c*=0) returned 0x0 [0277.228] SysStringByteLen (bstr="\"C:\\Program Files\\Mozilla Firefox\\sound.exe\" ") returned 0x5a [0277.228] SysStringByteLen (bstr="\"C:\\Program Files\\Mozilla Firefox\\sound.exe\" ") returned 0x5a [0277.228] IWbemClassObject:Get (in: This=0x9b4f48, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f61108*=8, plFlavor=0x2f6110c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Mozilla Firefox\\sound.exe\" ", varVal2=0x0), pType=0x2f61108*=8, plFlavor=0x2f6110c*=0) returned 0x0 [0277.228] SysStringByteLen (bstr="\"C:\\Program Files\\Mozilla Firefox\\sound.exe\" ") returned 0x5a [0277.228] SysStringByteLen (bstr="\"C:\\Program Files\\Mozilla Firefox\\sound.exe\" ") returned 0x5a [0277.228] CoTaskMemAlloc (cb=0x4) returned 0x989d90 [0277.228] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d90, puReturned=0x2f500f0 | out: apObjects=0x989d90*=0x9baaa8, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.233] IUnknown:QueryInterface (in: This=0x9baaa8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9baaa8) returned 0x0 [0277.234] IUnknown:QueryInterface (in: This=0x9baaa8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.234] IUnknown:QueryInterface (in: This=0x9baaa8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.234] IUnknown:QueryInterface (in: This=0x9baaa8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.234] IUnknown:AddRef (This=0x9baaa8) returned 0x3 [0277.234] IUnknown:QueryInterface (in: This=0x9baaa8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.234] IUnknown:QueryInterface (in: This=0x9baaa8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.234] IUnknown:QueryInterface (in: This=0x9baaa8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9baaac) returned 0x0 [0277.234] IMarshal:GetUnmarshalClass (in: This=0x9baaac, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.234] IUnknown:Release (This=0x9baaac) returned 0x3 [0277.234] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.234] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.234] IUnknown:QueryInterface (in: This=0x9baaa8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.234] IUnknown:Release (This=0x9baaa8) returned 0x2 [0277.234] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.234] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.235] IUnknown:QueryInterface (in: This=0x9baaa8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9baaa8) returned 0x0 [0277.235] IUnknown:AddRef (This=0x9baaa8) returned 0x4 [0277.235] IUnknown:Release (This=0x9baaa8) returned 0x3 [0277.235] IUnknown:Release (This=0x9baaa8) returned 0x2 [0277.235] CoTaskMemFree (pv=0x989d90) [0277.235] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.235] IUnknown:AddRef (This=0x9baaa8) returned 0x3 [0277.235] IWbemClassObject:Get (in: This=0x9baaa8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.235] IWbemClassObject:Get (in: This=0x9baaa8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4904\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.235] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4904\"") returned 0x66 [0277.235] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4904\"") returned 0x66 [0277.236] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.236] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.236] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.236] IUnknown:Release (This=0x968724) returned 0x1 [0277.237] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d90) returned 0x0 [0277.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.238] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b3d70) returned 0x0 [0277.238] WbemDefPath:IUnknown:Release (This=0x989d90) returned 0x0 [0277.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3d70, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b3d70) returned 0x0 [0277.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3d70, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3d70, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.238] WbemDefPath:IUnknown:AddRef (This=0x9b3d70) returned 0x3 [0277.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3d70, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3d70, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.238] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3d70, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9b6548) returned 0x0 [0277.238] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9b6548, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.238] WbemDefPath:IUnknown:Release (This=0x9b6548) returned 0x3 [0277.238] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.238] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3d70, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.239] WbemDefPath:IUnknown:Release (This=0x9b3d70) returned 0x2 [0277.239] WbemDefPath:IUnknown:Release (This=0x9b3d70) returned 0x1 [0277.239] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.239] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.239] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3d70, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b3d70) returned 0x0 [0277.239] WbemDefPath:IUnknown:AddRef (This=0x9b3d70) returned 0x3 [0277.239] WbemDefPath:IUnknown:Release (This=0x9b3d70) returned 0x2 [0277.239] WbemDefPath:IWbemPath:SetText (This=0x9b3d70, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4904\"") returned 0x0 [0277.239] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.239] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.239] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.239] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.239] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.239] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.239] IWbemClassObject:Get (in: This=0x9baaa8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f61b3c*=0, plFlavor=0x2f61b40*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1328, varVal2=0x0), pType=0x2f61b3c*=19, plFlavor=0x2f61b40*=0) returned 0x0 [0277.240] IWbemClassObject:Get (in: This=0x9baaa8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f61b3c*=19, plFlavor=0x2f61b40*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1328, varVal2=0x0), pType=0x2f61b3c*=19, plFlavor=0x2f61b40*=0) returned 0x0 [0277.240] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.240] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.240] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.240] IWbemClassObject:Get (in: This=0x9baaa8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f61c40*=0, plFlavor=0x2f61c44*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="back.exe", varVal2=0x0), pType=0x2f61c40*=8, plFlavor=0x2f61c44*=0) returned 0x0 [0277.240] SysStringByteLen (bstr="back.exe") returned 0x10 [0277.240] SysStringByteLen (bstr="back.exe") returned 0x10 [0277.240] IWbemClassObject:Get (in: This=0x9baaa8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f61c40*=8, plFlavor=0x2f61c44*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="back.exe", varVal2=0x0), pType=0x2f61c40*=8, plFlavor=0x2f61c44*=0) returned 0x0 [0277.240] SysStringByteLen (bstr="back.exe") returned 0x10 [0277.240] SysStringByteLen (bstr="back.exe") returned 0x10 [0277.240] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.240] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.240] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.240] IWbemClassObject:Get (in: This=0x9baaa8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f61d74*=0, plFlavor=0x2f61d78*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Adobe\\back.exe\" ", varVal2=0x0), pType=0x2f61d74*=8, plFlavor=0x2f61d78*=0) returned 0x0 [0277.241] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\back.exe\" ") returned 0x50 [0277.241] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\back.exe\" ") returned 0x50 [0277.241] IWbemClassObject:Get (in: This=0x9baaa8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f61d74*=8, plFlavor=0x2f61d78*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Adobe\\back.exe\" ", varVal2=0x0), pType=0x2f61d74*=8, plFlavor=0x2f61d78*=0) returned 0x0 [0277.241] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\back.exe\" ") returned 0x50 [0277.241] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\back.exe\" ") returned 0x50 [0277.241] CoTaskMemAlloc (cb=0x4) returned 0x989dd0 [0277.241] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989dd0, puReturned=0x2f500f0 | out: apObjects=0x989dd0*=0x9baf70, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.243] IUnknown:QueryInterface (in: This=0x9baf70, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9baf70) returned 0x0 [0277.243] IUnknown:QueryInterface (in: This=0x9baf70, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.244] IUnknown:QueryInterface (in: This=0x9baf70, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.244] IUnknown:QueryInterface (in: This=0x9baf70, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.244] IUnknown:AddRef (This=0x9baf70) returned 0x3 [0277.244] IUnknown:QueryInterface (in: This=0x9baf70, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.244] IUnknown:QueryInterface (in: This=0x9baf70, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.244] IUnknown:QueryInterface (in: This=0x9baf70, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9baf74) returned 0x0 [0277.244] IMarshal:GetUnmarshalClass (in: This=0x9baf74, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.244] IUnknown:Release (This=0x9baf74) returned 0x3 [0277.244] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.244] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.244] IUnknown:QueryInterface (in: This=0x9baf70, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.244] IUnknown:Release (This=0x9baf70) returned 0x2 [0277.244] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.244] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.244] IUnknown:QueryInterface (in: This=0x9baf70, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9baf70) returned 0x0 [0277.245] IUnknown:AddRef (This=0x9baf70) returned 0x4 [0277.245] IUnknown:Release (This=0x9baf70) returned 0x3 [0277.245] IUnknown:Release (This=0x9baf70) returned 0x2 [0277.245] CoTaskMemFree (pv=0x989dd0) [0277.245] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.245] IUnknown:AddRef (This=0x9baf70) returned 0x3 [0277.245] IWbemClassObject:Get (in: This=0x9baf70, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.245] IWbemClassObject:Get (in: This=0x9baf70, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4976\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.245] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4976\"") returned 0x66 [0277.249] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4976\"") returned 0x66 [0277.249] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.249] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.249] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.249] IUnknown:Release (This=0x968724) returned 0x1 [0277.251] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989ca0) returned 0x0 [0277.251] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ca0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.251] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ca0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b3ec0) returned 0x0 [0277.251] WbemDefPath:IUnknown:Release (This=0x989ca0) returned 0x0 [0277.251] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ec0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b3ec0) returned 0x0 [0277.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ec0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ec0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.252] WbemDefPath:IUnknown:AddRef (This=0x9b3ec0) returned 0x3 [0277.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ec0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ec0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ec0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9b6938) returned 0x0 [0277.252] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9b6938, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.252] WbemDefPath:IUnknown:Release (This=0x9b6938) returned 0x3 [0277.252] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.252] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ec0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.252] WbemDefPath:IUnknown:Release (This=0x9b3ec0) returned 0x2 [0277.252] WbemDefPath:IUnknown:Release (This=0x9b3ec0) returned 0x1 [0277.252] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.252] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.252] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ec0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b3ec0) returned 0x0 [0277.253] WbemDefPath:IUnknown:AddRef (This=0x9b3ec0) returned 0x3 [0277.253] WbemDefPath:IUnknown:Release (This=0x9b3ec0) returned 0x2 [0277.253] WbemDefPath:IWbemPath:SetText (This=0x9b3ec0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4976\"") returned 0x0 [0277.253] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.253] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.253] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.253] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.253] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.253] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.253] IWbemClassObject:Get (in: This=0x9baf70, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f62798*=0, plFlavor=0x2f6279c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1370, varVal2=0x0), pType=0x2f62798*=19, plFlavor=0x2f6279c*=0) returned 0x0 [0277.253] IWbemClassObject:Get (in: This=0x9baf70, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f62798*=19, plFlavor=0x2f6279c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1370, varVal2=0x0), pType=0x2f62798*=19, plFlavor=0x2f6279c*=0) returned 0x0 [0277.253] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.253] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.254] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.254] IWbemClassObject:Get (in: This=0x9baf70, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6289c*=0, plFlavor=0x2f628a0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="which_provide.exe", varVal2=0x0), pType=0x2f6289c*=8, plFlavor=0x2f628a0*=0) returned 0x0 [0277.254] SysStringByteLen (bstr="which_provide.exe") returned 0x22 [0277.254] SysStringByteLen (bstr="which_provide.exe") returned 0x22 [0277.254] IWbemClassObject:Get (in: This=0x9baf70, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6289c*=8, plFlavor=0x2f628a0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="which_provide.exe", varVal2=0x0), pType=0x2f6289c*=8, plFlavor=0x2f628a0*=0) returned 0x0 [0277.254] SysStringByteLen (bstr="which_provide.exe") returned 0x22 [0277.254] SysStringByteLen (bstr="which_provide.exe") returned 0x22 [0277.254] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.254] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.254] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.254] IWbemClassObject:Get (in: This=0x9baf70, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f629f0*=0, plFlavor=0x2f629f4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\which_provide.exe\" ", varVal2=0x0), pType=0x2f629f0*=8, plFlavor=0x2f629f4*=0) returned 0x0 [0277.254] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\which_provide.exe\" ") returned 0xa2 [0277.254] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\which_provide.exe\" ") returned 0xa2 [0277.254] IWbemClassObject:Get (in: This=0x9baf70, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f629f0*=8, plFlavor=0x2f629f4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\which_provide.exe\" ", varVal2=0x0), pType=0x2f629f0*=8, plFlavor=0x2f629f4*=0) returned 0x0 [0277.254] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\which_provide.exe\" ") returned 0xa2 [0277.254] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\which_provide.exe\" ") returned 0xa2 [0277.255] CoTaskMemAlloc (cb=0x4) returned 0x989e50 [0277.255] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e50, puReturned=0x2f500f0 | out: apObjects=0x989e50*=0x9badd8, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.428] IUnknown:QueryInterface (in: This=0x9badd8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9badd8) returned 0x0 [0277.429] IUnknown:QueryInterface (in: This=0x9badd8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.429] IUnknown:QueryInterface (in: This=0x9badd8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.429] IUnknown:QueryInterface (in: This=0x9badd8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.429] IUnknown:AddRef (This=0x9badd8) returned 0x3 [0277.429] IUnknown:QueryInterface (in: This=0x9badd8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.429] IUnknown:QueryInterface (in: This=0x9badd8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.429] IUnknown:QueryInterface (in: This=0x9badd8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9baddc) returned 0x0 [0277.429] IMarshal:GetUnmarshalClass (in: This=0x9baddc, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.429] IUnknown:Release (This=0x9baddc) returned 0x3 [0277.429] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.430] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.430] IUnknown:QueryInterface (in: This=0x9badd8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.430] IUnknown:Release (This=0x9badd8) returned 0x2 [0277.430] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.430] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.430] IUnknown:QueryInterface (in: This=0x9badd8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9badd8) returned 0x0 [0277.430] IUnknown:AddRef (This=0x9badd8) returned 0x4 [0277.430] IUnknown:Release (This=0x9badd8) returned 0x3 [0277.430] IUnknown:Release (This=0x9badd8) returned 0x2 [0277.430] CoTaskMemFree (pv=0x989e50) [0277.430] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.430] IUnknown:AddRef (This=0x9badd8) returned 0x3 [0277.430] IWbemClassObject:Get (in: This=0x9badd8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.431] IWbemClassObject:Get (in: This=0x9badd8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5052\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.431] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5052\"") returned 0x66 [0277.431] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5052\"") returned 0x66 [0277.431] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.431] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.431] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.431] IUnknown:Release (This=0x968724) returned 0x1 [0277.433] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d90) returned 0x0 [0277.434] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.434] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b39f0) returned 0x0 [0277.435] WbemDefPath:IUnknown:Release (This=0x989d90) returned 0x0 [0277.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b39f0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b39f0) returned 0x0 [0277.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b39f0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.435] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b39f0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.436] WbemDefPath:IUnknown:AddRef (This=0x9b39f0) returned 0x3 [0277.436] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b39f0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.436] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b39f0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b39f0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9b6908) returned 0x0 [0277.437] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9b6908, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.437] WbemDefPath:IUnknown:Release (This=0x9b6908) returned 0x3 [0277.437] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.437] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b39f0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.437] WbemDefPath:IUnknown:Release (This=0x9b39f0) returned 0x2 [0277.437] WbemDefPath:IUnknown:Release (This=0x9b39f0) returned 0x1 [0277.437] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.437] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.437] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b39f0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b39f0) returned 0x0 [0277.437] WbemDefPath:IUnknown:AddRef (This=0x9b39f0) returned 0x3 [0277.437] WbemDefPath:IUnknown:Release (This=0x9b39f0) returned 0x2 [0277.437] WbemDefPath:IWbemPath:SetText (This=0x9b39f0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5052\"") returned 0x0 [0277.437] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.437] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.437] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.437] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.437] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.437] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.438] IWbemClassObject:Get (in: This=0x9badd8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6350c*=0, plFlavor=0x2f63510*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13bc, varVal2=0x0), pType=0x2f6350c*=19, plFlavor=0x2f63510*=0) returned 0x0 [0277.438] IWbemClassObject:Get (in: This=0x9badd8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6350c*=19, plFlavor=0x2f63510*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13bc, varVal2=0x0), pType=0x2f6350c*=19, plFlavor=0x2f63510*=0) returned 0x0 [0277.438] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.438] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.438] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.438] IWbemClassObject:Get (in: This=0x9badd8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f63610*=0, plFlavor=0x2f63614*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="analysis different real.exe", varVal2=0x0), pType=0x2f63610*=8, plFlavor=0x2f63614*=0) returned 0x0 [0277.438] SysStringByteLen (bstr="analysis different real.exe") returned 0x36 [0277.438] SysStringByteLen (bstr="analysis different real.exe") returned 0x36 [0277.438] IWbemClassObject:Get (in: This=0x9badd8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f63610*=8, plFlavor=0x2f63614*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="analysis different real.exe", varVal2=0x0), pType=0x2f63610*=8, plFlavor=0x2f63614*=0) returned 0x0 [0277.439] SysStringByteLen (bstr="analysis different real.exe") returned 0x36 [0277.439] SysStringByteLen (bstr="analysis different real.exe") returned 0x36 [0277.439] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.439] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.439] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.439] IWbemClassObject:Get (in: This=0x9badd8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6378c*=0, plFlavor=0x2f63790*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Security\\analysis different real.exe\" ", varVal2=0x0), pType=0x2f6378c*=8, plFlavor=0x2f63790*=0) returned 0x0 [0277.439] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Security\\analysis different real.exe\" ") returned 0x80 [0277.439] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Security\\analysis different real.exe\" ") returned 0x80 [0277.439] IWbemClassObject:Get (in: This=0x9badd8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6378c*=8, plFlavor=0x2f63790*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Security\\analysis different real.exe\" ", varVal2=0x0), pType=0x2f6378c*=8, plFlavor=0x2f63790*=0) returned 0x0 [0277.439] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Security\\analysis different real.exe\" ") returned 0x80 [0277.439] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Security\\analysis different real.exe\" ") returned 0x80 [0277.439] CoTaskMemAlloc (cb=0x4) returned 0x989e50 [0277.439] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e50, puReturned=0x2f500f0 | out: apObjects=0x989e50*=0x9b9920, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.440] IUnknown:QueryInterface (in: This=0x9b9920, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b9920) returned 0x0 [0277.440] IUnknown:QueryInterface (in: This=0x9b9920, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.441] IUnknown:QueryInterface (in: This=0x9b9920, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.441] IUnknown:QueryInterface (in: This=0x9b9920, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.441] IUnknown:AddRef (This=0x9b9920) returned 0x3 [0277.441] IUnknown:QueryInterface (in: This=0x9b9920, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.441] IUnknown:QueryInterface (in: This=0x9b9920, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.441] IUnknown:QueryInterface (in: This=0x9b9920, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b9924) returned 0x0 [0277.441] IMarshal:GetUnmarshalClass (in: This=0x9b9924, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.441] IUnknown:Release (This=0x9b9924) returned 0x3 [0277.441] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.441] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.441] IUnknown:QueryInterface (in: This=0x9b9920, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.441] IUnknown:Release (This=0x9b9920) returned 0x2 [0277.441] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.441] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.441] IUnknown:QueryInterface (in: This=0x9b9920, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b9920) returned 0x0 [0277.442] IUnknown:AddRef (This=0x9b9920) returned 0x4 [0277.442] IUnknown:Release (This=0x9b9920) returned 0x3 [0277.442] IUnknown:Release (This=0x9b9920) returned 0x2 [0277.442] CoTaskMemFree (pv=0x989e50) [0277.442] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.442] IUnknown:AddRef (This=0x9b9920) returned 0x3 [0277.442] IWbemClassObject:Get (in: This=0x9b9920, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.442] IWbemClassObject:Get (in: This=0x9b9920, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5060\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.442] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5060\"") returned 0x66 [0277.442] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5060\"") returned 0x66 [0277.442] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.443] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.443] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.443] IUnknown:Release (This=0x968724) returned 0x1 [0277.444] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e20) returned 0x0 [0277.444] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e20, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.445] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e20, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b3910) returned 0x0 [0277.445] WbemDefPath:IUnknown:Release (This=0x989e20) returned 0x0 [0277.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3910, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b3910) returned 0x0 [0277.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3910, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3910, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.445] WbemDefPath:IUnknown:AddRef (This=0x9b3910) returned 0x3 [0277.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3910, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3910, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.445] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3910, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9b6b78) returned 0x0 [0277.445] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9b6b78, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.445] WbemDefPath:IUnknown:Release (This=0x9b6b78) returned 0x3 [0277.445] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.446] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3910, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.446] WbemDefPath:IUnknown:Release (This=0x9b3910) returned 0x2 [0277.446] WbemDefPath:IUnknown:Release (This=0x9b3910) returned 0x1 [0277.446] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.446] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.446] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3910, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b3910) returned 0x0 [0277.446] WbemDefPath:IUnknown:AddRef (This=0x9b3910) returned 0x3 [0277.446] WbemDefPath:IUnknown:Release (This=0x9b3910) returned 0x2 [0277.446] WbemDefPath:IWbemPath:SetText (This=0x9b3910, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5060\"") returned 0x0 [0277.446] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.446] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.446] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.447] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.447] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.447] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.447] IWbemClassObject:Get (in: This=0x9b9920, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f64268*=0, plFlavor=0x2f6426c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13c4, varVal2=0x0), pType=0x2f64268*=19, plFlavor=0x2f6426c*=0) returned 0x0 [0277.447] IWbemClassObject:Get (in: This=0x9b9920, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f64268*=19, plFlavor=0x2f6426c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13c4, varVal2=0x0), pType=0x2f64268*=19, plFlavor=0x2f6426c*=0) returned 0x0 [0277.447] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.447] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.447] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.447] IWbemClassObject:Get (in: This=0x9b9920, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6436c*=0, plFlavor=0x2f64370*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="level.exe", varVal2=0x0), pType=0x2f6436c*=8, plFlavor=0x2f64370*=0) returned 0x0 [0277.447] SysStringByteLen (bstr="level.exe") returned 0x12 [0277.447] SysStringByteLen (bstr="level.exe") returned 0x12 [0277.447] IWbemClassObject:Get (in: This=0x9b9920, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6436c*=8, plFlavor=0x2f64370*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="level.exe", varVal2=0x0), pType=0x2f6436c*=8, plFlavor=0x2f64370*=0) returned 0x0 [0277.448] SysStringByteLen (bstr="level.exe") returned 0x12 [0277.448] SysStringByteLen (bstr="level.exe") returned 0x12 [0277.448] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.448] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.448] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.448] IWbemClassObject:Get (in: This=0x9b9920, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f644a0*=0, plFlavor=0x2f644a4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Media Player\\level.exe\" ", varVal2=0x0), pType=0x2f644a0*=8, plFlavor=0x2f644a4*=0) returned 0x0 [0277.448] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\level.exe\" ") returned 0x70 [0277.448] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\level.exe\" ") returned 0x70 [0277.448] IWbemClassObject:Get (in: This=0x9b9920, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f644a0*=8, plFlavor=0x2f644a4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Media Player\\level.exe\" ", varVal2=0x0), pType=0x2f644a0*=8, plFlavor=0x2f644a4*=0) returned 0x0 [0277.448] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\level.exe\" ") returned 0x70 [0277.448] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\level.exe\" ") returned 0x70 [0277.448] CoTaskMemAlloc (cb=0x4) returned 0x989ce0 [0277.448] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989ce0, puReturned=0x2f500f0 | out: apObjects=0x989ce0*=0x9ba2b0, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.451] IUnknown:QueryInterface (in: This=0x9ba2b0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9ba2b0) returned 0x0 [0277.451] IUnknown:QueryInterface (in: This=0x9ba2b0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.451] IUnknown:QueryInterface (in: This=0x9ba2b0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.451] IUnknown:QueryInterface (in: This=0x9ba2b0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.452] IUnknown:AddRef (This=0x9ba2b0) returned 0x3 [0277.452] IUnknown:QueryInterface (in: This=0x9ba2b0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.452] IUnknown:QueryInterface (in: This=0x9ba2b0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.452] IUnknown:QueryInterface (in: This=0x9ba2b0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9ba2b4) returned 0x0 [0277.452] IMarshal:GetUnmarshalClass (in: This=0x9ba2b4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.452] IUnknown:Release (This=0x9ba2b4) returned 0x3 [0277.452] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.452] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.452] IUnknown:QueryInterface (in: This=0x9ba2b0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.452] IUnknown:Release (This=0x9ba2b0) returned 0x2 [0277.452] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.452] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.452] IUnknown:QueryInterface (in: This=0x9ba2b0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9ba2b0) returned 0x0 [0277.452] IUnknown:AddRef (This=0x9ba2b0) returned 0x4 [0277.452] IUnknown:Release (This=0x9ba2b0) returned 0x3 [0277.452] IUnknown:Release (This=0x9ba2b0) returned 0x2 [0277.452] CoTaskMemFree (pv=0x989ce0) [0277.453] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.453] IUnknown:AddRef (This=0x9ba2b0) returned 0x3 [0277.453] IWbemClassObject:Get (in: This=0x9ba2b0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.453] IWbemClassObject:Get (in: This=0x9ba2b0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5072\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.453] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5072\"") returned 0x66 [0277.453] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5072\"") returned 0x66 [0277.453] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.454] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.454] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.454] IUnknown:Release (This=0x968724) returned 0x1 [0277.455] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d90) returned 0x0 [0277.455] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.455] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b3ad0) returned 0x0 [0277.456] WbemDefPath:IUnknown:Release (This=0x989d90) returned 0x0 [0277.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ad0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b3ad0) returned 0x0 [0277.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ad0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ad0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.456] WbemDefPath:IUnknown:AddRef (This=0x9b3ad0) returned 0x3 [0277.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ad0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ad0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ad0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9b6a40) returned 0x0 [0277.456] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9b6a40, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.456] WbemDefPath:IUnknown:Release (This=0x9b6a40) returned 0x3 [0277.456] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.456] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.456] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ad0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.456] WbemDefPath:IUnknown:Release (This=0x9b3ad0) returned 0x2 [0277.457] WbemDefPath:IUnknown:Release (This=0x9b3ad0) returned 0x1 [0277.457] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.457] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.457] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3ad0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b3ad0) returned 0x0 [0277.457] WbemDefPath:IUnknown:AddRef (This=0x9b3ad0) returned 0x3 [0277.457] WbemDefPath:IUnknown:Release (This=0x9b3ad0) returned 0x2 [0277.457] WbemDefPath:IWbemPath:SetText (This=0x9b3ad0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5072\"") returned 0x0 [0277.457] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.457] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.457] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.457] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.458] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.458] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.458] IWbemClassObject:Get (in: This=0x9ba2b0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f64f1c*=0, plFlavor=0x2f64f20*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13d0, varVal2=0x0), pType=0x2f64f1c*=19, plFlavor=0x2f64f20*=0) returned 0x0 [0277.458] IWbemClassObject:Get (in: This=0x9ba2b0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f64f1c*=19, plFlavor=0x2f64f20*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13d0, varVal2=0x0), pType=0x2f64f1c*=19, plFlavor=0x2f64f20*=0) returned 0x0 [0277.458] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.458] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.458] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.458] IWbemClassObject:Get (in: This=0x9ba2b0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f65020*=0, plFlavor=0x2f65024*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="now_plan.exe", varVal2=0x0), pType=0x2f65020*=8, plFlavor=0x2f65024*=0) returned 0x0 [0277.458] SysStringByteLen (bstr="now_plan.exe") returned 0x18 [0277.458] SysStringByteLen (bstr="now_plan.exe") returned 0x18 [0277.459] IWbemClassObject:Get (in: This=0x9ba2b0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f65020*=8, plFlavor=0x2f65024*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="now_plan.exe", varVal2=0x0), pType=0x2f65020*=8, plFlavor=0x2f65024*=0) returned 0x0 [0277.459] SysStringByteLen (bstr="now_plan.exe") returned 0x18 [0277.459] SysStringByteLen (bstr="now_plan.exe") returned 0x18 [0277.459] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.459] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.459] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.459] IWbemClassObject:Get (in: This=0x9ba2b0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f65164*=0, plFlavor=0x2f65168*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Common Files\\now_plan.exe\" ", varVal2=0x0), pType=0x2f65164*=8, plFlavor=0x2f65168*=0) returned 0x0 [0277.459] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Common Files\\now_plan.exe\" ") returned 0x66 [0277.459] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Common Files\\now_plan.exe\" ") returned 0x66 [0277.459] IWbemClassObject:Get (in: This=0x9ba2b0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f65164*=8, plFlavor=0x2f65168*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Common Files\\now_plan.exe\" ", varVal2=0x0), pType=0x2f65164*=8, plFlavor=0x2f65168*=0) returned 0x0 [0277.459] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Common Files\\now_plan.exe\" ") returned 0x66 [0277.459] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Common Files\\now_plan.exe\" ") returned 0x66 [0277.459] CoTaskMemAlloc (cb=0x4) returned 0x989ca0 [0277.459] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989ca0, puReturned=0x2f500f0 | out: apObjects=0x989ca0*=0x9bb768, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.460] IUnknown:QueryInterface (in: This=0x9bb768, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9bb768) returned 0x0 [0277.461] IUnknown:QueryInterface (in: This=0x9bb768, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.461] IUnknown:QueryInterface (in: This=0x9bb768, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.461] IUnknown:QueryInterface (in: This=0x9bb768, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.461] IUnknown:AddRef (This=0x9bb768) returned 0x3 [0277.461] IUnknown:QueryInterface (in: This=0x9bb768, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.461] IUnknown:QueryInterface (in: This=0x9bb768, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.461] IUnknown:QueryInterface (in: This=0x9bb768, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9bb76c) returned 0x0 [0277.461] IMarshal:GetUnmarshalClass (in: This=0x9bb76c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.461] IUnknown:Release (This=0x9bb76c) returned 0x3 [0277.461] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.461] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.461] IUnknown:QueryInterface (in: This=0x9bb768, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.461] IUnknown:Release (This=0x9bb768) returned 0x2 [0277.461] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.462] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.462] IUnknown:QueryInterface (in: This=0x9bb768, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9bb768) returned 0x0 [0277.462] IUnknown:AddRef (This=0x9bb768) returned 0x4 [0277.462] IUnknown:Release (This=0x9bb768) returned 0x3 [0277.462] IUnknown:Release (This=0x9bb768) returned 0x2 [0277.462] CoTaskMemFree (pv=0x989ca0) [0277.462] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.462] IUnknown:AddRef (This=0x9bb768) returned 0x3 [0277.462] IWbemClassObject:Get (in: This=0x9bb768, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.462] IWbemClassObject:Get (in: This=0x9bb768, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5080\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.462] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5080\"") returned 0x66 [0277.462] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5080\"") returned 0x66 [0277.463] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.463] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.463] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.463] IUnknown:Release (This=0x968724) returned 0x1 [0277.468] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d20) returned 0x0 [0277.468] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d20, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.468] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d20, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b3c20) returned 0x0 [0277.469] WbemDefPath:IUnknown:Release (This=0x989d20) returned 0x0 [0277.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3c20, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b3c20) returned 0x0 [0277.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3c20, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3c20, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.469] WbemDefPath:IUnknown:AddRef (This=0x9b3c20) returned 0x3 [0277.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3c20, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3c20, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.469] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3c20, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9bd540) returned 0x0 [0277.469] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9bd540, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.469] WbemDefPath:IUnknown:Release (This=0x9bd540) returned 0x3 [0277.469] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.469] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3c20, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.470] WbemDefPath:IUnknown:Release (This=0x9b3c20) returned 0x2 [0277.470] WbemDefPath:IUnknown:Release (This=0x9b3c20) returned 0x1 [0277.470] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.470] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.470] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3c20, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b3c20) returned 0x0 [0277.470] WbemDefPath:IUnknown:AddRef (This=0x9b3c20) returned 0x3 [0277.470] WbemDefPath:IUnknown:Release (This=0x9b3c20) returned 0x2 [0277.470] WbemDefPath:IWbemPath:SetText (This=0x9b3c20, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5080\"") returned 0x0 [0277.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.470] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.470] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.470] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.470] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.470] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.470] IWbemClassObject:Get (in: This=0x9bb768, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f65bc4*=0, plFlavor=0x2f65bc8*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13d8, varVal2=0x0), pType=0x2f65bc4*=19, plFlavor=0x2f65bc8*=0) returned 0x0 [0277.470] IWbemClassObject:Get (in: This=0x9bb768, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f65bc4*=19, plFlavor=0x2f65bc8*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x13d8, varVal2=0x0), pType=0x2f65bc4*=19, plFlavor=0x2f65bc8*=0) returned 0x0 [0277.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.471] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.471] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.471] IWbemClassObject:Get (in: This=0x9bb768, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f65cc8*=0, plFlavor=0x2f65ccc*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="itsincludecustomer.exe", varVal2=0x0), pType=0x2f65cc8*=8, plFlavor=0x2f65ccc*=0) returned 0x0 [0277.471] SysStringByteLen (bstr="itsincludecustomer.exe") returned 0x2c [0277.471] SysStringByteLen (bstr="itsincludecustomer.exe") returned 0x2c [0277.471] IWbemClassObject:Get (in: This=0x9bb768, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f65cc8*=8, plFlavor=0x2f65ccc*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="itsincludecustomer.exe", varVal2=0x0), pType=0x2f65cc8*=8, plFlavor=0x2f65ccc*=0) returned 0x0 [0277.471] SysStringByteLen (bstr="itsincludecustomer.exe") returned 0x2c [0277.471] SysStringByteLen (bstr="itsincludecustomer.exe") returned 0x2c [0277.471] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.471] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.471] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.471] IWbemClassObject:Get (in: This=0x9bb768, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f65e34*=0, plFlavor=0x2f65e38*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows NT\\itsincludecustomer.exe\" ", varVal2=0x0), pType=0x2f65e34*=8, plFlavor=0x2f65e38*=0) returned 0x0 [0277.471] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows NT\\itsincludecustomer.exe\" ") returned 0x76 [0277.471] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows NT\\itsincludecustomer.exe\" ") returned 0x76 [0277.472] IWbemClassObject:Get (in: This=0x9bb768, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f65e34*=8, plFlavor=0x2f65e38*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows NT\\itsincludecustomer.exe\" ", varVal2=0x0), pType=0x2f65e34*=8, plFlavor=0x2f65e38*=0) returned 0x0 [0277.472] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows NT\\itsincludecustomer.exe\" ") returned 0x76 [0277.472] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows NT\\itsincludecustomer.exe\" ") returned 0x76 [0277.472] CoTaskMemAlloc (cb=0x4) returned 0x989d20 [0277.472] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d20, puReturned=0x2f500f0 | out: apObjects=0x989d20*=0x9bb108, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.639] IUnknown:QueryInterface (in: This=0x9bb108, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9bb108) returned 0x0 [0277.639] IUnknown:QueryInterface (in: This=0x9bb108, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.639] IUnknown:QueryInterface (in: This=0x9bb108, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.639] IUnknown:QueryInterface (in: This=0x9bb108, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.640] IUnknown:AddRef (This=0x9bb108) returned 0x3 [0277.640] IUnknown:QueryInterface (in: This=0x9bb108, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.640] IUnknown:QueryInterface (in: This=0x9bb108, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.640] IUnknown:QueryInterface (in: This=0x9bb108, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9bb10c) returned 0x0 [0277.640] IMarshal:GetUnmarshalClass (in: This=0x9bb10c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.640] IUnknown:Release (This=0x9bb10c) returned 0x3 [0277.640] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.640] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.640] IUnknown:QueryInterface (in: This=0x9bb108, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.640] IUnknown:Release (This=0x9bb108) returned 0x2 [0277.640] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.640] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.640] IUnknown:QueryInterface (in: This=0x9bb108, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9bb108) returned 0x0 [0277.640] IUnknown:AddRef (This=0x9bb108) returned 0x4 [0277.640] IUnknown:Release (This=0x9bb108) returned 0x3 [0277.640] IUnknown:Release (This=0x9bb108) returned 0x2 [0277.640] CoTaskMemFree (pv=0x989d20) [0277.641] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.641] IUnknown:AddRef (This=0x9bb108) returned 0x3 [0277.641] IWbemClassObject:Get (in: This=0x9bb108, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.641] IWbemClassObject:Get (in: This=0x9bb108, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4628\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.641] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4628\"") returned 0x66 [0277.641] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4628\"") returned 0x66 [0277.641] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.641] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.642] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.642] IUnknown:Release (This=0x968724) returned 0x1 [0277.644] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989db0) returned 0x0 [0277.646] WbemDefPath:IUnknown:QueryInterface (in: This=0x989db0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.646] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989db0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b3de0) returned 0x0 [0277.646] WbemDefPath:IUnknown:Release (This=0x989db0) returned 0x0 [0277.646] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3de0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b3de0) returned 0x0 [0277.646] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3de0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.646] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3de0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.646] WbemDefPath:IUnknown:AddRef (This=0x9b3de0) returned 0x3 [0277.646] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3de0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.647] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3de0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.647] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3de0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9bd468) returned 0x0 [0277.647] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9bd468, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.647] WbemDefPath:IUnknown:Release (This=0x9bd468) returned 0x3 [0277.647] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.647] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.647] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3de0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.647] WbemDefPath:IUnknown:Release (This=0x9b3de0) returned 0x2 [0277.647] WbemDefPath:IUnknown:Release (This=0x9b3de0) returned 0x1 [0277.647] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.647] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.647] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b3de0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b3de0) returned 0x0 [0277.647] WbemDefPath:IUnknown:AddRef (This=0x9b3de0) returned 0x3 [0277.647] WbemDefPath:IUnknown:Release (This=0x9b3de0) returned 0x2 [0277.647] WbemDefPath:IWbemPath:SetText (This=0x9b3de0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4628\"") returned 0x0 [0277.647] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.647] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.647] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.647] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.647] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.648] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.648] IWbemClassObject:Get (in: This=0x9bb108, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f668e4*=0, plFlavor=0x2f668e8*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1214, varVal2=0x0), pType=0x2f668e4*=19, plFlavor=0x2f668e8*=0) returned 0x0 [0277.648] IWbemClassObject:Get (in: This=0x9bb108, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f668e4*=19, plFlavor=0x2f668e8*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1214, varVal2=0x0), pType=0x2f668e4*=19, plFlavor=0x2f668e8*=0) returned 0x0 [0277.648] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.648] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.648] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.648] IWbemClassObject:Get (in: This=0x9bb108, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f669e8*=0, plFlavor=0x2f669ec*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="southern-see.exe", varVal2=0x0), pType=0x2f669e8*=8, plFlavor=0x2f669ec*=0) returned 0x0 [0277.648] SysStringByteLen (bstr="southern-see.exe") returned 0x20 [0277.648] SysStringByteLen (bstr="southern-see.exe") returned 0x20 [0277.649] IWbemClassObject:Get (in: This=0x9bb108, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f669e8*=8, plFlavor=0x2f669ec*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="southern-see.exe", varVal2=0x0), pType=0x2f669e8*=8, plFlavor=0x2f669ec*=0) returned 0x0 [0277.649] SysStringByteLen (bstr="southern-see.exe") returned 0x20 [0277.649] SysStringByteLen (bstr="southern-see.exe") returned 0x20 [0277.649] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.649] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.649] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.649] IWbemClassObject:Get (in: This=0x9bb108, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f66b3c*=0, plFlavor=0x2f66b40*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Adobe\\southern-see.exe\" ", varVal2=0x0), pType=0x2f66b3c*=8, plFlavor=0x2f66b40*=0) returned 0x0 [0277.649] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\southern-see.exe\" ") returned 0x60 [0277.649] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\southern-see.exe\" ") returned 0x60 [0277.649] IWbemClassObject:Get (in: This=0x9bb108, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f66b3c*=8, plFlavor=0x2f66b40*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Adobe\\southern-see.exe\" ", varVal2=0x0), pType=0x2f66b3c*=8, plFlavor=0x2f66b40*=0) returned 0x0 [0277.649] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\southern-see.exe\" ") returned 0x60 [0277.649] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\southern-see.exe\" ") returned 0x60 [0277.649] CoTaskMemAlloc (cb=0x4) returned 0x989cd0 [0277.649] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989cd0, puReturned=0x2f500f0 | out: apObjects=0x989cd0*=0x9bb5d0, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.650] IUnknown:QueryInterface (in: This=0x9bb5d0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9bb5d0) returned 0x0 [0277.651] IUnknown:QueryInterface (in: This=0x9bb5d0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.651] IUnknown:QueryInterface (in: This=0x9bb5d0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.651] IUnknown:QueryInterface (in: This=0x9bb5d0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.651] IUnknown:AddRef (This=0x9bb5d0) returned 0x3 [0277.651] IUnknown:QueryInterface (in: This=0x9bb5d0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.651] IUnknown:QueryInterface (in: This=0x9bb5d0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.651] IUnknown:QueryInterface (in: This=0x9bb5d0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9bb5d4) returned 0x0 [0277.651] IMarshal:GetUnmarshalClass (in: This=0x9bb5d4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.651] IUnknown:Release (This=0x9bb5d4) returned 0x3 [0277.651] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.652] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.652] IUnknown:QueryInterface (in: This=0x9bb5d0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.652] IUnknown:Release (This=0x9bb5d0) returned 0x2 [0277.652] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.652] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.652] IUnknown:QueryInterface (in: This=0x9bb5d0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9bb5d0) returned 0x0 [0277.653] IUnknown:AddRef (This=0x9bb5d0) returned 0x4 [0277.653] IUnknown:Release (This=0x9bb5d0) returned 0x3 [0277.653] IUnknown:Release (This=0x9bb5d0) returned 0x2 [0277.653] CoTaskMemFree (pv=0x989cd0) [0277.653] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.653] IUnknown:AddRef (This=0x9bb5d0) returned 0x3 [0277.653] IWbemClassObject:Get (in: This=0x9bb5d0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.653] IWbemClassObject:Get (in: This=0x9bb5d0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5316\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.654] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5316\"") returned 0x66 [0277.654] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5316\"") returned 0x66 [0277.654] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.654] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.654] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.654] IUnknown:Release (This=0x968724) returned 0x1 [0277.656] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989c90) returned 0x0 [0277.657] WbemDefPath:IUnknown:QueryInterface (in: This=0x989c90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.657] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989c90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b4630) returned 0x0 [0277.657] WbemDefPath:IUnknown:Release (This=0x989c90) returned 0x0 [0277.657] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4630, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b4630) returned 0x0 [0277.657] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4630, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.657] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4630, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.657] WbemDefPath:IUnknown:AddRef (This=0x9b4630) returned 0x3 [0277.657] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4630, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.657] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4630, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.657] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4630, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9bd828) returned 0x0 [0277.657] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9bd828, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.657] WbemDefPath:IUnknown:Release (This=0x9bd828) returned 0x3 [0277.657] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.658] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.658] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4630, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.658] WbemDefPath:IUnknown:Release (This=0x9b4630) returned 0x2 [0277.658] WbemDefPath:IUnknown:Release (This=0x9b4630) returned 0x1 [0277.658] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.658] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.658] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b4630, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b4630) returned 0x0 [0277.658] WbemDefPath:IUnknown:AddRef (This=0x9b4630) returned 0x3 [0277.658] WbemDefPath:IUnknown:Release (This=0x9b4630) returned 0x2 [0277.658] WbemDefPath:IWbemPath:SetText (This=0x9b4630, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5316\"") returned 0x0 [0277.658] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.658] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.659] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.659] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.659] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.659] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.659] IWbemClassObject:Get (in: This=0x9bb5d0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f67594*=0, plFlavor=0x2f67598*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14c4, varVal2=0x0), pType=0x2f67594*=19, plFlavor=0x2f67598*=0) returned 0x0 [0277.659] IWbemClassObject:Get (in: This=0x9bb5d0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f67594*=19, plFlavor=0x2f67598*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14c4, varVal2=0x0), pType=0x2f67594*=19, plFlavor=0x2f67598*=0) returned 0x0 [0277.660] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.660] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.660] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.660] IWbemClassObject:Get (in: This=0x9bb5d0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f67698*=0, plFlavor=0x2f6769c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pain.exe", varVal2=0x0), pType=0x2f67698*=8, plFlavor=0x2f6769c*=0) returned 0x0 [0277.660] SysStringByteLen (bstr="pain.exe") returned 0x10 [0277.660] SysStringByteLen (bstr="pain.exe") returned 0x10 [0277.660] IWbemClassObject:Get (in: This=0x9bb5d0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f67698*=8, plFlavor=0x2f6769c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pain.exe", varVal2=0x0), pType=0x2f67698*=8, plFlavor=0x2f6769c*=0) returned 0x0 [0277.660] SysStringByteLen (bstr="pain.exe") returned 0x10 [0277.660] SysStringByteLen (bstr="pain.exe") returned 0x10 [0277.660] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.660] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.660] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.660] IWbemClassObject:Get (in: This=0x9bb5d0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f677cc*=0, plFlavor=0x2f677d0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Java\\pain.exe\" ", varVal2=0x0), pType=0x2f677cc*=8, plFlavor=0x2f677d0*=0) returned 0x0 [0277.660] SysStringByteLen (bstr="\"C:\\Program Files\\Java\\pain.exe\" ") returned 0x42 [0277.660] SysStringByteLen (bstr="\"C:\\Program Files\\Java\\pain.exe\" ") returned 0x42 [0277.660] IWbemClassObject:Get (in: This=0x9bb5d0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f677cc*=8, plFlavor=0x2f677d0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Java\\pain.exe\" ", varVal2=0x0), pType=0x2f677cc*=8, plFlavor=0x2f677d0*=0) returned 0x0 [0277.660] SysStringByteLen (bstr="\"C:\\Program Files\\Java\\pain.exe\" ") returned 0x42 [0277.661] SysStringByteLen (bstr="\"C:\\Program Files\\Java\\pain.exe\" ") returned 0x42 [0277.661] CoTaskMemAlloc (cb=0x4) returned 0x989dd0 [0277.661] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989dd0, puReturned=0x2f500f0 | out: apObjects=0x989dd0*=0x9b9ab8, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.662] IUnknown:QueryInterface (in: This=0x9b9ab8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b9ab8) returned 0x0 [0277.662] IUnknown:QueryInterface (in: This=0x9b9ab8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.662] IUnknown:QueryInterface (in: This=0x9b9ab8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.662] IUnknown:QueryInterface (in: This=0x9b9ab8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.662] IUnknown:AddRef (This=0x9b9ab8) returned 0x3 [0277.662] IUnknown:QueryInterface (in: This=0x9b9ab8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.662] IUnknown:QueryInterface (in: This=0x9b9ab8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.662] IUnknown:QueryInterface (in: This=0x9b9ab8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b9abc) returned 0x0 [0277.663] IMarshal:GetUnmarshalClass (in: This=0x9b9abc, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.663] IUnknown:Release (This=0x9b9abc) returned 0x3 [0277.663] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.663] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.663] IUnknown:QueryInterface (in: This=0x9b9ab8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.663] IUnknown:Release (This=0x9b9ab8) returned 0x2 [0277.663] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.663] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.663] IUnknown:QueryInterface (in: This=0x9b9ab8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b9ab8) returned 0x0 [0277.663] IUnknown:AddRef (This=0x9b9ab8) returned 0x4 [0277.663] IUnknown:Release (This=0x9b9ab8) returned 0x3 [0277.663] IUnknown:Release (This=0x9b9ab8) returned 0x2 [0277.663] CoTaskMemFree (pv=0x989dd0) [0277.663] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.663] IUnknown:AddRef (This=0x9b9ab8) returned 0x3 [0277.663] IWbemClassObject:Get (in: This=0x9b9ab8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.664] IWbemClassObject:Get (in: This=0x9b9ab8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5324\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.664] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5324\"") returned 0x66 [0277.664] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5324\"") returned 0x66 [0277.664] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.664] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.664] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.664] IUnknown:Release (This=0x968724) returned 0x1 [0277.666] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d90) returned 0x0 [0277.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.666] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9b46a0) returned 0x0 [0277.666] WbemDefPath:IUnknown:Release (This=0x989d90) returned 0x0 [0277.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b46a0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9b46a0) returned 0x0 [0277.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b46a0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.666] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b46a0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.667] WbemDefPath:IUnknown:AddRef (This=0x9b46a0) returned 0x3 [0277.667] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b46a0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.667] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b46a0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.667] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b46a0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9bd6f0) returned 0x0 [0277.667] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9bd6f0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.667] WbemDefPath:IUnknown:Release (This=0x9bd6f0) returned 0x3 [0277.667] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.667] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.667] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b46a0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.667] WbemDefPath:IUnknown:Release (This=0x9b46a0) returned 0x2 [0277.667] WbemDefPath:IUnknown:Release (This=0x9b46a0) returned 0x1 [0277.667] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.667] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.937] WbemDefPath:IUnknown:QueryInterface (in: This=0x9b46a0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9b46a0) returned 0x0 [0277.937] WbemDefPath:IUnknown:AddRef (This=0x9b46a0) returned 0x3 [0277.937] WbemDefPath:IUnknown:Release (This=0x9b46a0) returned 0x2 [0277.937] WbemDefPath:IWbemPath:SetText (This=0x9b46a0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5324\"") returned 0x0 [0277.938] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.938] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.938] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.939] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.939] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.939] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.939] IWbemClassObject:Get (in: This=0x9b9ab8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f681c4*=0, plFlavor=0x2f681c8*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14cc, varVal2=0x0), pType=0x2f681c4*=19, plFlavor=0x2f681c8*=0) returned 0x0 [0277.939] IWbemClassObject:Get (in: This=0x9b9ab8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f681c4*=19, plFlavor=0x2f681c8*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x14cc, varVal2=0x0), pType=0x2f681c4*=19, plFlavor=0x2f681c8*=0) returned 0x0 [0277.939] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.939] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.939] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.939] IWbemClassObject:Get (in: This=0x9b9ab8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f682c8*=0, plFlavor=0x2f682cc*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ratepmavailable.exe", varVal2=0x0), pType=0x2f682c8*=8, plFlavor=0x2f682cc*=0) returned 0x0 [0277.940] SysStringByteLen (bstr="ratepmavailable.exe") returned 0x26 [0277.940] SysStringByteLen (bstr="ratepmavailable.exe") returned 0x26 [0277.940] IWbemClassObject:Get (in: This=0x9b9ab8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f682c8*=8, plFlavor=0x2f682cc*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ratepmavailable.exe", varVal2=0x0), pType=0x2f682c8*=8, plFlavor=0x2f682cc*=0) returned 0x0 [0277.940] SysStringByteLen (bstr="ratepmavailable.exe") returned 0x26 [0277.940] SysStringByteLen (bstr="ratepmavailable.exe") returned 0x26 [0277.940] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.940] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.940] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.940] IWbemClassObject:Get (in: This=0x9b9ab8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f68424*=0, plFlavor=0x2f68428*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Media Player\\ratepmavailable.exe\" ", varVal2=0x0), pType=0x2f68424*=8, plFlavor=0x2f68428*=0) returned 0x0 [0277.940] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Media Player\\ratepmavailable.exe\" ") returned 0x78 [0277.940] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Media Player\\ratepmavailable.exe\" ") returned 0x78 [0277.940] IWbemClassObject:Get (in: This=0x9b9ab8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f68424*=8, plFlavor=0x2f68428*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Media Player\\ratepmavailable.exe\" ", varVal2=0x0), pType=0x2f68424*=8, plFlavor=0x2f68428*=0) returned 0x0 [0277.940] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Media Player\\ratepmavailable.exe\" ") returned 0x78 [0277.940] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Media Player\\ratepmavailable.exe\" ") returned 0x78 [0277.940] CoTaskMemAlloc (cb=0x4) returned 0x989dd0 [0277.940] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989dd0, puReturned=0x2f500f0 | out: apObjects=0x989dd0*=0x9ba118, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.943] IUnknown:QueryInterface (in: This=0x9ba118, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9ba118) returned 0x0 [0277.943] IUnknown:QueryInterface (in: This=0x9ba118, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.943] IUnknown:QueryInterface (in: This=0x9ba118, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.943] IUnknown:QueryInterface (in: This=0x9ba118, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.944] IUnknown:AddRef (This=0x9ba118) returned 0x3 [0277.944] IUnknown:QueryInterface (in: This=0x9ba118, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.944] IUnknown:QueryInterface (in: This=0x9ba118, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.944] IUnknown:QueryInterface (in: This=0x9ba118, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9ba11c) returned 0x0 [0277.944] IMarshal:GetUnmarshalClass (in: This=0x9ba11c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.945] IUnknown:Release (This=0x9ba11c) returned 0x3 [0277.945] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.945] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.945] IUnknown:QueryInterface (in: This=0x9ba118, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.945] IUnknown:Release (This=0x9ba118) returned 0x2 [0277.945] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.945] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.945] IUnknown:QueryInterface (in: This=0x9ba118, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9ba118) returned 0x0 [0277.945] IUnknown:AddRef (This=0x9ba118) returned 0x4 [0277.945] IUnknown:Release (This=0x9ba118) returned 0x3 [0277.945] IUnknown:Release (This=0x9ba118) returned 0x2 [0277.945] CoTaskMemFree (pv=0x989dd0) [0277.945] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.945] IUnknown:AddRef (This=0x9ba118) returned 0x3 [0277.945] IWbemClassObject:Get (in: This=0x9ba118, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.946] IWbemClassObject:Get (in: This=0x9ba118, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5384\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.946] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5384\"") returned 0x66 [0277.946] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5384\"") returned 0x66 [0277.946] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.946] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.946] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.946] IUnknown:Release (This=0x968724) returned 0x1 [0277.948] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e50) returned 0x0 [0277.948] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e50, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.948] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e50, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bf050) returned 0x0 [0277.948] WbemDefPath:IUnknown:Release (This=0x989e50) returned 0x0 [0277.948] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf050, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bf050) returned 0x0 [0277.948] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf050, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.948] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf050, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.948] WbemDefPath:IUnknown:AddRef (This=0x9bf050) returned 0x3 [0277.949] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf050, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.949] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf050, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.949] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf050, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9bcaa8) returned 0x0 [0277.949] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9bcaa8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.949] WbemDefPath:IUnknown:Release (This=0x9bcaa8) returned 0x3 [0277.950] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.950] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf050, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.950] WbemDefPath:IUnknown:Release (This=0x9bf050) returned 0x2 [0277.950] WbemDefPath:IUnknown:Release (This=0x9bf050) returned 0x1 [0277.950] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.950] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf050, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bf050) returned 0x0 [0277.950] WbemDefPath:IUnknown:AddRef (This=0x9bf050) returned 0x3 [0277.950] WbemDefPath:IUnknown:Release (This=0x9bf050) returned 0x2 [0277.950] WbemDefPath:IWbemPath:SetText (This=0x9bf050, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5384\"") returned 0x0 [0277.950] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.950] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.950] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.950] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.950] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.950] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.950] IWbemClassObject:Get (in: This=0x9ba118, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f68ecc*=0, plFlavor=0x2f68ed0*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1508, varVal2=0x0), pType=0x2f68ecc*=19, plFlavor=0x2f68ed0*=0) returned 0x0 [0277.951] IWbemClassObject:Get (in: This=0x9ba118, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f68ecc*=19, plFlavor=0x2f68ed0*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1508, varVal2=0x0), pType=0x2f68ecc*=19, plFlavor=0x2f68ed0*=0) returned 0x0 [0277.951] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.951] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.951] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.951] IWbemClassObject:Get (in: This=0x9ba118, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f68fd0*=0, plFlavor=0x2f68fd4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x2f68fd0*=8, plFlavor=0x2f68fd4*=0) returned 0x0 [0277.951] SysStringByteLen (bstr="barca.exe") returned 0x12 [0277.951] SysStringByteLen (bstr="barca.exe") returned 0x12 [0277.951] IWbemClassObject:Get (in: This=0x9ba118, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f68fd0*=8, plFlavor=0x2f68fd4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="barca.exe", varVal2=0x0), pType=0x2f68fd0*=8, plFlavor=0x2f68fd4*=0) returned 0x0 [0277.951] SysStringByteLen (bstr="barca.exe") returned 0x12 [0277.951] SysStringByteLen (bstr="barca.exe") returned 0x12 [0277.951] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.951] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.952] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.952] IWbemClassObject:Get (in: This=0x9ba118, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f69104*=0, plFlavor=0x2f69108*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Portable Devices\\barca.exe\" ", varVal2=0x0), pType=0x2f69104*=8, plFlavor=0x2f69108*=0) returned 0x0 [0277.952] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Portable Devices\\barca.exe\" ") returned 0x78 [0277.952] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Portable Devices\\barca.exe\" ") returned 0x78 [0277.952] IWbemClassObject:Get (in: This=0x9ba118, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f69104*=8, plFlavor=0x2f69108*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Portable Devices\\barca.exe\" ", varVal2=0x0), pType=0x2f69104*=8, plFlavor=0x2f69108*=0) returned 0x0 [0277.952] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Portable Devices\\barca.exe\" ") returned 0x78 [0277.952] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Portable Devices\\barca.exe\" ") returned 0x78 [0277.952] CoTaskMemAlloc (cb=0x4) returned 0x989d90 [0277.952] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d90, puReturned=0x2f500f0 | out: apObjects=0x989d90*=0x9ba910, puReturned=0x2f500f0*=0x1) returned 0x0 [0277.953] IUnknown:QueryInterface (in: This=0x9ba910, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9ba910) returned 0x0 [0277.953] IUnknown:QueryInterface (in: This=0x9ba910, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0277.953] IUnknown:QueryInterface (in: This=0x9ba910, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0277.953] IUnknown:QueryInterface (in: This=0x9ba910, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0277.954] IUnknown:AddRef (This=0x9ba910) returned 0x3 [0277.954] IUnknown:QueryInterface (in: This=0x9ba910, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0277.954] IUnknown:QueryInterface (in: This=0x9ba910, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0277.954] IUnknown:QueryInterface (in: This=0x9ba910, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9ba914) returned 0x0 [0277.954] IMarshal:GetUnmarshalClass (in: This=0x9ba914, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0277.954] IUnknown:Release (This=0x9ba914) returned 0x3 [0277.954] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0277.954] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0277.954] IUnknown:QueryInterface (in: This=0x9ba910, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0277.954] IUnknown:Release (This=0x9ba910) returned 0x2 [0277.954] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0277.954] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0277.954] IUnknown:QueryInterface (in: This=0x9ba910, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9ba910) returned 0x0 [0277.954] IUnknown:AddRef (This=0x9ba910) returned 0x4 [0277.954] IUnknown:Release (This=0x9ba910) returned 0x3 [0277.954] IUnknown:Release (This=0x9ba910) returned 0x2 [0277.954] CoTaskMemFree (pv=0x989d90) [0277.954] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0277.955] IUnknown:AddRef (This=0x9ba910) returned 0x3 [0277.955] IWbemClassObject:Get (in: This=0x9ba910, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0277.955] IWbemClassObject:Get (in: This=0x9ba910, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5488\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0277.955] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5488\"") returned 0x66 [0277.955] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5488\"") returned 0x66 [0277.955] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0277.955] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0277.955] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0277.955] IUnknown:Release (This=0x968724) returned 0x1 [0277.957] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989cf0) returned 0x0 [0277.957] WbemDefPath:IUnknown:QueryInterface (in: This=0x989cf0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0277.957] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989cf0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bf590) returned 0x0 [0277.957] WbemDefPath:IUnknown:Release (This=0x989cf0) returned 0x0 [0277.957] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf590, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bf590) returned 0x0 [0277.957] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf590, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0277.957] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf590, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0277.958] WbemDefPath:IUnknown:AddRef (This=0x9bf590) returned 0x3 [0277.958] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf590, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0277.958] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf590, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0277.958] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf590, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9bcb80) returned 0x0 [0277.958] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9bcb80, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0277.958] WbemDefPath:IUnknown:Release (This=0x9bcb80) returned 0x3 [0277.958] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0277.958] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0277.958] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf590, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0277.958] WbemDefPath:IUnknown:Release (This=0x9bf590) returned 0x2 [0277.958] WbemDefPath:IUnknown:Release (This=0x9bf590) returned 0x1 [0277.958] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0277.958] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0277.958] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf590, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bf590) returned 0x0 [0277.958] WbemDefPath:IUnknown:AddRef (This=0x9bf590) returned 0x3 [0277.958] WbemDefPath:IUnknown:Release (This=0x9bf590) returned 0x2 [0277.958] WbemDefPath:IWbemPath:SetText (This=0x9bf590, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5488\"") returned 0x0 [0277.959] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0277.959] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0277.959] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.959] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.959] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.959] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.959] IWbemClassObject:Get (in: This=0x9ba910, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f69b98*=0, plFlavor=0x2f69b9c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1570, varVal2=0x0), pType=0x2f69b98*=19, plFlavor=0x2f69b9c*=0) returned 0x0 [0277.959] IWbemClassObject:Get (in: This=0x9ba910, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f69b98*=19, plFlavor=0x2f69b9c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1570, varVal2=0x0), pType=0x2f69b98*=19, plFlavor=0x2f69b9c*=0) returned 0x0 [0277.959] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.959] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.959] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.959] IWbemClassObject:Get (in: This=0x9ba910, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f69c9c*=0, plFlavor=0x2f69ca0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x2f69c9c*=8, plFlavor=0x2f69ca0*=0) returned 0x0 [0277.960] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0277.960] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0277.960] IWbemClassObject:Get (in: This=0x9ba910, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f69c9c*=8, plFlavor=0x2f69ca0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="absolutetelnet.exe", varVal2=0x0), pType=0x2f69c9c*=8, plFlavor=0x2f69ca0*=0) returned 0x0 [0277.960] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0277.960] SysStringByteLen (bstr="absolutetelnet.exe") returned 0x24 [0277.960] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0277.960] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0277.960] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0277.960] IWbemClassObject:Get (in: This=0x9ba910, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f69df8*=0, plFlavor=0x2f69dfc*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender\\absolutetelnet.exe\" ", varVal2=0x0), pType=0x2f69df8*=8, plFlavor=0x2f69dfc*=0) returned 0x0 [0277.960] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender\\absolutetelnet.exe\" ") returned 0x6e [0277.960] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender\\absolutetelnet.exe\" ") returned 0x6e [0277.960] IWbemClassObject:Get (in: This=0x9ba910, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f69df8*=8, plFlavor=0x2f69dfc*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender\\absolutetelnet.exe\" ", varVal2=0x0), pType=0x2f69df8*=8, plFlavor=0x2f69dfc*=0) returned 0x0 [0277.960] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender\\absolutetelnet.exe\" ") returned 0x6e [0277.960] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender\\absolutetelnet.exe\" ") returned 0x6e [0277.961] CoTaskMemAlloc (cb=0x4) returned 0x989dd0 [0277.961] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989dd0, puReturned=0x2f500f0 | out: apObjects=0x989dd0*=0x9bb2a0, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.081] IUnknown:QueryInterface (in: This=0x9bb2a0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9bb2a0) returned 0x0 [0278.082] IUnknown:QueryInterface (in: This=0x9bb2a0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.082] IUnknown:QueryInterface (in: This=0x9bb2a0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.082] IUnknown:QueryInterface (in: This=0x9bb2a0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.082] IUnknown:AddRef (This=0x9bb2a0) returned 0x3 [0278.082] IUnknown:QueryInterface (in: This=0x9bb2a0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.082] IUnknown:QueryInterface (in: This=0x9bb2a0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.082] IUnknown:QueryInterface (in: This=0x9bb2a0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9bb2a4) returned 0x0 [0278.082] IMarshal:GetUnmarshalClass (in: This=0x9bb2a4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.082] IUnknown:Release (This=0x9bb2a4) returned 0x3 [0278.082] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.083] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.083] IUnknown:QueryInterface (in: This=0x9bb2a0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.083] IUnknown:Release (This=0x9bb2a0) returned 0x2 [0278.083] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.083] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.083] IUnknown:QueryInterface (in: This=0x9bb2a0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9bb2a0) returned 0x0 [0278.083] IUnknown:AddRef (This=0x9bb2a0) returned 0x4 [0278.083] IUnknown:Release (This=0x9bb2a0) returned 0x3 [0278.083] IUnknown:Release (This=0x9bb2a0) returned 0x2 [0278.083] CoTaskMemFree (pv=0x989dd0) [0278.083] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.083] IUnknown:AddRef (This=0x9bb2a0) returned 0x3 [0278.083] IWbemClassObject:Get (in: This=0x9bb2a0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.084] IWbemClassObject:Get (in: This=0x9bb2a0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5496\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.084] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5496\"") returned 0x66 [0278.084] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5496\"") returned 0x66 [0278.084] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.084] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.084] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.084] IUnknown:Release (This=0x968724) returned 0x1 [0278.086] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989ce0) returned 0x0 [0278.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ce0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.086] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ce0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bf830) returned 0x0 [0278.086] WbemDefPath:IUnknown:Release (This=0x989ce0) returned 0x0 [0278.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf830, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bf830) returned 0x0 [0278.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf830, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.086] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf830, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.087] WbemDefPath:IUnknown:AddRef (This=0x9bf830) returned 0x3 [0278.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf830, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf830, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf830, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9bd048) returned 0x0 [0278.087] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9bd048, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.087] WbemDefPath:IUnknown:Release (This=0x9bd048) returned 0x3 [0278.087] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.087] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf830, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.087] WbemDefPath:IUnknown:Release (This=0x9bf830) returned 0x2 [0278.087] WbemDefPath:IUnknown:Release (This=0x9bf830) returned 0x1 [0278.087] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.087] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.087] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf830, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bf830) returned 0x0 [0278.087] WbemDefPath:IUnknown:AddRef (This=0x9bf830) returned 0x3 [0278.087] WbemDefPath:IUnknown:Release (This=0x9bf830) returned 0x2 [0278.087] WbemDefPath:IWbemPath:SetText (This=0x9bf830, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5496\"") returned 0x0 [0278.087] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.087] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.088] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.088] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.088] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.088] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.088] IWbemClassObject:Get (in: This=0x9bb2a0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6a888*=0, plFlavor=0x2f6a88c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1578, varVal2=0x0), pType=0x2f6a888*=19, plFlavor=0x2f6a88c*=0) returned 0x0 [0278.088] IWbemClassObject:Get (in: This=0x9bb2a0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6a888*=19, plFlavor=0x2f6a88c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1578, varVal2=0x0), pType=0x2f6a888*=19, plFlavor=0x2f6a88c*=0) returned 0x0 [0278.088] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.088] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.088] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.088] IWbemClassObject:Get (in: This=0x9bb2a0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6a98c*=0, plFlavor=0x2f6a990*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x2f6a98c*=8, plFlavor=0x2f6a990*=0) returned 0x0 [0278.088] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0278.088] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0278.089] IWbemClassObject:Get (in: This=0x9bb2a0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6a98c*=8, plFlavor=0x2f6a990*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="3dftp.exe", varVal2=0x0), pType=0x2f6a98c*=8, plFlavor=0x2f6a990*=0) returned 0x0 [0278.089] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0278.089] SysStringByteLen (bstr="3dftp.exe") returned 0x12 [0278.089] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.089] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.089] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.089] IWbemClassObject:Get (in: This=0x9bb2a0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6aac0*=0, plFlavor=0x2f6aac4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Uninstall Information\\3dftp.exe\" ", varVal2=0x0), pType=0x2f6aac0*=8, plFlavor=0x2f6aac4*=0) returned 0x0 [0278.089] SysStringByteLen (bstr="\"C:\\Program Files\\Uninstall Information\\3dftp.exe\" ") returned 0x66 [0278.089] SysStringByteLen (bstr="\"C:\\Program Files\\Uninstall Information\\3dftp.exe\" ") returned 0x66 [0278.090] IWbemClassObject:Get (in: This=0x9bb2a0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6aac0*=8, plFlavor=0x2f6aac4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Uninstall Information\\3dftp.exe\" ", varVal2=0x0), pType=0x2f6aac0*=8, plFlavor=0x2f6aac4*=0) returned 0x0 [0278.090] SysStringByteLen (bstr="\"C:\\Program Files\\Uninstall Information\\3dftp.exe\" ") returned 0x66 [0278.090] SysStringByteLen (bstr="\"C:\\Program Files\\Uninstall Information\\3dftp.exe\" ") returned 0x66 [0278.090] CoTaskMemAlloc (cb=0x4) returned 0x989dd0 [0278.090] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989dd0, puReturned=0x2f500f0 | out: apObjects=0x989dd0*=0x9bb438, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.091] IUnknown:QueryInterface (in: This=0x9bb438, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9bb438) returned 0x0 [0278.091] IUnknown:QueryInterface (in: This=0x9bb438, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.092] IUnknown:QueryInterface (in: This=0x9bb438, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.092] IUnknown:QueryInterface (in: This=0x9bb438, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.092] IUnknown:AddRef (This=0x9bb438) returned 0x3 [0278.092] IUnknown:QueryInterface (in: This=0x9bb438, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.092] IUnknown:QueryInterface (in: This=0x9bb438, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.092] IUnknown:QueryInterface (in: This=0x9bb438, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9bb43c) returned 0x0 [0278.092] IMarshal:GetUnmarshalClass (in: This=0x9bb43c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.092] IUnknown:Release (This=0x9bb43c) returned 0x3 [0278.092] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.092] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.092] IUnknown:QueryInterface (in: This=0x9bb438, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.092] IUnknown:Release (This=0x9bb438) returned 0x2 [0278.092] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.092] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.092] IUnknown:QueryInterface (in: This=0x9bb438, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9bb438) returned 0x0 [0278.093] IUnknown:AddRef (This=0x9bb438) returned 0x4 [0278.093] IUnknown:Release (This=0x9bb438) returned 0x3 [0278.093] IUnknown:Release (This=0x9bb438) returned 0x2 [0278.093] CoTaskMemFree (pv=0x989dd0) [0278.093] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.093] IUnknown:AddRef (This=0x9bb438) returned 0x3 [0278.093] IWbemClassObject:Get (in: This=0x9bb438, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.093] IWbemClassObject:Get (in: This=0x9bb438, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5508\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.093] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5508\"") returned 0x66 [0278.093] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5508\"") returned 0x66 [0278.093] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.094] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.094] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.094] IUnknown:Release (This=0x968724) returned 0x1 [0278.095] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989ca0) returned 0x0 [0278.095] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ca0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.095] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ca0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bf600) returned 0x0 [0278.096] WbemDefPath:IUnknown:Release (This=0x989ca0) returned 0x0 [0278.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf600, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bf600) returned 0x0 [0278.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf600, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf600, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.096] WbemDefPath:IUnknown:AddRef (This=0x9bf600) returned 0x3 [0278.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf600, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf600, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.096] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf600, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9bcdd8) returned 0x0 [0278.096] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9bcdd8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.096] WbemDefPath:IUnknown:Release (This=0x9bcdd8) returned 0x3 [0278.096] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.097] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf600, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.097] WbemDefPath:IUnknown:Release (This=0x9bf600) returned 0x2 [0278.097] WbemDefPath:IUnknown:Release (This=0x9bf600) returned 0x1 [0278.097] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.097] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf600, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bf600) returned 0x0 [0278.097] WbemDefPath:IUnknown:AddRef (This=0x9bf600) returned 0x3 [0278.097] WbemDefPath:IUnknown:Release (This=0x9bf600) returned 0x2 [0278.097] WbemDefPath:IWbemPath:SetText (This=0x9bf600, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5508\"") returned 0x0 [0278.097] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.097] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.097] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.097] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.097] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.097] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.097] IWbemClassObject:Get (in: This=0x9bb438, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6b624*=0, plFlavor=0x2f6b628*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1584, varVal2=0x0), pType=0x2f6b624*=19, plFlavor=0x2f6b628*=0) returned 0x0 [0278.098] IWbemClassObject:Get (in: This=0x9bb438, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6b624*=19, plFlavor=0x2f6b628*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1584, varVal2=0x0), pType=0x2f6b624*=19, plFlavor=0x2f6b628*=0) returned 0x0 [0278.098] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.098] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.098] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.098] IWbemClassObject:Get (in: This=0x9bb438, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6b728*=0, plFlavor=0x2f6b72c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="evidence.exe", varVal2=0x0), pType=0x2f6b728*=8, plFlavor=0x2f6b72c*=0) returned 0x0 [0278.098] SysStringByteLen (bstr="evidence.exe") returned 0x18 [0278.098] SysStringByteLen (bstr="evidence.exe") returned 0x18 [0278.098] IWbemClassObject:Get (in: This=0x9bb438, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6b728*=8, plFlavor=0x2f6b72c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="evidence.exe", varVal2=0x0), pType=0x2f6b728*=8, plFlavor=0x2f6b72c*=0) returned 0x0 [0278.098] SysStringByteLen (bstr="evidence.exe") returned 0x18 [0278.098] SysStringByteLen (bstr="evidence.exe") returned 0x18 [0278.098] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.098] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.098] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.099] IWbemClassObject:Get (in: This=0x9bb438, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6b86c*=0, plFlavor=0x2f6b870*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\evidence.exe\" ", varVal2=0x0), pType=0x2f6b86c*=8, plFlavor=0x2f6b870*=0) returned 0x0 [0278.099] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\evidence.exe\" ") returned 0x70 [0278.099] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\evidence.exe\" ") returned 0x70 [0278.099] IWbemClassObject:Get (in: This=0x9bb438, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6b86c*=8, plFlavor=0x2f6b870*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\evidence.exe\" ", varVal2=0x0), pType=0x2f6b86c*=8, plFlavor=0x2f6b870*=0) returned 0x0 [0278.099] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\evidence.exe\" ") returned 0x70 [0278.099] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\evidence.exe\" ") returned 0x70 [0278.099] CoTaskMemAlloc (cb=0x4) returned 0x989d20 [0278.099] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d20, puReturned=0x2f500f0 | out: apObjects=0x989d20*=0x9bac40, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.100] IUnknown:QueryInterface (in: This=0x9bac40, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9bac40) returned 0x0 [0278.100] IUnknown:QueryInterface (in: This=0x9bac40, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.101] IUnknown:QueryInterface (in: This=0x9bac40, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.101] IUnknown:QueryInterface (in: This=0x9bac40, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.101] IUnknown:AddRef (This=0x9bac40) returned 0x3 [0278.101] IUnknown:QueryInterface (in: This=0x9bac40, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.101] IUnknown:QueryInterface (in: This=0x9bac40, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.101] IUnknown:QueryInterface (in: This=0x9bac40, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9bac44) returned 0x0 [0278.101] IMarshal:GetUnmarshalClass (in: This=0x9bac44, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.101] IUnknown:Release (This=0x9bac44) returned 0x3 [0278.101] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.101] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.101] IUnknown:QueryInterface (in: This=0x9bac40, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.101] IUnknown:Release (This=0x9bac40) returned 0x2 [0278.101] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.101] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.102] IUnknown:QueryInterface (in: This=0x9bac40, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9bac40) returned 0x0 [0278.102] IUnknown:AddRef (This=0x9bac40) returned 0x4 [0278.102] IUnknown:Release (This=0x9bac40) returned 0x3 [0278.102] IUnknown:Release (This=0x9bac40) returned 0x2 [0278.102] CoTaskMemFree (pv=0x989d20) [0278.102] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.102] IUnknown:AddRef (This=0x9bac40) returned 0x3 [0278.102] IWbemClassObject:Get (in: This=0x9bac40, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.102] IWbemClassObject:Get (in: This=0x9bac40, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5516\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.102] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5516\"") returned 0x66 [0278.102] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5516\"") returned 0x66 [0278.103] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.103] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.103] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.103] IUnknown:Release (This=0x968724) returned 0x1 [0278.105] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e20) returned 0x0 [0278.106] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e20, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.106] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e20, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bf670) returned 0x0 [0278.106] WbemDefPath:IUnknown:Release (This=0x989e20) returned 0x0 [0278.106] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf670, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bf670) returned 0x0 [0278.106] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf670, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.106] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf670, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.106] WbemDefPath:IUnknown:AddRef (This=0x9bf670) returned 0x3 [0278.106] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf670, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.106] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf670, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.106] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf670, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9bd150) returned 0x0 [0278.106] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9bd150, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.107] WbemDefPath:IUnknown:Release (This=0x9bd150) returned 0x3 [0278.107] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.107] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf670, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.107] WbemDefPath:IUnknown:Release (This=0x9bf670) returned 0x2 [0278.107] WbemDefPath:IUnknown:Release (This=0x9bf670) returned 0x1 [0278.107] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.107] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf670, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bf670) returned 0x0 [0278.107] WbemDefPath:IUnknown:AddRef (This=0x9bf670) returned 0x3 [0278.107] WbemDefPath:IUnknown:Release (This=0x9bf670) returned 0x2 [0278.107] WbemDefPath:IWbemPath:SetText (This=0x9bf670, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5516\"") returned 0x0 [0278.107] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.107] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.107] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.107] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.107] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.107] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.107] IWbemClassObject:Get (in: This=0x9bac40, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6c2f8*=0, plFlavor=0x2f6c2fc*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x158c, varVal2=0x0), pType=0x2f6c2f8*=19, plFlavor=0x2f6c2fc*=0) returned 0x0 [0278.108] IWbemClassObject:Get (in: This=0x9bac40, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6c2f8*=19, plFlavor=0x2f6c2fc*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x158c, varVal2=0x0), pType=0x2f6c2f8*=19, plFlavor=0x2f6c2fc*=0) returned 0x0 [0278.108] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.108] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.108] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.108] IWbemClassObject:Get (in: This=0x9bac40, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6c3fc*=0, plFlavor=0x2f6c400*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ground-college-maybe.exe", varVal2=0x0), pType=0x2f6c3fc*=8, plFlavor=0x2f6c400*=0) returned 0x0 [0278.108] SysStringByteLen (bstr="ground-college-maybe.exe") returned 0x30 [0278.108] SysStringByteLen (bstr="ground-college-maybe.exe") returned 0x30 [0278.108] IWbemClassObject:Get (in: This=0x9bac40, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6c3fc*=8, plFlavor=0x2f6c400*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ground-college-maybe.exe", varVal2=0x0), pType=0x2f6c3fc*=8, plFlavor=0x2f6c400*=0) returned 0x0 [0278.108] SysStringByteLen (bstr="ground-college-maybe.exe") returned 0x30 [0278.108] SysStringByteLen (bstr="ground-college-maybe.exe") returned 0x30 [0278.109] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.109] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.109] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.109] IWbemClassObject:Get (in: This=0x9bac40, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6c570*=0, plFlavor=0x2f6c574*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Photo Viewer\\ground-college-maybe.exe\" ", varVal2=0x0), pType=0x2f6c570*=8, plFlavor=0x2f6c574*=0) returned 0x0 [0278.109] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Photo Viewer\\ground-college-maybe.exe\" ") returned 0x8e [0278.109] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Photo Viewer\\ground-college-maybe.exe\" ") returned 0x8e [0278.109] IWbemClassObject:Get (in: This=0x9bac40, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6c570*=8, plFlavor=0x2f6c574*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Photo Viewer\\ground-college-maybe.exe\" ", varVal2=0x0), pType=0x2f6c570*=8, plFlavor=0x2f6c574*=0) returned 0x0 [0278.109] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Photo Viewer\\ground-college-maybe.exe\" ") returned 0x8e [0278.109] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Photo Viewer\\ground-college-maybe.exe\" ") returned 0x8e [0278.109] CoTaskMemAlloc (cb=0x4) returned 0x989ca0 [0278.109] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989ca0, puReturned=0x2f500f0 | out: apObjects=0x989ca0*=0x9b9c50, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.110] IUnknown:QueryInterface (in: This=0x9b9c50, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b9c50) returned 0x0 [0278.111] IUnknown:QueryInterface (in: This=0x9b9c50, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.111] IUnknown:QueryInterface (in: This=0x9b9c50, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.111] IUnknown:QueryInterface (in: This=0x9b9c50, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.111] IUnknown:AddRef (This=0x9b9c50) returned 0x3 [0278.111] IUnknown:QueryInterface (in: This=0x9b9c50, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.111] IUnknown:QueryInterface (in: This=0x9b9c50, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.111] IUnknown:QueryInterface (in: This=0x9b9c50, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b9c54) returned 0x0 [0278.111] IMarshal:GetUnmarshalClass (in: This=0x9b9c54, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.111] IUnknown:Release (This=0x9b9c54) returned 0x3 [0278.111] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.111] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.111] IUnknown:QueryInterface (in: This=0x9b9c50, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.111] IUnknown:Release (This=0x9b9c50) returned 0x2 [0278.111] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.112] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.112] IUnknown:QueryInterface (in: This=0x9b9c50, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b9c50) returned 0x0 [0278.112] IUnknown:AddRef (This=0x9b9c50) returned 0x4 [0278.112] IUnknown:Release (This=0x9b9c50) returned 0x3 [0278.112] IUnknown:Release (This=0x9b9c50) returned 0x2 [0278.112] CoTaskMemFree (pv=0x989ca0) [0278.112] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.112] IUnknown:AddRef (This=0x9b9c50) returned 0x3 [0278.112] IWbemClassObject:Get (in: This=0x9b9c50, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.112] IWbemClassObject:Get (in: This=0x9b9c50, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5524\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.112] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5524\"") returned 0x66 [0278.112] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5524\"") returned 0x66 [0278.113] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.113] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.113] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.113] IUnknown:Release (This=0x968724) returned 0x1 [0278.114] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e30) returned 0x0 [0278.115] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e30, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.115] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e30, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bf980) returned 0x0 [0278.115] WbemDefPath:IUnknown:Release (This=0x989e30) returned 0x0 [0278.115] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf980, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bf980) returned 0x0 [0278.115] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf980, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.115] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf980, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.115] WbemDefPath:IUnknown:AddRef (This=0x9bf980) returned 0x3 [0278.115] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf980, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.115] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf980, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.115] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf980, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9bd0c0) returned 0x0 [0278.115] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9bd0c0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.116] WbemDefPath:IUnknown:Release (This=0x9bd0c0) returned 0x3 [0278.116] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.116] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.116] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf980, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.116] WbemDefPath:IUnknown:Release (This=0x9bf980) returned 0x2 [0278.116] WbemDefPath:IUnknown:Release (This=0x9bf980) returned 0x1 [0278.116] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.116] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.116] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf980, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bf980) returned 0x0 [0278.116] WbemDefPath:IUnknown:AddRef (This=0x9bf980) returned 0x3 [0278.116] WbemDefPath:IUnknown:Release (This=0x9bf980) returned 0x2 [0278.116] WbemDefPath:IWbemPath:SetText (This=0x9bf980, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5524\"") returned 0x0 [0278.117] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.117] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.117] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.117] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.117] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.117] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.117] IWbemClassObject:Get (in: This=0x9b9c50, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6d060*=0, plFlavor=0x2f6d064*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1594, varVal2=0x0), pType=0x2f6d060*=19, plFlavor=0x2f6d064*=0) returned 0x0 [0278.117] IWbemClassObject:Get (in: This=0x9b9c50, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6d060*=19, plFlavor=0x2f6d064*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1594, varVal2=0x0), pType=0x2f6d060*=19, plFlavor=0x2f6d064*=0) returned 0x0 [0278.117] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.118] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.118] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.118] IWbemClassObject:Get (in: This=0x9b9c50, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6d164*=0, plFlavor=0x2f6d168*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x2f6d164*=8, plFlavor=0x2f6d168*=0) returned 0x0 [0278.118] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0278.118] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0278.118] IWbemClassObject:Get (in: This=0x9b9c50, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6d164*=8, plFlavor=0x2f6d168*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="leechftp.exe", varVal2=0x0), pType=0x2f6d164*=8, plFlavor=0x2f6d168*=0) returned 0x0 [0278.118] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0278.118] SysStringByteLen (bstr="leechftp.exe") returned 0x18 [0278.118] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.118] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.118] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.118] IWbemClassObject:Get (in: This=0x9b9c50, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6d2a8*=0, plFlavor=0x2f6d2ac*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender\\leechftp.exe\" ", varVal2=0x0), pType=0x2f6d2a8*=8, plFlavor=0x2f6d2ac*=0) returned 0x0 [0278.118] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender\\leechftp.exe\" ") returned 0x62 [0278.118] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender\\leechftp.exe\" ") returned 0x62 [0278.118] IWbemClassObject:Get (in: This=0x9b9c50, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6d2a8*=8, plFlavor=0x2f6d2ac*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender\\leechftp.exe\" ", varVal2=0x0), pType=0x2f6d2a8*=8, plFlavor=0x2f6d2ac*=0) returned 0x0 [0278.119] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender\\leechftp.exe\" ") returned 0x62 [0278.119] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender\\leechftp.exe\" ") returned 0x62 [0278.119] CoTaskMemAlloc (cb=0x4) returned 0x989e20 [0278.119] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e20, puReturned=0x2f500f0 | out: apObjects=0x989e20*=0x9ba5e0, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.257] IUnknown:QueryInterface (in: This=0x9ba5e0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9ba5e0) returned 0x0 [0278.258] IUnknown:QueryInterface (in: This=0x9ba5e0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.258] IUnknown:QueryInterface (in: This=0x9ba5e0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.258] IUnknown:QueryInterface (in: This=0x9ba5e0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.258] IUnknown:AddRef (This=0x9ba5e0) returned 0x3 [0278.258] IUnknown:QueryInterface (in: This=0x9ba5e0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.258] IUnknown:QueryInterface (in: This=0x9ba5e0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.258] IUnknown:QueryInterface (in: This=0x9ba5e0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9ba5e4) returned 0x0 [0278.259] IMarshal:GetUnmarshalClass (in: This=0x9ba5e4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.259] IUnknown:Release (This=0x9ba5e4) returned 0x3 [0278.259] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.259] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.259] IUnknown:QueryInterface (in: This=0x9ba5e0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.259] IUnknown:Release (This=0x9ba5e0) returned 0x2 [0278.259] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.259] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.259] IUnknown:QueryInterface (in: This=0x9ba5e0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9ba5e0) returned 0x0 [0278.259] IUnknown:AddRef (This=0x9ba5e0) returned 0x4 [0278.259] IUnknown:Release (This=0x9ba5e0) returned 0x3 [0278.259] IUnknown:Release (This=0x9ba5e0) returned 0x2 [0278.259] CoTaskMemFree (pv=0x989e20) [0278.259] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.259] IUnknown:AddRef (This=0x9ba5e0) returned 0x3 [0278.260] IWbemClassObject:Get (in: This=0x9ba5e0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.260] IWbemClassObject:Get (in: This=0x9ba5e0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5532\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.260] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5532\"") returned 0x66 [0278.260] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5532\"") returned 0x66 [0278.260] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.260] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.261] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.261] IUnknown:Release (This=0x968724) returned 0x1 [0278.266] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989ce0) returned 0x0 [0278.266] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ce0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.266] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ce0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bf7c0) returned 0x0 [0278.267] WbemDefPath:IUnknown:Release (This=0x989ce0) returned 0x0 [0278.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf7c0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bf7c0) returned 0x0 [0278.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf7c0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf7c0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.268] WbemDefPath:IUnknown:AddRef (This=0x9bf7c0) returned 0x3 [0278.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf7c0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf7c0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf7c0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9c3b58) returned 0x0 [0278.268] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9c3b58, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.268] WbemDefPath:IUnknown:Release (This=0x9c3b58) returned 0x3 [0278.268] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.268] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf7c0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.268] WbemDefPath:IUnknown:Release (This=0x9bf7c0) returned 0x2 [0278.268] WbemDefPath:IUnknown:Release (This=0x9bf7c0) returned 0x1 [0278.268] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.268] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf7c0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bf7c0) returned 0x0 [0278.269] WbemDefPath:IUnknown:AddRef (This=0x9bf7c0) returned 0x3 [0278.269] WbemDefPath:IUnknown:Release (This=0x9bf7c0) returned 0x2 [0278.269] WbemDefPath:IWbemPath:SetText (This=0x9bf7c0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5532\"") returned 0x0 [0278.269] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.269] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.269] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.270] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.270] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.270] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.270] IWbemClassObject:Get (in: This=0x9ba5e0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6dcfc*=0, plFlavor=0x2f6dd00*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x159c, varVal2=0x0), pType=0x2f6dcfc*=19, plFlavor=0x2f6dd00*=0) returned 0x0 [0278.270] IWbemClassObject:Get (in: This=0x9ba5e0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6dcfc*=19, plFlavor=0x2f6dd00*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x159c, varVal2=0x0), pType=0x2f6dcfc*=19, plFlavor=0x2f6dd00*=0) returned 0x0 [0278.270] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.270] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.270] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.271] IWbemClassObject:Get (in: This=0x9ba5e0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6de00*=0, plFlavor=0x2f6de04*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="seek raise want.exe", varVal2=0x0), pType=0x2f6de00*=8, plFlavor=0x2f6de04*=0) returned 0x0 [0278.271] SysStringByteLen (bstr="seek raise want.exe") returned 0x26 [0278.271] SysStringByteLen (bstr="seek raise want.exe") returned 0x26 [0278.271] IWbemClassObject:Get (in: This=0x9ba5e0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6de00*=8, plFlavor=0x2f6de04*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="seek raise want.exe", varVal2=0x0), pType=0x2f6de00*=8, plFlavor=0x2f6de04*=0) returned 0x0 [0278.271] SysStringByteLen (bstr="seek raise want.exe") returned 0x26 [0278.271] SysStringByteLen (bstr="seek raise want.exe") returned 0x26 [0278.271] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.271] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.271] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.271] IWbemClassObject:Get (in: This=0x9ba5e0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6df5c*=0, plFlavor=0x2f6df60*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Mail\\seek raise want.exe\" ", varVal2=0x0), pType=0x2f6df5c*=8, plFlavor=0x2f6df60*=0) returned 0x0 [0278.271] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Mail\\seek raise want.exe\" ") returned 0x68 [0278.271] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Mail\\seek raise want.exe\" ") returned 0x68 [0278.272] IWbemClassObject:Get (in: This=0x9ba5e0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6df5c*=8, plFlavor=0x2f6df60*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Mail\\seek raise want.exe\" ", varVal2=0x0), pType=0x2f6df5c*=8, plFlavor=0x2f6df60*=0) returned 0x0 [0278.272] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Mail\\seek raise want.exe\" ") returned 0x68 [0278.272] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Mail\\seek raise want.exe\" ") returned 0x68 [0278.272] CoTaskMemAlloc (cb=0x4) returned 0x989d20 [0278.272] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d20, puReturned=0x2f500f0 | out: apObjects=0x989d20*=0x9b9de8, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.274] IUnknown:QueryInterface (in: This=0x9b9de8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b9de8) returned 0x0 [0278.274] IUnknown:QueryInterface (in: This=0x9b9de8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.274] IUnknown:QueryInterface (in: This=0x9b9de8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.274] IUnknown:QueryInterface (in: This=0x9b9de8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.274] IUnknown:AddRef (This=0x9b9de8) returned 0x3 [0278.274] IUnknown:QueryInterface (in: This=0x9b9de8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.274] IUnknown:QueryInterface (in: This=0x9b9de8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.274] IUnknown:QueryInterface (in: This=0x9b9de8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b9dec) returned 0x0 [0278.274] IMarshal:GetUnmarshalClass (in: This=0x9b9dec, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.274] IUnknown:Release (This=0x9b9dec) returned 0x3 [0278.275] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.275] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.275] IUnknown:QueryInterface (in: This=0x9b9de8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.275] IUnknown:Release (This=0x9b9de8) returned 0x2 [0278.275] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.275] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.275] IUnknown:QueryInterface (in: This=0x9b9de8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b9de8) returned 0x0 [0278.275] IUnknown:AddRef (This=0x9b9de8) returned 0x4 [0278.275] IUnknown:Release (This=0x9b9de8) returned 0x3 [0278.275] IUnknown:Release (This=0x9b9de8) returned 0x2 [0278.275] CoTaskMemFree (pv=0x989d20) [0278.275] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.275] IUnknown:AddRef (This=0x9b9de8) returned 0x3 [0278.275] IWbemClassObject:Get (in: This=0x9b9de8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.276] IWbemClassObject:Get (in: This=0x9b9de8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5544\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.276] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5544\"") returned 0x66 [0278.276] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5544\"") returned 0x66 [0278.276] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.276] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.276] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.276] IUnknown:Release (This=0x968724) returned 0x1 [0278.279] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989cb0) returned 0x0 [0278.279] WbemDefPath:IUnknown:QueryInterface (in: This=0x989cb0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.279] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989cb0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bf9f0) returned 0x0 [0278.279] WbemDefPath:IUnknown:Release (This=0x989cb0) returned 0x0 [0278.280] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf9f0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bf9f0) returned 0x0 [0278.280] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf9f0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.280] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf9f0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.280] WbemDefPath:IUnknown:AddRef (This=0x9bf9f0) returned 0x3 [0278.280] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf9f0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.280] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf9f0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.280] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf9f0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9c38d0) returned 0x0 [0278.280] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9c38d0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.280] WbemDefPath:IUnknown:Release (This=0x9c38d0) returned 0x3 [0278.280] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.280] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf9f0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.281] WbemDefPath:IUnknown:Release (This=0x9bf9f0) returned 0x2 [0278.281] WbemDefPath:IUnknown:Release (This=0x9bf9f0) returned 0x1 [0278.281] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.281] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.281] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf9f0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bf9f0) returned 0x0 [0278.281] WbemDefPath:IUnknown:AddRef (This=0x9bf9f0) returned 0x3 [0278.281] WbemDefPath:IUnknown:Release (This=0x9bf9f0) returned 0x2 [0278.281] WbemDefPath:IWbemPath:SetText (This=0x9bf9f0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5544\"") returned 0x0 [0278.281] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.281] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.281] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.281] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.281] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.281] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.281] IWbemClassObject:Get (in: This=0x9b9de8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6e9e0*=0, plFlavor=0x2f6e9e4*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15a8, varVal2=0x0), pType=0x2f6e9e0*=19, plFlavor=0x2f6e9e4*=0) returned 0x0 [0278.282] IWbemClassObject:Get (in: This=0x9b9de8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6e9e0*=19, plFlavor=0x2f6e9e4*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15a8, varVal2=0x0), pType=0x2f6e9e0*=19, plFlavor=0x2f6e9e4*=0) returned 0x0 [0278.282] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.282] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.282] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.282] IWbemClassObject:Get (in: This=0x9b9de8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6eae4*=0, plFlavor=0x2f6eae8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x2f6eae4*=8, plFlavor=0x2f6eae8*=0) returned 0x0 [0278.282] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0278.282] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0278.282] IWbemClassObject:Get (in: This=0x9b9de8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6eae4*=8, plFlavor=0x2f6eae8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="alftp.exe", varVal2=0x0), pType=0x2f6eae4*=8, plFlavor=0x2f6eae8*=0) returned 0x0 [0278.283] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0278.283] SysStringByteLen (bstr="alftp.exe") returned 0x12 [0278.283] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.283] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.283] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.283] IWbemClassObject:Get (in: This=0x9b9de8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6ec18*=0, plFlavor=0x2f6ec1c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\alftp.exe\" ", varVal2=0x0), pType=0x2f6ec18*=8, plFlavor=0x2f6ec1c*=0) returned 0x0 [0278.283] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\alftp.exe\" ") returned 0x6a [0278.283] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\alftp.exe\" ") returned 0x6a [0278.283] IWbemClassObject:Get (in: This=0x9b9de8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6ec18*=8, plFlavor=0x2f6ec1c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\alftp.exe\" ", varVal2=0x0), pType=0x2f6ec18*=8, plFlavor=0x2f6ec1c*=0) returned 0x0 [0278.283] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\alftp.exe\" ") returned 0x6a [0278.283] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\alftp.exe\" ") returned 0x6a [0278.283] CoTaskMemAlloc (cb=0x4) returned 0x989d20 [0278.283] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d20, puReturned=0x2f500f0 | out: apObjects=0x989d20*=0x9b9f80, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.501] IUnknown:QueryInterface (in: This=0x9b9f80, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9b9f80) returned 0x0 [0278.502] IUnknown:QueryInterface (in: This=0x9b9f80, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.502] IUnknown:QueryInterface (in: This=0x9b9f80, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.502] IUnknown:QueryInterface (in: This=0x9b9f80, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.502] IUnknown:AddRef (This=0x9b9f80) returned 0x3 [0278.502] IUnknown:QueryInterface (in: This=0x9b9f80, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.502] IUnknown:QueryInterface (in: This=0x9b9f80, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.502] IUnknown:QueryInterface (in: This=0x9b9f80, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9b9f84) returned 0x0 [0278.503] IMarshal:GetUnmarshalClass (in: This=0x9b9f84, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.503] IUnknown:Release (This=0x9b9f84) returned 0x3 [0278.503] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.503] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.503] IUnknown:QueryInterface (in: This=0x9b9f80, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.503] IUnknown:Release (This=0x9b9f80) returned 0x2 [0278.503] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.503] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.503] IUnknown:QueryInterface (in: This=0x9b9f80, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9b9f80) returned 0x0 [0278.503] IUnknown:AddRef (This=0x9b9f80) returned 0x4 [0278.503] IUnknown:Release (This=0x9b9f80) returned 0x3 [0278.503] IUnknown:Release (This=0x9b9f80) returned 0x2 [0278.503] CoTaskMemFree (pv=0x989d20) [0278.503] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.503] IUnknown:AddRef (This=0x9b9f80) returned 0x3 [0278.504] IWbemClassObject:Get (in: This=0x9b9f80, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.504] IWbemClassObject:Get (in: This=0x9b9f80, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5576\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.504] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5576\"") returned 0x66 [0278.504] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5576\"") returned 0x66 [0278.504] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.504] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.504] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.505] IUnknown:Release (This=0x968724) returned 0x1 [0278.506] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d20) returned 0x0 [0278.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d20, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.507] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d20, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bfa60) returned 0x0 [0278.507] WbemDefPath:IUnknown:Release (This=0x989d20) returned 0x0 [0278.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfa60, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bfa60) returned 0x0 [0278.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfa60, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfa60, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.507] WbemDefPath:IUnknown:AddRef (This=0x9bfa60) returned 0x3 [0278.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfa60, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfa60, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfa60, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9c3e58) returned 0x0 [0278.508] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9c3e58, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.508] WbemDefPath:IUnknown:Release (This=0x9c3e58) returned 0x3 [0278.508] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.508] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.508] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfa60, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.508] WbemDefPath:IUnknown:Release (This=0x9bfa60) returned 0x2 [0278.508] WbemDefPath:IUnknown:Release (This=0x9bfa60) returned 0x1 [0278.508] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.508] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.508] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfa60, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bfa60) returned 0x0 [0278.508] WbemDefPath:IUnknown:AddRef (This=0x9bfa60) returned 0x3 [0278.508] WbemDefPath:IUnknown:Release (This=0x9bfa60) returned 0x2 [0278.508] WbemDefPath:IWbemPath:SetText (This=0x9bfa60, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5576\"") returned 0x0 [0278.508] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.508] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.508] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.508] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.509] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.509] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.509] IWbemClassObject:Get (in: This=0x9b9f80, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6f67c*=0, plFlavor=0x2f6f680*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15c8, varVal2=0x0), pType=0x2f6f67c*=19, plFlavor=0x2f6f680*=0) returned 0x0 [0278.509] IWbemClassObject:Get (in: This=0x9b9f80, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6f67c*=19, plFlavor=0x2f6f680*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15c8, varVal2=0x0), pType=0x2f6f67c*=19, plFlavor=0x2f6f680*=0) returned 0x0 [0278.509] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.509] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.509] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.509] IWbemClassObject:Get (in: This=0x9b9f80, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6f780*=0, plFlavor=0x2f6f784*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x2f6f780*=8, plFlavor=0x2f6f784*=0) returned 0x0 [0278.510] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0278.510] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0278.510] IWbemClassObject:Get (in: This=0x9b9f80, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6f780*=8, plFlavor=0x2f6f784*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ncftp.exe", varVal2=0x0), pType=0x2f6f780*=8, plFlavor=0x2f6f784*=0) returned 0x0 [0278.510] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0278.510] SysStringByteLen (bstr="ncftp.exe") returned 0x12 [0278.510] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.510] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.510] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.510] IWbemClassObject:Get (in: This=0x9b9f80, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6f8b4*=0, plFlavor=0x2f6f8b8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Mail\\ncftp.exe\" ", varVal2=0x0), pType=0x2f6f8b4*=8, plFlavor=0x2f6f8b8*=0) returned 0x0 [0278.510] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Mail\\ncftp.exe\" ") returned 0x60 [0278.510] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Mail\\ncftp.exe\" ") returned 0x60 [0278.510] IWbemClassObject:Get (in: This=0x9b9f80, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f6f8b4*=8, plFlavor=0x2f6f8b8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Mail\\ncftp.exe\" ", varVal2=0x0), pType=0x2f6f8b4*=8, plFlavor=0x2f6f8b8*=0) returned 0x0 [0278.510] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Mail\\ncftp.exe\" ") returned 0x60 [0278.510] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Mail\\ncftp.exe\" ") returned 0x60 [0278.511] CoTaskMemAlloc (cb=0x4) returned 0x989c90 [0278.511] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989c90, puReturned=0x2f500f0 | out: apObjects=0x989c90*=0x9ba448, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.561] IUnknown:QueryInterface (in: This=0x9ba448, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9ba448) returned 0x0 [0278.561] IUnknown:QueryInterface (in: This=0x9ba448, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.561] IUnknown:QueryInterface (in: This=0x9ba448, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.561] IUnknown:QueryInterface (in: This=0x9ba448, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.562] IUnknown:AddRef (This=0x9ba448) returned 0x3 [0278.562] IUnknown:QueryInterface (in: This=0x9ba448, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.562] IUnknown:QueryInterface (in: This=0x9ba448, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.562] IUnknown:QueryInterface (in: This=0x9ba448, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9ba44c) returned 0x0 [0278.562] IMarshal:GetUnmarshalClass (in: This=0x9ba44c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.562] IUnknown:Release (This=0x9ba44c) returned 0x3 [0278.562] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.562] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.562] IUnknown:QueryInterface (in: This=0x9ba448, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.562] IUnknown:Release (This=0x9ba448) returned 0x2 [0278.562] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.562] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.562] IUnknown:QueryInterface (in: This=0x9ba448, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9ba448) returned 0x0 [0278.563] IUnknown:AddRef (This=0x9ba448) returned 0x4 [0278.563] IUnknown:Release (This=0x9ba448) returned 0x3 [0278.563] IUnknown:Release (This=0x9ba448) returned 0x2 [0278.563] CoTaskMemFree (pv=0x989c90) [0278.563] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.563] IUnknown:AddRef (This=0x9ba448) returned 0x3 [0278.563] IWbemClassObject:Get (in: This=0x9ba448, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.563] IWbemClassObject:Get (in: This=0x9ba448, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5584\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.564] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5584\"") returned 0x66 [0278.564] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5584\"") returned 0x66 [0278.564] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.564] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.564] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.564] IUnknown:Release (This=0x968724) returned 0x1 [0278.566] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d20) returned 0x0 [0278.567] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d20, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.567] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d20, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bef00) returned 0x0 [0278.567] WbemDefPath:IUnknown:Release (This=0x989d20) returned 0x0 [0278.567] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bef00, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bef00) returned 0x0 [0278.567] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bef00, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.567] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bef00, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.567] WbemDefPath:IUnknown:AddRef (This=0x9bef00) returned 0x3 [0278.567] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bef00, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.567] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bef00, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.567] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bef00, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9c3fd8) returned 0x0 [0278.568] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9c3fd8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.568] WbemDefPath:IUnknown:Release (This=0x9c3fd8) returned 0x3 [0278.568] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.568] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.568] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bef00, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.568] WbemDefPath:IUnknown:Release (This=0x9bef00) returned 0x2 [0278.568] WbemDefPath:IUnknown:Release (This=0x9bef00) returned 0x1 [0278.568] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.568] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.568] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bef00, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bef00) returned 0x0 [0278.568] WbemDefPath:IUnknown:AddRef (This=0x9bef00) returned 0x3 [0278.568] WbemDefPath:IUnknown:Release (This=0x9bef00) returned 0x2 [0278.568] WbemDefPath:IWbemPath:SetText (This=0x9bef00, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5584\"") returned 0x0 [0278.568] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.568] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.568] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.569] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.569] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.569] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.569] IWbemClassObject:Get (in: This=0x9ba448, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7030c*=0, plFlavor=0x2f70310*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15d0, varVal2=0x0), pType=0x2f7030c*=19, plFlavor=0x2f70310*=0) returned 0x0 [0278.569] IWbemClassObject:Get (in: This=0x9ba448, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7030c*=19, plFlavor=0x2f70310*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15d0, varVal2=0x0), pType=0x2f7030c*=19, plFlavor=0x2f70310*=0) returned 0x0 [0278.569] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.569] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.569] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.569] IWbemClassObject:Get (in: This=0x9ba448, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f70410*=0, plFlavor=0x2f70414*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="developrest.exe", varVal2=0x0), pType=0x2f70410*=8, plFlavor=0x2f70414*=0) returned 0x0 [0278.570] SysStringByteLen (bstr="developrest.exe") returned 0x1e [0278.570] SysStringByteLen (bstr="developrest.exe") returned 0x1e [0278.570] IWbemClassObject:Get (in: This=0x9ba448, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f70410*=8, plFlavor=0x2f70414*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="developrest.exe", varVal2=0x0), pType=0x2f70410*=8, plFlavor=0x2f70414*=0) returned 0x0 [0278.570] SysStringByteLen (bstr="developrest.exe") returned 0x1e [0278.570] SysStringByteLen (bstr="developrest.exe") returned 0x1e [0278.570] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.570] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.570] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.570] IWbemClassObject:Get (in: This=0x9ba448, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7055c*=0, plFlavor=0x2f70560*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Multimedia Platform\\developrest.exe\" ", varVal2=0x0), pType=0x2f7055c*=8, plFlavor=0x2f70560*=0) returned 0x0 [0278.570] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Multimedia Platform\\developrest.exe\" ") returned 0x8a [0278.570] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Multimedia Platform\\developrest.exe\" ") returned 0x8a [0278.570] IWbemClassObject:Get (in: This=0x9ba448, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7055c*=8, plFlavor=0x2f70560*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Multimedia Platform\\developrest.exe\" ", varVal2=0x0), pType=0x2f7055c*=8, plFlavor=0x2f70560*=0) returned 0x0 [0278.570] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Multimedia Platform\\developrest.exe\" ") returned 0x8a [0278.571] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Multimedia Platform\\developrest.exe\" ") returned 0x8a [0278.571] CoTaskMemAlloc (cb=0x4) returned 0x989e20 [0278.571] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e20, puReturned=0x2f500f0 | out: apObjects=0x989e20*=0x9ba778, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.573] IUnknown:QueryInterface (in: This=0x9ba778, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9ba778) returned 0x0 [0278.573] IUnknown:QueryInterface (in: This=0x9ba778, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.573] IUnknown:QueryInterface (in: This=0x9ba778, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.573] IUnknown:QueryInterface (in: This=0x9ba778, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.574] IUnknown:AddRef (This=0x9ba778) returned 0x3 [0278.574] IUnknown:QueryInterface (in: This=0x9ba778, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.575] IUnknown:QueryInterface (in: This=0x9ba778, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.575] IUnknown:QueryInterface (in: This=0x9ba778, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9ba77c) returned 0x0 [0278.575] IMarshal:GetUnmarshalClass (in: This=0x9ba77c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.575] IUnknown:Release (This=0x9ba77c) returned 0x3 [0278.575] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.575] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.575] IUnknown:QueryInterface (in: This=0x9ba778, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.575] IUnknown:Release (This=0x9ba778) returned 0x2 [0278.575] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.575] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.575] IUnknown:QueryInterface (in: This=0x9ba778, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9ba778) returned 0x0 [0278.575] IUnknown:AddRef (This=0x9ba778) returned 0x4 [0278.575] IUnknown:Release (This=0x9ba778) returned 0x3 [0278.575] IUnknown:Release (This=0x9ba778) returned 0x2 [0278.575] CoTaskMemFree (pv=0x989e20) [0278.576] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.576] IUnknown:AddRef (This=0x9ba778) returned 0x3 [0278.576] IWbemClassObject:Get (in: This=0x9ba778, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.576] IWbemClassObject:Get (in: This=0x9ba778, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5604\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.576] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5604\"") returned 0x66 [0278.576] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5604\"") returned 0x66 [0278.576] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.577] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.577] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.577] IUnknown:Release (This=0x968724) returned 0x1 [0278.579] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d90) returned 0x0 [0278.579] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.579] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bf130) returned 0x0 [0278.579] WbemDefPath:IUnknown:Release (This=0x989d90) returned 0x0 [0278.579] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf130, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bf130) returned 0x0 [0278.579] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf130, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.579] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf130, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.579] WbemDefPath:IUnknown:AddRef (This=0x9bf130) returned 0x3 [0278.579] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf130, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.580] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf130, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.580] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf130, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9c3f48) returned 0x0 [0278.580] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9c3f48, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.580] WbemDefPath:IUnknown:Release (This=0x9c3f48) returned 0x3 [0278.580] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.580] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.580] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf130, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.580] WbemDefPath:IUnknown:Release (This=0x9bf130) returned 0x2 [0278.580] WbemDefPath:IUnknown:Release (This=0x9bf130) returned 0x1 [0278.580] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.580] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.580] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf130, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bf130) returned 0x0 [0278.580] WbemDefPath:IUnknown:AddRef (This=0x9bf130) returned 0x3 [0278.580] WbemDefPath:IUnknown:Release (This=0x9bf130) returned 0x2 [0278.580] WbemDefPath:IWbemPath:SetText (This=0x9bf130, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5604\"") returned 0x0 [0278.580] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.580] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.581] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.581] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.581] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.581] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.581] IWbemClassObject:Get (in: This=0x9ba778, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7102c*=0, plFlavor=0x2f71030*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15e4, varVal2=0x0), pType=0x2f7102c*=19, plFlavor=0x2f71030*=0) returned 0x0 [0278.582] IWbemClassObject:Get (in: This=0x9ba778, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7102c*=19, plFlavor=0x2f71030*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15e4, varVal2=0x0), pType=0x2f7102c*=19, plFlavor=0x2f71030*=0) returned 0x0 [0278.582] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.582] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.582] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.582] IWbemClassObject:Get (in: This=0x9ba778, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f71130*=0, plFlavor=0x2f71134*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x2f71130*=8, plFlavor=0x2f71134*=0) returned 0x0 [0278.582] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0278.582] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0278.582] IWbemClassObject:Get (in: This=0x9ba778, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f71130*=8, plFlavor=0x2f71134*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="whatsapp.exe", varVal2=0x0), pType=0x2f71130*=8, plFlavor=0x2f71134*=0) returned 0x0 [0278.582] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0278.582] SysStringByteLen (bstr="whatsapp.exe") returned 0x18 [0278.582] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.583] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.583] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.583] IWbemClassObject:Get (in: This=0x9ba778, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f71274*=0, plFlavor=0x2f71278*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\whatsapp.exe\" ", varVal2=0x0), pType=0x2f71274*=8, plFlavor=0x2f71278*=0) returned 0x0 [0278.583] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\whatsapp.exe\" ") returned 0x68 [0278.583] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\whatsapp.exe\" ") returned 0x68 [0278.583] IWbemClassObject:Get (in: This=0x9ba778, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f71274*=8, plFlavor=0x2f71278*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\whatsapp.exe\" ", varVal2=0x0), pType=0x2f71274*=8, plFlavor=0x2f71278*=0) returned 0x0 [0278.583] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\whatsapp.exe\" ") returned 0x68 [0278.583] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\whatsapp.exe\" ") returned 0x68 [0278.583] CoTaskMemAlloc (cb=0x4) returned 0x989d90 [0278.583] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d90, puReturned=0x2f500f0 | out: apObjects=0x989d90*=0x9c83f0, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.585] IUnknown:QueryInterface (in: This=0x9c83f0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c83f0) returned 0x0 [0278.586] IUnknown:QueryInterface (in: This=0x9c83f0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.586] IUnknown:QueryInterface (in: This=0x9c83f0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.586] IUnknown:QueryInterface (in: This=0x9c83f0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.586] IUnknown:AddRef (This=0x9c83f0) returned 0x3 [0278.586] IUnknown:QueryInterface (in: This=0x9c83f0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.586] IUnknown:QueryInterface (in: This=0x9c83f0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.586] IUnknown:QueryInterface (in: This=0x9c83f0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c83f4) returned 0x0 [0278.586] IMarshal:GetUnmarshalClass (in: This=0x9c83f4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.586] IUnknown:Release (This=0x9c83f4) returned 0x3 [0278.586] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.587] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.587] IUnknown:QueryInterface (in: This=0x9c83f0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.587] IUnknown:Release (This=0x9c83f0) returned 0x2 [0278.587] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.587] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.587] IUnknown:QueryInterface (in: This=0x9c83f0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c83f0) returned 0x0 [0278.587] IUnknown:AddRef (This=0x9c83f0) returned 0x4 [0278.587] IUnknown:Release (This=0x9c83f0) returned 0x3 [0278.587] IUnknown:Release (This=0x9c83f0) returned 0x2 [0278.587] CoTaskMemFree (pv=0x989d90) [0278.587] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.587] IUnknown:AddRef (This=0x9c83f0) returned 0x3 [0278.587] IWbemClassObject:Get (in: This=0x9c83f0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.588] IWbemClassObject:Get (in: This=0x9c83f0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5612\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.588] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5612\"") returned 0x66 [0278.588] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5612\"") returned 0x66 [0278.588] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.588] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.588] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.588] IUnknown:Release (This=0x968724) returned 0x1 [0278.591] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989da0) returned 0x0 [0278.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x989da0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.591] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989da0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9befe0) returned 0x0 [0278.591] WbemDefPath:IUnknown:Release (This=0x989da0) returned 0x0 [0278.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x9befe0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9befe0) returned 0x0 [0278.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x9befe0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.591] WbemDefPath:IUnknown:QueryInterface (in: This=0x9befe0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.592] WbemDefPath:IUnknown:AddRef (This=0x9befe0) returned 0x3 [0278.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x9befe0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x9befe0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x9befe0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9c4260) returned 0x0 [0278.592] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9c4260, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.592] WbemDefPath:IUnknown:Release (This=0x9c4260) returned 0x3 [0278.592] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.592] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.592] WbemDefPath:IUnknown:QueryInterface (in: This=0x9befe0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.592] WbemDefPath:IUnknown:Release (This=0x9befe0) returned 0x2 [0278.592] WbemDefPath:IUnknown:Release (This=0x9befe0) returned 0x1 [0278.592] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.593] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x9befe0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9befe0) returned 0x0 [0278.593] WbemDefPath:IUnknown:AddRef (This=0x9befe0) returned 0x3 [0278.593] WbemDefPath:IUnknown:Release (This=0x9befe0) returned 0x2 [0278.593] WbemDefPath:IWbemPath:SetText (This=0x9befe0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5612\"") returned 0x0 [0278.593] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.593] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.593] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.593] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.593] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.593] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.593] IWbemClassObject:Get (in: This=0x9c83f0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f71cdc*=0, plFlavor=0x2f71ce0*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15ec, varVal2=0x0), pType=0x2f71cdc*=19, plFlavor=0x2f71ce0*=0) returned 0x0 [0278.594] IWbemClassObject:Get (in: This=0x9c83f0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f71cdc*=19, plFlavor=0x2f71ce0*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15ec, varVal2=0x0), pType=0x2f71cdc*=19, plFlavor=0x2f71ce0*=0) returned 0x0 [0278.594] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.594] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.594] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.594] IWbemClassObject:Get (in: This=0x9c83f0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f71de0*=0, plFlavor=0x2f71de4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x2f71de0*=8, plFlavor=0x2f71de4*=0) returned 0x0 [0278.594] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0278.594] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0278.594] IWbemClassObject:Get (in: This=0x9c83f0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f71de0*=8, plFlavor=0x2f71de4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="yahoomessenger.exe", varVal2=0x0), pType=0x2f71de0*=8, plFlavor=0x2f71de4*=0) returned 0x0 [0278.594] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0278.594] SysStringByteLen (bstr="yahoomessenger.exe") returned 0x24 [0278.595] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.595] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.595] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.595] IWbemClassObject:Get (in: This=0x9c83f0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f71f3c*=0, plFlavor=0x2f71f40*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\yahoomessenger.exe\" ", varVal2=0x0), pType=0x2f71f3c*=8, plFlavor=0x2f71f40*=0) returned 0x0 [0278.595] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\yahoomessenger.exe\" ") returned 0xa4 [0278.596] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\yahoomessenger.exe\" ") returned 0xa4 [0278.596] IWbemClassObject:Get (in: This=0x9c83f0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f71f3c*=8, plFlavor=0x2f71f40*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\yahoomessenger.exe\" ", varVal2=0x0), pType=0x2f71f3c*=8, plFlavor=0x2f71f40*=0) returned 0x0 [0278.596] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\yahoomessenger.exe\" ") returned 0xa4 [0278.596] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\yahoomessenger.exe\" ") returned 0xa4 [0278.596] CoTaskMemAlloc (cb=0x4) returned 0x989db0 [0278.596] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989db0, puReturned=0x2f500f0 | out: apObjects=0x989db0*=0x9c8258, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.691] IUnknown:QueryInterface (in: This=0x9c8258, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c8258) returned 0x0 [0278.691] IUnknown:QueryInterface (in: This=0x9c8258, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.691] IUnknown:QueryInterface (in: This=0x9c8258, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.691] IUnknown:QueryInterface (in: This=0x9c8258, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.692] IUnknown:AddRef (This=0x9c8258) returned 0x3 [0278.692] IUnknown:QueryInterface (in: This=0x9c8258, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.692] IUnknown:QueryInterface (in: This=0x9c8258, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.692] IUnknown:QueryInterface (in: This=0x9c8258, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c825c) returned 0x0 [0278.692] IMarshal:GetUnmarshalClass (in: This=0x9c825c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.692] IUnknown:Release (This=0x9c825c) returned 0x3 [0278.692] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.692] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.692] IUnknown:QueryInterface (in: This=0x9c8258, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.692] IUnknown:Release (This=0x9c8258) returned 0x2 [0278.692] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.692] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.692] IUnknown:QueryInterface (in: This=0x9c8258, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c8258) returned 0x0 [0278.692] IUnknown:AddRef (This=0x9c8258) returned 0x4 [0278.692] IUnknown:Release (This=0x9c8258) returned 0x3 [0278.693] IUnknown:Release (This=0x9c8258) returned 0x2 [0278.693] CoTaskMemFree (pv=0x989db0) [0278.693] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.693] IUnknown:AddRef (This=0x9c8258) returned 0x3 [0278.693] IWbemClassObject:Get (in: This=0x9c8258, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.693] IWbemClassObject:Get (in: This=0x9c8258, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5628\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.693] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5628\"") returned 0x66 [0278.693] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5628\"") returned 0x66 [0278.694] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.694] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.694] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.694] IUnknown:Release (This=0x968724) returned 0x1 [0278.696] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989dd0) returned 0x0 [0278.696] WbemDefPath:IUnknown:QueryInterface (in: This=0x989dd0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.696] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989dd0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bf210) returned 0x0 [0278.696] WbemDefPath:IUnknown:Release (This=0x989dd0) returned 0x0 [0278.696] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf210, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bf210) returned 0x0 [0278.696] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf210, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.696] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf210, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.697] WbemDefPath:IUnknown:AddRef (This=0x9bf210) returned 0x3 [0278.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf210, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf210, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf210, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9c4338) returned 0x0 [0278.697] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9c4338, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.697] WbemDefPath:IUnknown:Release (This=0x9c4338) returned 0x3 [0278.697] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.697] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.697] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf210, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.697] WbemDefPath:IUnknown:Release (This=0x9bf210) returned 0x2 [0278.697] WbemDefPath:IUnknown:Release (This=0x9bf210) returned 0x1 [0278.697] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.698] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.698] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf210, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bf210) returned 0x0 [0278.698] WbemDefPath:IUnknown:AddRef (This=0x9bf210) returned 0x3 [0278.698] WbemDefPath:IUnknown:Release (This=0x9bf210) returned 0x2 [0278.698] WbemDefPath:IWbemPath:SetText (This=0x9bf210, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5628\"") returned 0x0 [0278.698] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.698] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.698] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.698] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.698] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.698] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.698] IWbemClassObject:Get (in: This=0x9c8258, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f72a70*=0, plFlavor=0x2f72a74*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15fc, varVal2=0x0), pType=0x2f72a70*=19, plFlavor=0x2f72a74*=0) returned 0x0 [0278.698] IWbemClassObject:Get (in: This=0x9c8258, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f72a70*=19, plFlavor=0x2f72a74*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x15fc, varVal2=0x0), pType=0x2f72a70*=19, plFlavor=0x2f72a74*=0) returned 0x0 [0278.700] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.700] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.700] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.700] IWbemClassObject:Get (in: This=0x9c8258, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f72b74*=0, plFlavor=0x2f72b78*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x2f72b74*=8, plFlavor=0x2f72b78*=0) returned 0x0 [0278.700] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0278.700] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0278.700] IWbemClassObject:Get (in: This=0x9c8258, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f72b74*=8, plFlavor=0x2f72b78*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="bitkinex.exe", varVal2=0x0), pType=0x2f72b74*=8, plFlavor=0x2f72b78*=0) returned 0x0 [0278.700] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0278.700] SysStringByteLen (bstr="bitkinex.exe") returned 0x18 [0278.700] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.700] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.700] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.700] IWbemClassObject:Get (in: This=0x9c8258, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f72cb8*=0, plFlavor=0x2f72cbc*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Mail\\bitkinex.exe\" ", varVal2=0x0), pType=0x2f72cb8*=8, plFlavor=0x2f72cbc*=0) returned 0x0 [0278.700] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Mail\\bitkinex.exe\" ") returned 0x66 [0278.701] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Mail\\bitkinex.exe\" ") returned 0x66 [0278.701] IWbemClassObject:Get (in: This=0x9c8258, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f72cb8*=8, plFlavor=0x2f72cbc*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Mail\\bitkinex.exe\" ", varVal2=0x0), pType=0x2f72cb8*=8, plFlavor=0x2f72cbc*=0) returned 0x0 [0278.701] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Mail\\bitkinex.exe\" ") returned 0x66 [0278.701] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Mail\\bitkinex.exe\" ") returned 0x66 [0278.701] CoTaskMemAlloc (cb=0x4) returned 0x989d90 [0278.701] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d90, puReturned=0x2f500f0 | out: apObjects=0x989d90*=0x9c9a40, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.702] IUnknown:QueryInterface (in: This=0x9c9a40, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c9a40) returned 0x0 [0278.703] IUnknown:QueryInterface (in: This=0x9c9a40, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.703] IUnknown:QueryInterface (in: This=0x9c9a40, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.703] IUnknown:QueryInterface (in: This=0x9c9a40, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.703] IUnknown:AddRef (This=0x9c9a40) returned 0x3 [0278.703] IUnknown:QueryInterface (in: This=0x9c9a40, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.703] IUnknown:QueryInterface (in: This=0x9c9a40, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.703] IUnknown:QueryInterface (in: This=0x9c9a40, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c9a44) returned 0x0 [0278.703] IMarshal:GetUnmarshalClass (in: This=0x9c9a44, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.703] IUnknown:Release (This=0x9c9a44) returned 0x3 [0278.703] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.703] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.703] IUnknown:QueryInterface (in: This=0x9c9a40, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.704] IUnknown:Release (This=0x9c9a40) returned 0x2 [0278.704] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.704] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.704] IUnknown:QueryInterface (in: This=0x9c9a40, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c9a40) returned 0x0 [0278.704] IUnknown:AddRef (This=0x9c9a40) returned 0x4 [0278.704] IUnknown:Release (This=0x9c9a40) returned 0x3 [0278.704] IUnknown:Release (This=0x9c9a40) returned 0x2 [0278.704] CoTaskMemFree (pv=0x989d90) [0278.704] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.704] IUnknown:AddRef (This=0x9c9a40) returned 0x3 [0278.704] IWbemClassObject:Get (in: This=0x9c9a40, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.705] IWbemClassObject:Get (in: This=0x9c9a40, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5772\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.705] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5772\"") returned 0x66 [0278.705] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5772\"") returned 0x66 [0278.705] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.705] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.705] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.705] IUnknown:Release (This=0x968724) returned 0x1 [0278.707] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989ca0) returned 0x0 [0278.707] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ca0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.707] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ca0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bf2f0) returned 0x0 [0278.707] WbemDefPath:IUnknown:Release (This=0x989ca0) returned 0x0 [0278.708] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf2f0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bf2f0) returned 0x0 [0278.708] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf2f0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.708] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf2f0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.708] WbemDefPath:IUnknown:AddRef (This=0x9bf2f0) returned 0x3 [0278.708] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf2f0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.708] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf2f0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.708] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf2f0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9c44a0) returned 0x0 [0278.708] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9c44a0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.708] WbemDefPath:IUnknown:Release (This=0x9c44a0) returned 0x3 [0278.708] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.708] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.709] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf2f0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.709] WbemDefPath:IUnknown:Release (This=0x9bf2f0) returned 0x2 [0278.709] WbemDefPath:IUnknown:Release (This=0x9bf2f0) returned 0x1 [0278.709] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.709] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.709] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf2f0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bf2f0) returned 0x0 [0278.709] WbemDefPath:IUnknown:AddRef (This=0x9bf2f0) returned 0x3 [0278.709] WbemDefPath:IUnknown:Release (This=0x9bf2f0) returned 0x2 [0278.709] WbemDefPath:IWbemPath:SetText (This=0x9bf2f0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5772\"") returned 0x0 [0278.709] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.709] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.709] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.709] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.709] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.709] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.709] IWbemClassObject:Get (in: This=0x9c9a40, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f73718*=0, plFlavor=0x2f7371c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x168c, varVal2=0x0), pType=0x2f73718*=19, plFlavor=0x2f7371c*=0) returned 0x0 [0278.710] IWbemClassObject:Get (in: This=0x9c9a40, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f73718*=19, plFlavor=0x2f7371c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x168c, varVal2=0x0), pType=0x2f73718*=19, plFlavor=0x2f7371c*=0) returned 0x0 [0278.710] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.710] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.710] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.710] IWbemClassObject:Get (in: This=0x9c9a40, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7381c*=0, plFlavor=0x2f73820*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x2f7381c*=8, plFlavor=0x2f73820*=0) returned 0x0 [0278.710] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0278.710] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0278.710] IWbemClassObject:Get (in: This=0x9c9a40, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7381c*=8, plFlavor=0x2f73820*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="coreftp.exe", varVal2=0x0), pType=0x2f7381c*=8, plFlavor=0x2f73820*=0) returned 0x0 [0278.710] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0278.710] SysStringByteLen (bstr="coreftp.exe") returned 0x16 [0278.711] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.711] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.711] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.711] IWbemClassObject:Get (in: This=0x9c9a40, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f73958*=0, plFlavor=0x2f7395c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\coreftp.exe\" ", varVal2=0x0), pType=0x2f73958*=8, plFlavor=0x2f7395c*=0) returned 0x0 [0278.711] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\coreftp.exe\" ") returned 0x6e [0278.711] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\coreftp.exe\" ") returned 0x6e [0278.711] IWbemClassObject:Get (in: This=0x9c9a40, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f73958*=8, plFlavor=0x2f7395c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Internet Explorer\\coreftp.exe\" ", varVal2=0x0), pType=0x2f73958*=8, plFlavor=0x2f7395c*=0) returned 0x0 [0278.711] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\coreftp.exe\" ") returned 0x6e [0278.711] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Internet Explorer\\coreftp.exe\" ") returned 0x6e [0278.711] CoTaskMemAlloc (cb=0x4) returned 0x989d20 [0278.711] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d20, puReturned=0x2f500f0 | out: apObjects=0x989d20*=0x9c8f18, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.713] IUnknown:QueryInterface (in: This=0x9c8f18, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c8f18) returned 0x0 [0278.713] IUnknown:QueryInterface (in: This=0x9c8f18, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.713] IUnknown:QueryInterface (in: This=0x9c8f18, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.713] IUnknown:QueryInterface (in: This=0x9c8f18, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.713] IUnknown:AddRef (This=0x9c8f18) returned 0x3 [0278.713] IUnknown:QueryInterface (in: This=0x9c8f18, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.713] IUnknown:QueryInterface (in: This=0x9c8f18, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.713] IUnknown:QueryInterface (in: This=0x9c8f18, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c8f1c) returned 0x0 [0278.714] IMarshal:GetUnmarshalClass (in: This=0x9c8f1c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.714] IUnknown:Release (This=0x9c8f1c) returned 0x3 [0278.714] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.714] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.714] IUnknown:QueryInterface (in: This=0x9c8f18, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.714] IUnknown:Release (This=0x9c8f18) returned 0x2 [0278.714] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.714] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.714] IUnknown:QueryInterface (in: This=0x9c8f18, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c8f18) returned 0x0 [0278.714] IUnknown:AddRef (This=0x9c8f18) returned 0x4 [0278.714] IUnknown:Release (This=0x9c8f18) returned 0x3 [0278.714] IUnknown:Release (This=0x9c8f18) returned 0x2 [0278.714] CoTaskMemFree (pv=0x989d20) [0278.715] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.715] IUnknown:AddRef (This=0x9c8f18) returned 0x3 [0278.715] IWbemClassObject:Get (in: This=0x9c8f18, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.716] IWbemClassObject:Get (in: This=0x9c8f18, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5780\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.716] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5780\"") returned 0x66 [0278.716] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5780\"") returned 0x66 [0278.716] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.716] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.716] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.716] IUnknown:Release (This=0x968724) returned 0x1 [0278.719] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e20) returned 0x0 [0278.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e20, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.719] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e20, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bf3d0) returned 0x0 [0278.719] WbemDefPath:IUnknown:Release (This=0x989e20) returned 0x0 [0278.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf3d0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bf3d0) returned 0x0 [0278.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf3d0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.719] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf3d0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.720] WbemDefPath:IUnknown:AddRef (This=0x9bf3d0) returned 0x3 [0278.720] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf3d0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.720] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf3d0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.720] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf3d0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9c45c0) returned 0x0 [0278.720] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9c45c0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.720] WbemDefPath:IUnknown:Release (This=0x9c45c0) returned 0x3 [0278.720] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.720] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.720] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf3d0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.720] WbemDefPath:IUnknown:Release (This=0x9bf3d0) returned 0x2 [0278.720] WbemDefPath:IUnknown:Release (This=0x9bf3d0) returned 0x1 [0278.720] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.720] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.720] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf3d0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bf3d0) returned 0x0 [0278.720] WbemDefPath:IUnknown:AddRef (This=0x9bf3d0) returned 0x3 [0278.720] WbemDefPath:IUnknown:Release (This=0x9bf3d0) returned 0x2 [0278.720] WbemDefPath:IWbemPath:SetText (This=0x9bf3d0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5780\"") returned 0x0 [0278.721] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.721] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.721] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.721] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.721] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.721] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.721] IWbemClassObject:Get (in: This=0x9c8f18, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f743d8*=0, plFlavor=0x2f743dc*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1694, varVal2=0x0), pType=0x2f743d8*=19, plFlavor=0x2f743dc*=0) returned 0x0 [0278.721] IWbemClassObject:Get (in: This=0x9c8f18, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f743d8*=19, plFlavor=0x2f743dc*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1694, varVal2=0x0), pType=0x2f743d8*=19, plFlavor=0x2f743dc*=0) returned 0x0 [0278.721] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.721] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.722] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.722] IWbemClassObject:Get (in: This=0x9c8f18, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f744dc*=0, plFlavor=0x2f744e0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x2f744dc*=8, plFlavor=0x2f744e0*=0) returned 0x0 [0278.722] SysStringByteLen (bstr="far.exe") returned 0xe [0278.722] SysStringByteLen (bstr="far.exe") returned 0xe [0278.722] IWbemClassObject:Get (in: This=0x9c8f18, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f744dc*=8, plFlavor=0x2f744e0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="far.exe", varVal2=0x0), pType=0x2f744dc*=8, plFlavor=0x2f744e0*=0) returned 0x0 [0278.722] SysStringByteLen (bstr="far.exe") returned 0xe [0278.722] SysStringByteLen (bstr="far.exe") returned 0xe [0278.722] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.722] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.722] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.722] IWbemClassObject:Get (in: This=0x9c8f18, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f74608*=0, plFlavor=0x2f7460c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Common Files\\far.exe\" ", varVal2=0x0), pType=0x2f74608*=8, plFlavor=0x2f7460c*=0) returned 0x0 [0278.722] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Common Files\\far.exe\" ") returned 0x5c [0278.722] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Common Files\\far.exe\" ") returned 0x5c [0278.723] IWbemClassObject:Get (in: This=0x9c8f18, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f74608*=8, plFlavor=0x2f7460c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Common Files\\far.exe\" ", varVal2=0x0), pType=0x2f74608*=8, plFlavor=0x2f7460c*=0) returned 0x0 [0278.723] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Common Files\\far.exe\" ") returned 0x5c [0278.723] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Common Files\\far.exe\" ") returned 0x5c [0278.723] CoTaskMemAlloc (cb=0x4) returned 0x989db0 [0278.723] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989db0, puReturned=0x2f500f0 | out: apObjects=0x989db0*=0x9c8720, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.742] IUnknown:QueryInterface (in: This=0x9c8720, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c8720) returned 0x0 [0278.743] IUnknown:QueryInterface (in: This=0x9c8720, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.743] IUnknown:QueryInterface (in: This=0x9c8720, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.743] IUnknown:QueryInterface (in: This=0x9c8720, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.743] IUnknown:AddRef (This=0x9c8720) returned 0x3 [0278.743] IUnknown:QueryInterface (in: This=0x9c8720, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.743] IUnknown:QueryInterface (in: This=0x9c8720, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.743] IUnknown:QueryInterface (in: This=0x9c8720, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c8724) returned 0x0 [0278.744] IMarshal:GetUnmarshalClass (in: This=0x9c8724, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.744] IUnknown:Release (This=0x9c8724) returned 0x3 [0278.744] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.744] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.744] IUnknown:QueryInterface (in: This=0x9c8720, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.744] IUnknown:Release (This=0x9c8720) returned 0x2 [0278.744] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.744] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.744] IUnknown:QueryInterface (in: This=0x9c8720, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c8720) returned 0x0 [0278.744] IUnknown:AddRef (This=0x9c8720) returned 0x4 [0278.744] IUnknown:Release (This=0x9c8720) returned 0x3 [0278.744] IUnknown:Release (This=0x9c8720) returned 0x2 [0278.744] CoTaskMemFree (pv=0x989db0) [0278.744] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.745] IUnknown:AddRef (This=0x9c8720) returned 0x3 [0278.745] IWbemClassObject:Get (in: This=0x9c8720, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.745] IWbemClassObject:Get (in: This=0x9c8720, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5808\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.745] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5808\"") returned 0x66 [0278.745] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5808\"") returned 0x66 [0278.745] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.746] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.746] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.746] IUnknown:Release (This=0x968724) returned 0x1 [0278.748] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989cf0) returned 0x0 [0278.749] WbemDefPath:IUnknown:QueryInterface (in: This=0x989cf0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.749] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989cf0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bf4b0) returned 0x0 [0278.749] WbemDefPath:IUnknown:Release (This=0x989cf0) returned 0x0 [0278.749] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf4b0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bf4b0) returned 0x0 [0278.749] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf4b0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.749] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf4b0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.749] WbemDefPath:IUnknown:AddRef (This=0x9bf4b0) returned 0x3 [0278.749] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf4b0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.749] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf4b0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.749] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf4b0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9c47d0) returned 0x0 [0278.750] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9c47d0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.750] WbemDefPath:IUnknown:Release (This=0x9c47d0) returned 0x3 [0278.750] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.750] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.750] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf4b0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.751] WbemDefPath:IUnknown:Release (This=0x9bf4b0) returned 0x2 [0278.751] WbemDefPath:IUnknown:Release (This=0x9bf4b0) returned 0x1 [0278.751] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.751] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.751] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bf4b0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bf4b0) returned 0x0 [0278.751] WbemDefPath:IUnknown:AddRef (This=0x9bf4b0) returned 0x3 [0278.751] WbemDefPath:IUnknown:Release (This=0x9bf4b0) returned 0x2 [0278.751] WbemDefPath:IWbemPath:SetText (This=0x9bf4b0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5808\"") returned 0x0 [0278.751] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.751] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.751] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.751] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.751] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.751] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.751] IWbemClassObject:Get (in: This=0x9c8720, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f75044*=0, plFlavor=0x2f75048*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16b0, varVal2=0x0), pType=0x2f75044*=19, plFlavor=0x2f75048*=0) returned 0x0 [0278.752] IWbemClassObject:Get (in: This=0x9c8720, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f75044*=19, plFlavor=0x2f75048*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16b0, varVal2=0x0), pType=0x2f75044*=19, plFlavor=0x2f75048*=0) returned 0x0 [0278.752] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.752] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.752] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.752] IWbemClassObject:Get (in: This=0x9c8720, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f75148*=0, plFlavor=0x2f7514c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x2f75148*=8, plFlavor=0x2f7514c*=0) returned 0x0 [0278.752] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0278.752] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0278.752] IWbemClassObject:Get (in: This=0x9c8720, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f75148*=8, plFlavor=0x2f7514c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="filezilla.exe", varVal2=0x0), pType=0x2f75148*=8, plFlavor=0x2f7514c*=0) returned 0x0 [0278.752] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0278.752] SysStringByteLen (bstr="filezilla.exe") returned 0x1a [0278.753] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.753] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.753] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.753] IWbemClassObject:Get (in: This=0x9c8720, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7528c*=0, plFlavor=0x2f75290*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Mail\\filezilla.exe\" ", varVal2=0x0), pType=0x2f7528c*=8, plFlavor=0x2f75290*=0) returned 0x0 [0278.753] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Mail\\filezilla.exe\" ") returned 0x68 [0278.753] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Mail\\filezilla.exe\" ") returned 0x68 [0278.753] IWbemClassObject:Get (in: This=0x9c8720, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7528c*=8, plFlavor=0x2f75290*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Mail\\filezilla.exe\" ", varVal2=0x0), pType=0x2f7528c*=8, plFlavor=0x2f75290*=0) returned 0x0 [0278.753] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Mail\\filezilla.exe\" ") returned 0x68 [0278.753] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Mail\\filezilla.exe\" ") returned 0x68 [0278.753] CoTaskMemAlloc (cb=0x4) returned 0x989cb0 [0278.753] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989cb0, puReturned=0x2f500f0 | out: apObjects=0x989cb0*=0x9c88b8, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.755] IUnknown:QueryInterface (in: This=0x9c88b8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c88b8) returned 0x0 [0278.755] IUnknown:QueryInterface (in: This=0x9c88b8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.755] IUnknown:QueryInterface (in: This=0x9c88b8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.755] IUnknown:QueryInterface (in: This=0x9c88b8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.755] IUnknown:AddRef (This=0x9c88b8) returned 0x3 [0278.755] IUnknown:QueryInterface (in: This=0x9c88b8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.755] IUnknown:QueryInterface (in: This=0x9c88b8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.755] IUnknown:QueryInterface (in: This=0x9c88b8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c88bc) returned 0x0 [0278.755] IMarshal:GetUnmarshalClass (in: This=0x9c88bc, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.755] IUnknown:Release (This=0x9c88bc) returned 0x3 [0278.756] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.756] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.756] IUnknown:QueryInterface (in: This=0x9c88b8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.756] IUnknown:Release (This=0x9c88b8) returned 0x2 [0278.756] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.756] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.756] IUnknown:QueryInterface (in: This=0x9c88b8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c88b8) returned 0x0 [0278.756] IUnknown:AddRef (This=0x9c88b8) returned 0x4 [0278.756] IUnknown:Release (This=0x9c88b8) returned 0x3 [0278.756] IUnknown:Release (This=0x9c88b8) returned 0x2 [0278.756] CoTaskMemFree (pv=0x989cb0) [0278.756] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.756] IUnknown:AddRef (This=0x9c88b8) returned 0x3 [0278.756] IWbemClassObject:Get (in: This=0x9c88b8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.757] IWbemClassObject:Get (in: This=0x9c88b8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5816\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.757] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5816\"") returned 0x66 [0278.757] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5816\"") returned 0x66 [0278.757] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.757] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.757] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.757] IUnknown:Release (This=0x968724) returned 0x1 [0278.759] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989dd0) returned 0x0 [0278.759] WbemDefPath:IUnknown:QueryInterface (in: This=0x989dd0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.759] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989dd0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bfc20) returned 0x0 [0278.760] WbemDefPath:IUnknown:Release (This=0x989dd0) returned 0x0 [0278.760] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc20, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bfc20) returned 0x0 [0278.760] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc20, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.760] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc20, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.760] WbemDefPath:IUnknown:AddRef (This=0x9bfc20) returned 0x3 [0278.760] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc20, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.760] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc20, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.760] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc20, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cb8c0) returned 0x0 [0278.760] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cb8c0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.760] WbemDefPath:IUnknown:Release (This=0x9cb8c0) returned 0x3 [0278.760] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.761] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.761] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc20, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.761] WbemDefPath:IUnknown:Release (This=0x9bfc20) returned 0x2 [0278.761] WbemDefPath:IUnknown:Release (This=0x9bfc20) returned 0x1 [0278.761] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.761] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.761] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc20, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bfc20) returned 0x0 [0278.761] WbemDefPath:IUnknown:AddRef (This=0x9bfc20) returned 0x3 [0278.761] WbemDefPath:IUnknown:Release (This=0x9bfc20) returned 0x2 [0278.761] WbemDefPath:IWbemPath:SetText (This=0x9bfc20, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5816\"") returned 0x0 [0278.762] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.762] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.762] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.762] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.762] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.762] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.762] IWbemClassObject:Get (in: This=0x9c88b8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f75cf8*=0, plFlavor=0x2f75cfc*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16b8, varVal2=0x0), pType=0x2f75cf8*=19, plFlavor=0x2f75cfc*=0) returned 0x0 [0278.763] IWbemClassObject:Get (in: This=0x9c88b8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f75cf8*=19, plFlavor=0x2f75cfc*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16b8, varVal2=0x0), pType=0x2f75cf8*=19, plFlavor=0x2f75cfc*=0) returned 0x0 [0278.763] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.763] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.763] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.763] IWbemClassObject:Get (in: This=0x9c88b8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f75dfc*=0, plFlavor=0x2f75e00*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x2f75dfc*=8, plFlavor=0x2f75e00*=0) returned 0x0 [0278.763] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0278.763] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0278.763] IWbemClassObject:Get (in: This=0x9c88b8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f75dfc*=8, plFlavor=0x2f75e00*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="flashfxp.exe", varVal2=0x0), pType=0x2f75dfc*=8, plFlavor=0x2f75e00*=0) returned 0x0 [0278.763] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0278.763] SysStringByteLen (bstr="flashfxp.exe") returned 0x18 [0278.764] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.764] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.764] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.764] IWbemClassObject:Get (in: This=0x9c88b8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f75f40*=0, plFlavor=0x2f75f44*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Multimedia Platform\\flashfxp.exe\" ", varVal2=0x0), pType=0x2f75f40*=8, plFlavor=0x2f75f44*=0) returned 0x0 [0278.764] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Multimedia Platform\\flashfxp.exe\" ") returned 0x78 [0278.764] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Multimedia Platform\\flashfxp.exe\" ") returned 0x78 [0278.764] IWbemClassObject:Get (in: This=0x9c88b8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f75f40*=8, plFlavor=0x2f75f44*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Multimedia Platform\\flashfxp.exe\" ", varVal2=0x0), pType=0x2f75f40*=8, plFlavor=0x2f75f44*=0) returned 0x0 [0278.764] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Multimedia Platform\\flashfxp.exe\" ") returned 0x78 [0278.764] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Multimedia Platform\\flashfxp.exe\" ") returned 0x78 [0278.765] CoTaskMemAlloc (cb=0x4) returned 0x989c90 [0278.765] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989c90, puReturned=0x2f500f0 | out: apObjects=0x989c90*=0x9c9d70, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.785] IUnknown:QueryInterface (in: This=0x9c9d70, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c9d70) returned 0x0 [0278.786] IUnknown:QueryInterface (in: This=0x9c9d70, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.786] IUnknown:QueryInterface (in: This=0x9c9d70, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.786] IUnknown:QueryInterface (in: This=0x9c9d70, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.786] IUnknown:AddRef (This=0x9c9d70) returned 0x3 [0278.786] IUnknown:QueryInterface (in: This=0x9c9d70, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.786] IUnknown:QueryInterface (in: This=0x9c9d70, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.786] IUnknown:QueryInterface (in: This=0x9c9d70, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c9d74) returned 0x0 [0278.787] IMarshal:GetUnmarshalClass (in: This=0x9c9d74, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.787] IUnknown:Release (This=0x9c9d74) returned 0x3 [0278.787] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.787] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.787] IUnknown:QueryInterface (in: This=0x9c9d70, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.787] IUnknown:Release (This=0x9c9d70) returned 0x2 [0278.787] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.787] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.787] IUnknown:QueryInterface (in: This=0x9c9d70, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c9d70) returned 0x0 [0278.787] IUnknown:AddRef (This=0x9c9d70) returned 0x4 [0278.787] IUnknown:Release (This=0x9c9d70) returned 0x3 [0278.787] IUnknown:Release (This=0x9c9d70) returned 0x2 [0278.787] CoTaskMemFree (pv=0x989c90) [0278.787] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.787] IUnknown:AddRef (This=0x9c9d70) returned 0x3 [0278.788] IWbemClassObject:Get (in: This=0x9c9d70, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.788] IWbemClassObject:Get (in: This=0x9c9d70, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5824\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.788] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5824\"") returned 0x66 [0278.788] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5824\"") returned 0x66 [0278.788] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.788] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.789] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.789] IUnknown:Release (This=0x968724) returned 0x1 [0278.790] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989ce0) returned 0x0 [0278.791] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ce0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.791] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ce0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9bfc90) returned 0x0 [0278.791] WbemDefPath:IUnknown:Release (This=0x989ce0) returned 0x0 [0278.791] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc90, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9bfc90) returned 0x0 [0278.791] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc90, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.791] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc90, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.791] WbemDefPath:IUnknown:AddRef (This=0x9bfc90) returned 0x3 [0278.791] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc90, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.792] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc90, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.792] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc90, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cbbf0) returned 0x0 [0278.792] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cbbf0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.792] WbemDefPath:IUnknown:Release (This=0x9cbbf0) returned 0x3 [0278.792] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.792] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.792] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc90, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.792] WbemDefPath:IUnknown:Release (This=0x9bfc90) returned 0x2 [0278.792] WbemDefPath:IUnknown:Release (This=0x9bfc90) returned 0x1 [0278.792] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.792] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.792] WbemDefPath:IUnknown:QueryInterface (in: This=0x9bfc90, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9bfc90) returned 0x0 [0278.792] WbemDefPath:IUnknown:AddRef (This=0x9bfc90) returned 0x3 [0278.800] WbemDefPath:IUnknown:Release (This=0x9bfc90) returned 0x2 [0278.800] WbemDefPath:IWbemPath:SetText (This=0x9bfc90, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5824\"") returned 0x0 [0278.801] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.801] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.801] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.801] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.801] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.801] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.801] IWbemClassObject:Get (in: This=0x9c9d70, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f769e4*=0, plFlavor=0x2f769e8*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16c0, varVal2=0x0), pType=0x2f769e4*=19, plFlavor=0x2f769e8*=0) returned 0x0 [0278.802] IWbemClassObject:Get (in: This=0x9c9d70, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f769e4*=19, plFlavor=0x2f769e8*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16c0, varVal2=0x0), pType=0x2f769e4*=19, plFlavor=0x2f769e8*=0) returned 0x0 [0278.802] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.802] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.802] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.802] IWbemClassObject:Get (in: This=0x9c9d70, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f76ae8*=0, plFlavor=0x2f76aec*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x2f76ae8*=8, plFlavor=0x2f76aec*=0) returned 0x0 [0278.802] SysStringByteLen (bstr="fling.exe") returned 0x12 [0278.802] SysStringByteLen (bstr="fling.exe") returned 0x12 [0278.802] IWbemClassObject:Get (in: This=0x9c9d70, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f76ae8*=8, plFlavor=0x2f76aec*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fling.exe", varVal2=0x0), pType=0x2f76ae8*=8, plFlavor=0x2f76aec*=0) returned 0x0 [0278.803] SysStringByteLen (bstr="fling.exe") returned 0x12 [0278.803] SysStringByteLen (bstr="fling.exe") returned 0x12 [0278.803] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.803] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.803] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.803] IWbemClassObject:Get (in: This=0x9c9d70, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f76c1c*=0, plFlavor=0x2f76c20*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Media Player\\fling.exe\" ", varVal2=0x0), pType=0x2f76c1c*=8, plFlavor=0x2f76c20*=0) returned 0x0 [0278.803] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\fling.exe\" ") returned 0x70 [0278.803] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\fling.exe\" ") returned 0x70 [0278.803] IWbemClassObject:Get (in: This=0x9c9d70, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f76c1c*=8, plFlavor=0x2f76c20*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Media Player\\fling.exe\" ", varVal2=0x0), pType=0x2f76c1c*=8, plFlavor=0x2f76c20*=0) returned 0x0 [0278.803] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\fling.exe\" ") returned 0x70 [0278.803] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Media Player\\fling.exe\" ") returned 0x70 [0278.803] CoTaskMemAlloc (cb=0x4) returned 0x989da0 [0278.803] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989da0, puReturned=0x2f500f0 | out: apObjects=0x989da0*=0x9c7f28, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.805] IUnknown:QueryInterface (in: This=0x9c7f28, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c7f28) returned 0x0 [0278.805] IUnknown:QueryInterface (in: This=0x9c7f28, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.805] IUnknown:QueryInterface (in: This=0x9c7f28, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.805] IUnknown:QueryInterface (in: This=0x9c7f28, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.806] IUnknown:AddRef (This=0x9c7f28) returned 0x3 [0278.806] IUnknown:QueryInterface (in: This=0x9c7f28, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.806] IUnknown:QueryInterface (in: This=0x9c7f28, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.806] IUnknown:QueryInterface (in: This=0x9c7f28, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c7f2c) returned 0x0 [0278.806] IMarshal:GetUnmarshalClass (in: This=0x9c7f2c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.806] IUnknown:Release (This=0x9c7f2c) returned 0x3 [0278.806] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.806] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.806] IUnknown:QueryInterface (in: This=0x9c7f28, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.806] IUnknown:Release (This=0x9c7f28) returned 0x2 [0278.806] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.806] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.806] IUnknown:QueryInterface (in: This=0x9c7f28, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c7f28) returned 0x0 [0278.806] IUnknown:AddRef (This=0x9c7f28) returned 0x4 [0278.806] IUnknown:Release (This=0x9c7f28) returned 0x3 [0278.806] IUnknown:Release (This=0x9c7f28) returned 0x2 [0278.807] CoTaskMemFree (pv=0x989da0) [0278.807] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.807] IUnknown:AddRef (This=0x9c7f28) returned 0x3 [0278.807] IWbemClassObject:Get (in: This=0x9c7f28, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.807] IWbemClassObject:Get (in: This=0x9c7f28, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5832\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.807] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5832\"") returned 0x66 [0278.807] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5832\"") returned 0x66 [0278.808] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.808] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.808] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.808] IUnknown:Release (This=0x968724) returned 0x1 [0278.811] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989ce0) returned 0x0 [0278.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ce0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.811] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ce0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9cd848) returned 0x0 [0278.811] WbemDefPath:IUnknown:Release (This=0x989ce0) returned 0x0 [0278.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd848, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9cd848) returned 0x0 [0278.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd848, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.811] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd848, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.812] WbemDefPath:IUnknown:AddRef (This=0x9cd848) returned 0x3 [0278.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd848, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd848, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd848, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cbce0) returned 0x0 [0278.812] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cbce0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.812] WbemDefPath:IUnknown:Release (This=0x9cbce0) returned 0x3 [0278.812] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.812] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd848, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.812] WbemDefPath:IUnknown:Release (This=0x9cd848) returned 0x2 [0278.812] WbemDefPath:IUnknown:Release (This=0x9cd848) returned 0x1 [0278.812] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.812] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.812] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd848, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9cd848) returned 0x0 [0278.812] WbemDefPath:IUnknown:AddRef (This=0x9cd848) returned 0x3 [0278.812] WbemDefPath:IUnknown:Release (This=0x9cd848) returned 0x2 [0278.812] WbemDefPath:IWbemPath:SetText (This=0x9cd848, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5832\"") returned 0x0 [0278.813] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.813] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.813] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.813] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.813] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.813] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.813] IWbemClassObject:Get (in: This=0x9c7f28, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f77698*=0, plFlavor=0x2f7769c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16c8, varVal2=0x0), pType=0x2f77698*=19, plFlavor=0x2f7769c*=0) returned 0x0 [0278.813] IWbemClassObject:Get (in: This=0x9c7f28, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f77698*=19, plFlavor=0x2f7769c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16c8, varVal2=0x0), pType=0x2f77698*=19, plFlavor=0x2f7769c*=0) returned 0x0 [0278.813] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.814] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.814] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.814] IWbemClassObject:Get (in: This=0x9c7f28, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7779c*=0, plFlavor=0x2f777a0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x2f7779c*=8, plFlavor=0x2f777a0*=0) returned 0x0 [0278.814] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0278.814] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0278.814] IWbemClassObject:Get (in: This=0x9c7f28, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7779c*=8, plFlavor=0x2f777a0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="foxmailincmail.exe", varVal2=0x0), pType=0x2f7779c*=8, plFlavor=0x2f777a0*=0) returned 0x0 [0278.814] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0278.814] SysStringByteLen (bstr="foxmailincmail.exe") returned 0x24 [0278.814] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.814] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.814] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.814] IWbemClassObject:Get (in: This=0x9c7f28, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f778f8*=0, plFlavor=0x2f778fc*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Java\\foxmailincmail.exe\" ", varVal2=0x0), pType=0x2f778f8*=8, plFlavor=0x2f778fc*=0) returned 0x0 [0278.814] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Java\\foxmailincmail.exe\" ") returned 0x62 [0278.814] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Java\\foxmailincmail.exe\" ") returned 0x62 [0278.815] IWbemClassObject:Get (in: This=0x9c7f28, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f778f8*=8, plFlavor=0x2f778fc*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Java\\foxmailincmail.exe\" ", varVal2=0x0), pType=0x2f778f8*=8, plFlavor=0x2f778fc*=0) returned 0x0 [0278.815] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Java\\foxmailincmail.exe\" ") returned 0x62 [0278.815] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Java\\foxmailincmail.exe\" ") returned 0x62 [0278.815] CoTaskMemAlloc (cb=0x4) returned 0x989d20 [0278.815] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d20, puReturned=0x2f500f0 | out: apObjects=0x989d20*=0x9c8a50, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.816] IUnknown:QueryInterface (in: This=0x9c8a50, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c8a50) returned 0x0 [0278.816] IUnknown:QueryInterface (in: This=0x9c8a50, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.817] IUnknown:QueryInterface (in: This=0x9c8a50, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.817] IUnknown:QueryInterface (in: This=0x9c8a50, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.817] IUnknown:AddRef (This=0x9c8a50) returned 0x3 [0278.817] IUnknown:QueryInterface (in: This=0x9c8a50, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.817] IUnknown:QueryInterface (in: This=0x9c8a50, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.817] IUnknown:QueryInterface (in: This=0x9c8a50, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c8a54) returned 0x0 [0278.817] IMarshal:GetUnmarshalClass (in: This=0x9c8a54, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.817] IUnknown:Release (This=0x9c8a54) returned 0x3 [0278.817] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.817] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.817] IUnknown:QueryInterface (in: This=0x9c8a50, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.818] IUnknown:Release (This=0x9c8a50) returned 0x2 [0278.818] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.818] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.818] IUnknown:QueryInterface (in: This=0x9c8a50, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c8a50) returned 0x0 [0278.818] IUnknown:AddRef (This=0x9c8a50) returned 0x4 [0278.818] IUnknown:Release (This=0x9c8a50) returned 0x3 [0278.818] IUnknown:Release (This=0x9c8a50) returned 0x2 [0278.818] CoTaskMemFree (pv=0x989d20) [0278.818] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.818] IUnknown:AddRef (This=0x9c8a50) returned 0x3 [0278.818] IWbemClassObject:Get (in: This=0x9c8a50, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.819] IWbemClassObject:Get (in: This=0x9c8a50, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5848\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.819] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5848\"") returned 0x66 [0278.819] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5848\"") returned 0x66 [0278.819] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.819] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.819] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.819] IUnknown:Release (This=0x968724) returned 0x1 [0278.821] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e50) returned 0x0 [0278.822] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e50, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.822] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e50, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9ce028) returned 0x0 [0278.822] WbemDefPath:IUnknown:Release (This=0x989e50) returned 0x0 [0278.822] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce028, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9ce028) returned 0x0 [0278.822] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce028, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.822] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce028, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.822] WbemDefPath:IUnknown:AddRef (This=0x9ce028) returned 0x3 [0278.822] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce028, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.822] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce028, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.822] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce028, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cc040) returned 0x0 [0278.823] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cc040, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.823] WbemDefPath:IUnknown:Release (This=0x9cc040) returned 0x3 [0278.823] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.823] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.823] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce028, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.823] WbemDefPath:IUnknown:Release (This=0x9ce028) returned 0x2 [0278.823] WbemDefPath:IUnknown:Release (This=0x9ce028) returned 0x1 [0278.823] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.823] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.823] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce028, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9ce028) returned 0x0 [0278.823] WbemDefPath:IUnknown:AddRef (This=0x9ce028) returned 0x3 [0278.823] WbemDefPath:IUnknown:Release (This=0x9ce028) returned 0x2 [0278.823] WbemDefPath:IWbemPath:SetText (This=0x9ce028, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5848\"") returned 0x0 [0278.823] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.823] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.823] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.823] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.823] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.824] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.870] IWbemClassObject:Get (in: This=0x9c8a50, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f78364*=0, plFlavor=0x2f78368*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16d8, varVal2=0x0), pType=0x2f78364*=19, plFlavor=0x2f78368*=0) returned 0x0 [0278.871] IWbemClassObject:Get (in: This=0x9c8a50, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f78364*=19, plFlavor=0x2f78368*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16d8, varVal2=0x0), pType=0x2f78364*=19, plFlavor=0x2f78368*=0) returned 0x0 [0278.871] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.872] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.872] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.872] IWbemClassObject:Get (in: This=0x9c8a50, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f78468*=0, plFlavor=0x2f7846c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x2f78468*=8, plFlavor=0x2f7846c*=0) returned 0x0 [0278.872] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0278.872] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0278.872] IWbemClassObject:Get (in: This=0x9c8a50, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f78468*=8, plFlavor=0x2f7846c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gmailnotifierpro.exe", varVal2=0x0), pType=0x2f78468*=8, plFlavor=0x2f7846c*=0) returned 0x0 [0278.872] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0278.872] SysStringByteLen (bstr="gmailnotifierpro.exe") returned 0x28 [0278.872] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.872] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.872] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.872] IWbemClassObject:Get (in: This=0x9c8a50, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f785cc*=0, plFlavor=0x2f785d0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Media Player\\gmailnotifierpro.exe\" ", varVal2=0x0), pType=0x2f785cc*=8, plFlavor=0x2f785d0*=0) returned 0x0 [0278.872] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Media Player\\gmailnotifierpro.exe\" ") returned 0x7a [0278.872] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Media Player\\gmailnotifierpro.exe\" ") returned 0x7a [0278.872] IWbemClassObject:Get (in: This=0x9c8a50, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f785cc*=8, plFlavor=0x2f785d0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Media Player\\gmailnotifierpro.exe\" ", varVal2=0x0), pType=0x2f785cc*=8, plFlavor=0x2f785d0*=0) returned 0x0 [0278.873] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Media Player\\gmailnotifierpro.exe\" ") returned 0x7a [0278.873] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Media Player\\gmailnotifierpro.exe\" ") returned 0x7a [0278.873] CoTaskMemAlloc (cb=0x4) returned 0x989cd0 [0278.873] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989cd0, puReturned=0x2f500f0 | out: apObjects=0x989cd0*=0x9c9bd8, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.874] IUnknown:QueryInterface (in: This=0x9c9bd8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c9bd8) returned 0x0 [0278.874] IUnknown:QueryInterface (in: This=0x9c9bd8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.874] IUnknown:QueryInterface (in: This=0x9c9bd8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.874] IUnknown:QueryInterface (in: This=0x9c9bd8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.875] IUnknown:AddRef (This=0x9c9bd8) returned 0x3 [0278.875] IUnknown:QueryInterface (in: This=0x9c9bd8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.875] IUnknown:QueryInterface (in: This=0x9c9bd8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.875] IUnknown:QueryInterface (in: This=0x9c9bd8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c9bdc) returned 0x0 [0278.875] IMarshal:GetUnmarshalClass (in: This=0x9c9bdc, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.875] IUnknown:Release (This=0x9c9bdc) returned 0x3 [0278.875] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.875] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.875] IUnknown:QueryInterface (in: This=0x9c9bd8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.875] IUnknown:Release (This=0x9c9bd8) returned 0x2 [0278.876] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.876] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.876] IUnknown:QueryInterface (in: This=0x9c9bd8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c9bd8) returned 0x0 [0278.876] IUnknown:AddRef (This=0x9c9bd8) returned 0x4 [0278.876] IUnknown:Release (This=0x9c9bd8) returned 0x3 [0278.876] IUnknown:Release (This=0x9c9bd8) returned 0x2 [0278.876] CoTaskMemFree (pv=0x989cd0) [0278.876] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.876] IUnknown:AddRef (This=0x9c9bd8) returned 0x3 [0278.876] IWbemClassObject:Get (in: This=0x9c9bd8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.876] IWbemClassObject:Get (in: This=0x9c9bd8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5856\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.876] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5856\"") returned 0x66 [0278.876] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5856\"") returned 0x66 [0278.877] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.877] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.877] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.877] IUnknown:Release (This=0x968724) returned 0x1 [0278.878] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989cd0) returned 0x0 [0278.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x989cd0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.879] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989cd0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9cdca8) returned 0x0 [0278.879] WbemDefPath:IUnknown:Release (This=0x989cd0) returned 0x0 [0278.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdca8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9cdca8) returned 0x0 [0278.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdca8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdca8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.879] WbemDefPath:IUnknown:AddRef (This=0x9cdca8) returned 0x3 [0278.880] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdca8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.880] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdca8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.880] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdca8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cbfe0) returned 0x0 [0278.880] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cbfe0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.880] WbemDefPath:IUnknown:Release (This=0x9cbfe0) returned 0x3 [0278.880] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.880] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.880] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdca8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.880] WbemDefPath:IUnknown:Release (This=0x9cdca8) returned 0x2 [0278.880] WbemDefPath:IUnknown:Release (This=0x9cdca8) returned 0x1 [0278.880] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.880] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.880] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdca8, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9cdca8) returned 0x0 [0278.881] WbemDefPath:IUnknown:AddRef (This=0x9cdca8) returned 0x3 [0278.881] WbemDefPath:IUnknown:Release (This=0x9cdca8) returned 0x2 [0278.881] WbemDefPath:IWbemPath:SetText (This=0x9cdca8, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5856\"") returned 0x0 [0278.881] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.881] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.881] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.881] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.881] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.881] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.881] IWbemClassObject:Get (in: This=0x9c9bd8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f79078*=0, plFlavor=0x2f7907c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16e0, varVal2=0x0), pType=0x2f79078*=19, plFlavor=0x2f7907c*=0) returned 0x0 [0278.881] IWbemClassObject:Get (in: This=0x9c9bd8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f79078*=19, plFlavor=0x2f7907c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16e0, varVal2=0x0), pType=0x2f79078*=19, plFlavor=0x2f7907c*=0) returned 0x0 [0278.881] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.882] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.882] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.882] IWbemClassObject:Get (in: This=0x9c9bd8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7917c*=0, plFlavor=0x2f79180*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x2f7917c*=8, plFlavor=0x2f79180*=0) returned 0x0 [0278.882] SysStringByteLen (bstr="icq.exe") returned 0xe [0278.882] SysStringByteLen (bstr="icq.exe") returned 0xe [0278.882] IWbemClassObject:Get (in: This=0x9c9bd8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7917c*=8, plFlavor=0x2f79180*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="icq.exe", varVal2=0x0), pType=0x2f7917c*=8, plFlavor=0x2f79180*=0) returned 0x0 [0278.882] SysStringByteLen (bstr="icq.exe") returned 0xe [0278.882] SysStringByteLen (bstr="icq.exe") returned 0xe [0278.882] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.882] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.882] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.882] IWbemClassObject:Get (in: This=0x9c9bd8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f792a8*=0, plFlavor=0x2f792ac*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\icq.exe\" ", varVal2=0x0), pType=0x2f792a8*=8, plFlavor=0x2f792ac*=0) returned 0x0 [0278.882] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\icq.exe\" ") returned 0x8e [0278.882] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\icq.exe\" ") returned 0x8e [0278.882] IWbemClassObject:Get (in: This=0x9c9bd8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f792a8*=8, plFlavor=0x2f792ac*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\icq.exe\" ", varVal2=0x0), pType=0x2f792a8*=8, plFlavor=0x2f792ac*=0) returned 0x0 [0278.882] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\icq.exe\" ") returned 0x8e [0278.882] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\icq.exe\" ") returned 0x8e [0278.883] CoTaskMemAlloc (cb=0x4) returned 0x989ca0 [0278.883] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989ca0, puReturned=0x2f500f0 | out: apObjects=0x989ca0*=0x9c8be8, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.884] IUnknown:QueryInterface (in: This=0x9c8be8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c8be8) returned 0x0 [0278.884] IUnknown:QueryInterface (in: This=0x9c8be8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.884] IUnknown:QueryInterface (in: This=0x9c8be8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.884] IUnknown:QueryInterface (in: This=0x9c8be8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.884] IUnknown:AddRef (This=0x9c8be8) returned 0x3 [0278.884] IUnknown:QueryInterface (in: This=0x9c8be8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.884] IUnknown:QueryInterface (in: This=0x9c8be8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.885] IUnknown:QueryInterface (in: This=0x9c8be8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c8bec) returned 0x0 [0278.885] IMarshal:GetUnmarshalClass (in: This=0x9c8bec, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.885] IUnknown:Release (This=0x9c8bec) returned 0x3 [0278.885] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.885] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.885] IUnknown:QueryInterface (in: This=0x9c8be8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.885] IUnknown:Release (This=0x9c8be8) returned 0x2 [0278.885] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.885] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.885] IUnknown:QueryInterface (in: This=0x9c8be8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c8be8) returned 0x0 [0278.885] IUnknown:AddRef (This=0x9c8be8) returned 0x4 [0278.885] IUnknown:Release (This=0x9c8be8) returned 0x3 [0278.885] IUnknown:Release (This=0x9c8be8) returned 0x2 [0278.885] CoTaskMemFree (pv=0x989ca0) [0278.885] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.885] IUnknown:AddRef (This=0x9c8be8) returned 0x3 [0278.886] IWbemClassObject:Get (in: This=0x9c8be8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.886] IWbemClassObject:Get (in: This=0x9c8be8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5864\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.887] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5864\"") returned 0x66 [0278.887] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5864\"") returned 0x66 [0278.887] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.887] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.887] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.887] IUnknown:Release (This=0x968724) returned 0x1 [0278.889] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989dd0) returned 0x0 [0278.889] WbemDefPath:IUnknown:QueryInterface (in: This=0x989dd0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.889] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989dd0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9ce098) returned 0x0 [0278.889] WbemDefPath:IUnknown:Release (This=0x989dd0) returned 0x0 [0278.890] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce098, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9ce098) returned 0x0 [0278.890] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce098, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.890] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce098, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.890] WbemDefPath:IUnknown:AddRef (This=0x9ce098) returned 0x3 [0278.890] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce098, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.890] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce098, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.890] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce098, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cc178) returned 0x0 [0278.891] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cc178, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.891] WbemDefPath:IUnknown:Release (This=0x9cc178) returned 0x3 [0278.891] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.891] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce098, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.891] WbemDefPath:IUnknown:Release (This=0x9ce098) returned 0x2 [0278.891] WbemDefPath:IUnknown:Release (This=0x9ce098) returned 0x1 [0278.891] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.891] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.891] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce098, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9ce098) returned 0x0 [0278.892] WbemDefPath:IUnknown:AddRef (This=0x9ce098) returned 0x3 [0278.892] WbemDefPath:IUnknown:Release (This=0x9ce098) returned 0x2 [0278.892] WbemDefPath:IWbemPath:SetText (This=0x9ce098, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5864\"") returned 0x0 [0278.892] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.892] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.892] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.892] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.892] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.892] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.892] IWbemClassObject:Get (in: This=0x9c8be8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f79d74*=0, plFlavor=0x2f79d78*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16e8, varVal2=0x0), pType=0x2f79d74*=19, plFlavor=0x2f79d78*=0) returned 0x0 [0278.892] IWbemClassObject:Get (in: This=0x9c8be8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f79d74*=19, plFlavor=0x2f79d78*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16e8, varVal2=0x0), pType=0x2f79d74*=19, plFlavor=0x2f79d78*=0) returned 0x0 [0278.892] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.892] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.893] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.893] IWbemClassObject:Get (in: This=0x9c8be8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f79e78*=0, plFlavor=0x2f79e7c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x2f79e78*=8, plFlavor=0x2f79e7c*=0) returned 0x0 [0278.893] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0278.893] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0278.893] IWbemClassObject:Get (in: This=0x9c8be8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f79e78*=8, plFlavor=0x2f79e7c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="operamail.exe", varVal2=0x0), pType=0x2f79e78*=8, plFlavor=0x2f79e7c*=0) returned 0x0 [0278.893] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0278.893] SysStringByteLen (bstr="operamail.exe") returned 0x1a [0278.893] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.893] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.893] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.893] IWbemClassObject:Get (in: This=0x9c8be8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f79fbc*=0, plFlavor=0x2f79fc0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\WindowsPowerShell\\operamail.exe\" ", varVal2=0x0), pType=0x2f79fbc*=8, plFlavor=0x2f79fc0*=0) returned 0x0 [0278.893] SysStringByteLen (bstr="\"C:\\Program Files\\WindowsPowerShell\\operamail.exe\" ") returned 0x66 [0278.894] SysStringByteLen (bstr="\"C:\\Program Files\\WindowsPowerShell\\operamail.exe\" ") returned 0x66 [0278.894] IWbemClassObject:Get (in: This=0x9c8be8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f79fbc*=8, plFlavor=0x2f79fc0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\WindowsPowerShell\\operamail.exe\" ", varVal2=0x0), pType=0x2f79fbc*=8, plFlavor=0x2f79fc0*=0) returned 0x0 [0278.894] SysStringByteLen (bstr="\"C:\\Program Files\\WindowsPowerShell\\operamail.exe\" ") returned 0x66 [0278.894] SysStringByteLen (bstr="\"C:\\Program Files\\WindowsPowerShell\\operamail.exe\" ") returned 0x66 [0278.894] CoTaskMemAlloc (cb=0x4) returned 0x989d20 [0278.894] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d20, puReturned=0x2f500f0 | out: apObjects=0x989d20*=0x9c8588, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.964] IUnknown:QueryInterface (in: This=0x9c8588, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c8588) returned 0x0 [0278.966] IUnknown:QueryInterface (in: This=0x9c8588, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.966] IUnknown:QueryInterface (in: This=0x9c8588, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.966] IUnknown:QueryInterface (in: This=0x9c8588, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.966] IUnknown:AddRef (This=0x9c8588) returned 0x3 [0278.966] IUnknown:QueryInterface (in: This=0x9c8588, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.966] IUnknown:QueryInterface (in: This=0x9c8588, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.966] IUnknown:QueryInterface (in: This=0x9c8588, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c858c) returned 0x0 [0278.966] IMarshal:GetUnmarshalClass (in: This=0x9c858c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.966] IUnknown:Release (This=0x9c858c) returned 0x3 [0278.966] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.967] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.967] IUnknown:QueryInterface (in: This=0x9c8588, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.967] IUnknown:Release (This=0x9c8588) returned 0x2 [0278.967] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.967] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.967] IUnknown:QueryInterface (in: This=0x9c8588, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c8588) returned 0x0 [0278.967] IUnknown:AddRef (This=0x9c8588) returned 0x4 [0278.967] IUnknown:Release (This=0x9c8588) returned 0x3 [0278.967] IUnknown:Release (This=0x9c8588) returned 0x2 [0278.967] CoTaskMemFree (pv=0x989d20) [0278.967] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.967] IUnknown:AddRef (This=0x9c8588) returned 0x3 [0278.967] IWbemClassObject:Get (in: This=0x9c8588, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.968] IWbemClassObject:Get (in: This=0x9c8588, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5884\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.968] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5884\"") returned 0x66 [0278.968] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5884\"") returned 0x66 [0278.968] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.968] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.968] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.968] IUnknown:Release (This=0x968724) returned 0x1 [0278.970] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e70) returned 0x0 [0278.970] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e70, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.970] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e70, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9cdae8) returned 0x0 [0278.970] WbemDefPath:IUnknown:Release (This=0x989e70) returned 0x0 [0278.970] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdae8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9cdae8) returned 0x0 [0278.970] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdae8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.970] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdae8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.971] WbemDefPath:IUnknown:AddRef (This=0x9cdae8) returned 0x3 [0278.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdae8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdae8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdae8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cc3d0) returned 0x0 [0278.971] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cc3d0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.971] WbemDefPath:IUnknown:Release (This=0x9cc3d0) returned 0x3 [0278.971] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.971] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdae8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.971] WbemDefPath:IUnknown:Release (This=0x9cdae8) returned 0x2 [0278.971] WbemDefPath:IUnknown:Release (This=0x9cdae8) returned 0x1 [0278.971] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.971] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.971] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdae8, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9cdae8) returned 0x0 [0278.971] WbemDefPath:IUnknown:AddRef (This=0x9cdae8) returned 0x3 [0278.971] WbemDefPath:IUnknown:Release (This=0x9cdae8) returned 0x2 [0278.971] WbemDefPath:IWbemPath:SetText (This=0x9cdae8, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5884\"") returned 0x0 [0278.972] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.972] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.973] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.973] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.973] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.973] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.973] IWbemClassObject:Get (in: This=0x9c8588, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7aa28*=0, plFlavor=0x2f7aa2c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16fc, varVal2=0x0), pType=0x2f7aa28*=19, plFlavor=0x2f7aa2c*=0) returned 0x0 [0278.973] IWbemClassObject:Get (in: This=0x9c8588, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7aa28*=19, plFlavor=0x2f7aa2c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x16fc, varVal2=0x0), pType=0x2f7aa28*=19, plFlavor=0x2f7aa2c*=0) returned 0x0 [0278.973] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.973] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.973] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.973] IWbemClassObject:Get (in: This=0x9c8588, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7ab2c*=0, plFlavor=0x2f7ab30*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x2f7ab2c*=8, plFlavor=0x2f7ab30*=0) returned 0x0 [0278.974] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0278.974] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0278.974] IWbemClassObject:Get (in: This=0x9c8588, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7ab2c*=8, plFlavor=0x2f7ab30*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="notepad.exe", varVal2=0x0), pType=0x2f7ab2c*=8, plFlavor=0x2f7ab30*=0) returned 0x0 [0278.974] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0278.974] SysStringByteLen (bstr="notepad.exe") returned 0x16 [0278.974] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.974] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.974] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.974] IWbemClassObject:Get (in: This=0x9c8588, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7ac68*=0, plFlavor=0x2f7ac6c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\notepad.exe\" ", varVal2=0x0), pType=0x2f7ac68*=8, plFlavor=0x2f7ac6c*=0) returned 0x0 [0278.974] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\notepad.exe\" ") returned 0x62 [0278.974] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\notepad.exe\" ") returned 0x62 [0278.974] IWbemClassObject:Get (in: This=0x9c8588, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7ac68*=8, plFlavor=0x2f7ac6c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\notepad.exe\" ", varVal2=0x0), pType=0x2f7ac68*=8, plFlavor=0x2f7ac6c*=0) returned 0x0 [0278.974] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\notepad.exe\" ") returned 0x62 [0278.974] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\notepad.exe\" ") returned 0x62 [0278.974] CoTaskMemAlloc (cb=0x4) returned 0x989ce0 [0278.974] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989ce0, puReturned=0x2f500f0 | out: apObjects=0x989ce0*=0x9c80c0, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.976] IUnknown:QueryInterface (in: This=0x9c80c0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c80c0) returned 0x0 [0278.976] IUnknown:QueryInterface (in: This=0x9c80c0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.976] IUnknown:QueryInterface (in: This=0x9c80c0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.976] IUnknown:QueryInterface (in: This=0x9c80c0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.976] IUnknown:AddRef (This=0x9c80c0) returned 0x3 [0278.976] IUnknown:QueryInterface (in: This=0x9c80c0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.976] IUnknown:QueryInterface (in: This=0x9c80c0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.976] IUnknown:QueryInterface (in: This=0x9c80c0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c80c4) returned 0x0 [0278.976] IMarshal:GetUnmarshalClass (in: This=0x9c80c4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.977] IUnknown:Release (This=0x9c80c4) returned 0x3 [0278.977] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.977] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.977] IUnknown:QueryInterface (in: This=0x9c80c0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.977] IUnknown:Release (This=0x9c80c0) returned 0x2 [0278.977] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.977] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.977] IUnknown:QueryInterface (in: This=0x9c80c0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c80c0) returned 0x0 [0278.977] IUnknown:AddRef (This=0x9c80c0) returned 0x4 [0278.977] IUnknown:Release (This=0x9c80c0) returned 0x3 [0278.977] IUnknown:Release (This=0x9c80c0) returned 0x2 [0278.977] CoTaskMemFree (pv=0x989ce0) [0278.977] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.977] IUnknown:AddRef (This=0x9c80c0) returned 0x3 [0278.977] IWbemClassObject:Get (in: This=0x9c80c0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.978] IWbemClassObject:Get (in: This=0x9c80c0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5896\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.978] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5896\"") returned 0x66 [0278.978] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5896\"") returned 0x66 [0278.978] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.978] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.978] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.978] IUnknown:Release (This=0x968724) returned 0x1 [0278.980] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d90) returned 0x0 [0278.980] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.980] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9ce2c8) returned 0x0 [0278.980] WbemDefPath:IUnknown:Release (This=0x989d90) returned 0x0 [0278.980] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce2c8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9ce2c8) returned 0x0 [0278.980] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce2c8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.980] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce2c8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.981] WbemDefPath:IUnknown:AddRef (This=0x9ce2c8) returned 0x3 [0278.981] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce2c8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.981] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce2c8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.981] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce2c8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cc748) returned 0x0 [0278.981] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cc748, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.981] WbemDefPath:IUnknown:Release (This=0x9cc748) returned 0x3 [0278.981] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.981] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.981] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce2c8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.981] WbemDefPath:IUnknown:Release (This=0x9ce2c8) returned 0x2 [0278.981] WbemDefPath:IUnknown:Release (This=0x9ce2c8) returned 0x1 [0278.981] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.981] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.981] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce2c8, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9ce2c8) returned 0x0 [0278.981] WbemDefPath:IUnknown:AddRef (This=0x9ce2c8) returned 0x3 [0278.981] WbemDefPath:IUnknown:Release (This=0x9ce2c8) returned 0x2 [0278.981] WbemDefPath:IWbemPath:SetText (This=0x9ce2c8, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5896\"") returned 0x0 [0278.981] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.981] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.982] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.982] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.982] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.982] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.982] IWbemClassObject:Get (in: This=0x9c80c0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7b6b8*=0, plFlavor=0x2f7b6bc*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1708, varVal2=0x0), pType=0x2f7b6b8*=19, plFlavor=0x2f7b6bc*=0) returned 0x0 [0278.982] IWbemClassObject:Get (in: This=0x9c80c0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7b6b8*=19, plFlavor=0x2f7b6bc*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1708, varVal2=0x0), pType=0x2f7b6b8*=19, plFlavor=0x2f7b6bc*=0) returned 0x0 [0278.982] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.982] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.982] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.982] IWbemClassObject:Get (in: This=0x9c80c0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7b7bc*=0, plFlavor=0x2f7b7c0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x2f7b7bc*=8, plFlavor=0x2f7b7c0*=0) returned 0x0 [0278.983] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0278.983] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0278.983] IWbemClassObject:Get (in: This=0x9c80c0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7b7bc*=8, plFlavor=0x2f7b7c0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="outlook.exe", varVal2=0x0), pType=0x2f7b7bc*=8, plFlavor=0x2f7b7c0*=0) returned 0x0 [0278.983] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0278.983] SysStringByteLen (bstr="outlook.exe") returned 0x16 [0278.983] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.983] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.983] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.984] IWbemClassObject:Get (in: This=0x9c80c0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7b8f8*=0, plFlavor=0x2f7b8fc*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Java\\outlook.exe\" ", varVal2=0x0), pType=0x2f7b8f8*=8, plFlavor=0x2f7b8fc*=0) returned 0x0 [0278.984] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Java\\outlook.exe\" ") returned 0x54 [0278.984] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Java\\outlook.exe\" ") returned 0x54 [0278.984] IWbemClassObject:Get (in: This=0x9c80c0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7b8f8*=8, plFlavor=0x2f7b8fc*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Java\\outlook.exe\" ", varVal2=0x0), pType=0x2f7b8f8*=8, plFlavor=0x2f7b8fc*=0) returned 0x0 [0278.984] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Java\\outlook.exe\" ") returned 0x54 [0278.984] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Java\\outlook.exe\" ") returned 0x54 [0278.984] CoTaskMemAlloc (cb=0x4) returned 0x989d90 [0278.984] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d90, puReturned=0x2f500f0 | out: apObjects=0x989d90*=0x9c8d80, puReturned=0x2f500f0*=0x1) returned 0x0 [0278.985] IUnknown:QueryInterface (in: This=0x9c8d80, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c8d80) returned 0x0 [0278.985] IUnknown:QueryInterface (in: This=0x9c8d80, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0278.985] IUnknown:QueryInterface (in: This=0x9c8d80, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0278.985] IUnknown:QueryInterface (in: This=0x9c8d80, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0278.986] IUnknown:AddRef (This=0x9c8d80) returned 0x3 [0278.986] IUnknown:QueryInterface (in: This=0x9c8d80, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0278.986] IUnknown:QueryInterface (in: This=0x9c8d80, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0278.986] IUnknown:QueryInterface (in: This=0x9c8d80, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c8d84) returned 0x0 [0278.986] IMarshal:GetUnmarshalClass (in: This=0x9c8d84, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0278.986] IUnknown:Release (This=0x9c8d84) returned 0x3 [0278.986] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0278.986] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0278.986] IUnknown:QueryInterface (in: This=0x9c8d80, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0278.986] IUnknown:Release (This=0x9c8d80) returned 0x2 [0278.986] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0278.986] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0278.986] IUnknown:QueryInterface (in: This=0x9c8d80, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c8d80) returned 0x0 [0278.986] IUnknown:AddRef (This=0x9c8d80) returned 0x4 [0278.986] IUnknown:Release (This=0x9c8d80) returned 0x3 [0278.986] IUnknown:Release (This=0x9c8d80) returned 0x2 [0278.986] CoTaskMemFree (pv=0x989d90) [0278.987] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0278.987] IUnknown:AddRef (This=0x9c8d80) returned 0x3 [0278.987] IWbemClassObject:Get (in: This=0x9c8d80, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0278.987] IWbemClassObject:Get (in: This=0x9c8d80, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5908\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0278.987] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5908\"") returned 0x66 [0278.987] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5908\"") returned 0x66 [0278.987] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0278.987] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0278.987] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0278.988] IUnknown:Release (This=0x968724) returned 0x1 [0278.990] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989ce0) returned 0x0 [0278.990] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ce0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0278.990] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ce0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9ce1e8) returned 0x0 [0278.990] WbemDefPath:IUnknown:Release (This=0x989ce0) returned 0x0 [0278.990] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce1e8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9ce1e8) returned 0x0 [0278.990] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce1e8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0278.990] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce1e8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0278.990] WbemDefPath:IUnknown:AddRef (This=0x9ce1e8) returned 0x3 [0278.990] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce1e8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0278.990] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce1e8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0278.990] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce1e8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cc508) returned 0x0 [0278.991] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cc508, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0278.991] WbemDefPath:IUnknown:Release (This=0x9cc508) returned 0x3 [0278.991] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0278.991] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0278.991] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce1e8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0278.991] WbemDefPath:IUnknown:Release (This=0x9ce1e8) returned 0x2 [0278.991] WbemDefPath:IUnknown:Release (This=0x9ce1e8) returned 0x1 [0278.991] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0278.991] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0278.991] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce1e8, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9ce1e8) returned 0x0 [0278.991] WbemDefPath:IUnknown:AddRef (This=0x9ce1e8) returned 0x3 [0278.991] WbemDefPath:IUnknown:Release (This=0x9ce1e8) returned 0x2 [0278.991] WbemDefPath:IWbemPath:SetText (This=0x9ce1e8, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5908\"") returned 0x0 [0278.991] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0278.991] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0278.991] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.991] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.991] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.991] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.991] IWbemClassObject:Get (in: This=0x9c8d80, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7c330*=0, plFlavor=0x2f7c334*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1714, varVal2=0x0), pType=0x2f7c330*=19, plFlavor=0x2f7c334*=0) returned 0x0 [0278.992] IWbemClassObject:Get (in: This=0x9c8d80, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7c330*=19, plFlavor=0x2f7c334*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1714, varVal2=0x0), pType=0x2f7c330*=19, plFlavor=0x2f7c334*=0) returned 0x0 [0278.992] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.992] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.992] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.992] IWbemClassObject:Get (in: This=0x9c8d80, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7c434*=0, plFlavor=0x2f7c438*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x2f7c434*=8, plFlavor=0x2f7c438*=0) returned 0x0 [0278.992] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0278.992] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0278.992] IWbemClassObject:Get (in: This=0x9c8d80, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7c434*=8, plFlavor=0x2f7c438*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="pidgin.exe", varVal2=0x0), pType=0x2f7c434*=8, plFlavor=0x2f7c438*=0) returned 0x0 [0278.992] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0278.992] SysStringByteLen (bstr="pidgin.exe") returned 0x14 [0278.993] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0278.993] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0278.993] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0278.993] IWbemClassObject:Get (in: This=0x9c8d80, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7c570*=0, plFlavor=0x2f7c574*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Adobe\\pidgin.exe\" ", varVal2=0x0), pType=0x2f7c570*=8, plFlavor=0x2f7c574*=0) returned 0x0 [0278.993] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\pidgin.exe\" ") returned 0x54 [0278.993] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\pidgin.exe\" ") returned 0x54 [0278.993] IWbemClassObject:Get (in: This=0x9c8d80, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7c570*=8, plFlavor=0x2f7c574*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Adobe\\pidgin.exe\" ", varVal2=0x0), pType=0x2f7c570*=8, plFlavor=0x2f7c574*=0) returned 0x0 [0278.993] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\pidgin.exe\" ") returned 0x54 [0278.993] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\pidgin.exe\" ") returned 0x54 [0278.993] CoTaskMemAlloc (cb=0x4) returned 0x989cf0 [0278.993] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989cf0, puReturned=0x2f500f0 | out: apObjects=0x989cf0*=0x9c90b0, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.010] IUnknown:QueryInterface (in: This=0x9c90b0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c90b0) returned 0x0 [0279.010] IUnknown:QueryInterface (in: This=0x9c90b0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.010] IUnknown:QueryInterface (in: This=0x9c90b0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.010] IUnknown:QueryInterface (in: This=0x9c90b0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.011] IUnknown:AddRef (This=0x9c90b0) returned 0x3 [0279.011] IUnknown:QueryInterface (in: This=0x9c90b0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.011] IUnknown:QueryInterface (in: This=0x9c90b0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.011] IUnknown:QueryInterface (in: This=0x9c90b0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c90b4) returned 0x0 [0279.011] IMarshal:GetUnmarshalClass (in: This=0x9c90b4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.011] IUnknown:Release (This=0x9c90b4) returned 0x3 [0279.011] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.012] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.012] IUnknown:QueryInterface (in: This=0x9c90b0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.013] IUnknown:Release (This=0x9c90b0) returned 0x2 [0279.013] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.013] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.013] IUnknown:QueryInterface (in: This=0x9c90b0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c90b0) returned 0x0 [0279.013] IUnknown:AddRef (This=0x9c90b0) returned 0x4 [0279.013] IUnknown:Release (This=0x9c90b0) returned 0x3 [0279.013] IUnknown:Release (This=0x9c90b0) returned 0x2 [0279.013] CoTaskMemFree (pv=0x989cf0) [0279.013] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.013] IUnknown:AddRef (This=0x9c90b0) returned 0x3 [0279.013] IWbemClassObject:Get (in: This=0x9c90b0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.013] IWbemClassObject:Get (in: This=0x9c90b0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5920\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.014] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5920\"") returned 0x66 [0279.014] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5920\"") returned 0x66 [0279.014] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.014] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.014] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.014] IUnknown:Release (This=0x968724) returned 0x1 [0279.016] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989cb0) returned 0x0 [0279.016] WbemDefPath:IUnknown:QueryInterface (in: This=0x989cb0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.016] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989cb0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9cdfb8) returned 0x0 [0279.016] WbemDefPath:IUnknown:Release (This=0x989cb0) returned 0x0 [0279.016] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdfb8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9cdfb8) returned 0x0 [0279.016] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdfb8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.017] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdfb8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.017] WbemDefPath:IUnknown:AddRef (This=0x9cdfb8) returned 0x3 [0279.017] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdfb8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.017] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdfb8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.017] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdfb8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cc7a8) returned 0x0 [0279.017] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cc7a8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.017] WbemDefPath:IUnknown:Release (This=0x9cc7a8) returned 0x3 [0279.017] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.017] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.017] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdfb8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.017] WbemDefPath:IUnknown:Release (This=0x9cdfb8) returned 0x2 [0279.017] WbemDefPath:IUnknown:Release (This=0x9cdfb8) returned 0x1 [0279.017] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.017] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.017] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdfb8, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9cdfb8) returned 0x0 [0279.017] WbemDefPath:IUnknown:AddRef (This=0x9cdfb8) returned 0x3 [0279.017] WbemDefPath:IUnknown:Release (This=0x9cdfb8) returned 0x2 [0279.018] WbemDefPath:IWbemPath:SetText (This=0x9cdfb8, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5920\"") returned 0x0 [0279.018] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.018] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.018] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.018] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.018] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.018] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.018] IWbemClassObject:Get (in: This=0x9c90b0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7cf98*=0, plFlavor=0x2f7cf9c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1720, varVal2=0x0), pType=0x2f7cf98*=19, plFlavor=0x2f7cf9c*=0) returned 0x0 [0279.018] IWbemClassObject:Get (in: This=0x9c90b0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7cf98*=19, plFlavor=0x2f7cf9c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1720, varVal2=0x0), pType=0x2f7cf98*=19, plFlavor=0x2f7cf9c*=0) returned 0x0 [0279.018] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.018] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.018] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.018] IWbemClassObject:Get (in: This=0x9c90b0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7d09c*=0, plFlavor=0x2f7d0a0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x2f7d09c*=8, plFlavor=0x2f7d0a0*=0) returned 0x0 [0279.019] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0279.019] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0279.019] IWbemClassObject:Get (in: This=0x9c90b0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7d09c*=8, plFlavor=0x2f7d0a0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="scriptftp.exe", varVal2=0x0), pType=0x2f7d09c*=8, plFlavor=0x2f7d0a0*=0) returned 0x0 [0279.019] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0279.019] SysStringByteLen (bstr="scriptftp.exe") returned 0x1a [0279.019] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.019] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.019] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.019] IWbemClassObject:Get (in: This=0x9c90b0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7d1e0*=0, plFlavor=0x2f7d1e4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Security\\scriptftp.exe\" ", varVal2=0x0), pType=0x2f7d1e0*=8, plFlavor=0x2f7d1e4*=0) returned 0x0 [0279.019] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Security\\scriptftp.exe\" ") returned 0x64 [0279.019] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Security\\scriptftp.exe\" ") returned 0x64 [0279.019] IWbemClassObject:Get (in: This=0x9c90b0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7d1e0*=8, plFlavor=0x2f7d1e4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Security\\scriptftp.exe\" ", varVal2=0x0), pType=0x2f7d1e0*=8, plFlavor=0x2f7d1e4*=0) returned 0x0 [0279.019] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Security\\scriptftp.exe\" ") returned 0x64 [0279.019] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Security\\scriptftp.exe\" ") returned 0x64 [0279.019] CoTaskMemAlloc (cb=0x4) returned 0x989e20 [0279.019] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e20, puReturned=0x2f500f0 | out: apObjects=0x989e20*=0x9c9248, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.021] IUnknown:QueryInterface (in: This=0x9c9248, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c9248) returned 0x0 [0279.021] IUnknown:QueryInterface (in: This=0x9c9248, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.021] IUnknown:QueryInterface (in: This=0x9c9248, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.021] IUnknown:QueryInterface (in: This=0x9c9248, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.021] IUnknown:AddRef (This=0x9c9248) returned 0x3 [0279.021] IUnknown:QueryInterface (in: This=0x9c9248, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.021] IUnknown:QueryInterface (in: This=0x9c9248, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.021] IUnknown:QueryInterface (in: This=0x9c9248, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c924c) returned 0x0 [0279.021] IMarshal:GetUnmarshalClass (in: This=0x9c924c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.021] IUnknown:Release (This=0x9c924c) returned 0x3 [0279.021] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.021] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.022] IUnknown:QueryInterface (in: This=0x9c9248, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.022] IUnknown:Release (This=0x9c9248) returned 0x2 [0279.022] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.022] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.022] IUnknown:QueryInterface (in: This=0x9c9248, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c9248) returned 0x0 [0279.022] IUnknown:AddRef (This=0x9c9248) returned 0x4 [0279.022] IUnknown:Release (This=0x9c9248) returned 0x3 [0279.022] IUnknown:Release (This=0x9c9248) returned 0x2 [0279.022] CoTaskMemFree (pv=0x989e20) [0279.022] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.022] IUnknown:AddRef (This=0x9c9248) returned 0x3 [0279.022] IWbemClassObject:Get (in: This=0x9c9248, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.022] IWbemClassObject:Get (in: This=0x9c9248, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5932\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.023] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5932\"") returned 0x66 [0279.023] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5932\"") returned 0x66 [0279.023] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.023] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.023] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.023] IUnknown:Release (This=0x968724) returned 0x1 [0279.024] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d90) returned 0x0 [0279.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.025] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9cda78) returned 0x0 [0279.025] WbemDefPath:IUnknown:Release (This=0x989d90) returned 0x0 [0279.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda78, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9cda78) returned 0x0 [0279.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda78, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda78, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.025] WbemDefPath:IUnknown:AddRef (This=0x9cda78) returned 0x3 [0279.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda78, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda78, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda78, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cc838) returned 0x0 [0279.025] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cc838, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.025] WbemDefPath:IUnknown:Release (This=0x9cc838) returned 0x3 [0279.025] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.026] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.026] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda78, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.026] WbemDefPath:IUnknown:Release (This=0x9cda78) returned 0x2 [0279.026] WbemDefPath:IUnknown:Release (This=0x9cda78) returned 0x1 [0279.026] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.026] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.026] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda78, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9cda78) returned 0x0 [0279.026] WbemDefPath:IUnknown:AddRef (This=0x9cda78) returned 0x3 [0279.026] WbemDefPath:IUnknown:Release (This=0x9cda78) returned 0x2 [0279.026] WbemDefPath:IWbemPath:SetText (This=0x9cda78, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5932\"") returned 0x0 [0279.026] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.026] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.026] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.026] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.026] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.026] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.026] IWbemClassObject:Get (in: This=0x9c9248, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7dc40*=0, plFlavor=0x2f7dc44*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x172c, varVal2=0x0), pType=0x2f7dc40*=19, plFlavor=0x2f7dc44*=0) returned 0x0 [0279.026] IWbemClassObject:Get (in: This=0x9c9248, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7dc40*=19, plFlavor=0x2f7dc44*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x172c, varVal2=0x0), pType=0x2f7dc40*=19, plFlavor=0x2f7dc44*=0) returned 0x0 [0279.029] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.029] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.029] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.029] IWbemClassObject:Get (in: This=0x9c9248, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7dd44*=0, plFlavor=0x2f7dd48*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x2f7dd44*=8, plFlavor=0x2f7dd48*=0) returned 0x0 [0279.029] SysStringByteLen (bstr="skype.exe") returned 0x12 [0279.029] SysStringByteLen (bstr="skype.exe") returned 0x12 [0279.029] IWbemClassObject:Get (in: This=0x9c9248, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7dd44*=8, plFlavor=0x2f7dd48*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="skype.exe", varVal2=0x0), pType=0x2f7dd44*=8, plFlavor=0x2f7dd48*=0) returned 0x0 [0279.029] SysStringByteLen (bstr="skype.exe") returned 0x12 [0279.029] SysStringByteLen (bstr="skype.exe") returned 0x12 [0279.029] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.029] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.029] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.029] IWbemClassObject:Get (in: This=0x9c9248, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7de78*=0, plFlavor=0x2f7de7c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\skype.exe\" ", varVal2=0x0), pType=0x2f7de78*=8, plFlavor=0x2f7de7c*=0) returned 0x0 [0279.029] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\skype.exe\" ") returned 0x62 [0279.029] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\skype.exe\" ") returned 0x62 [0279.030] IWbemClassObject:Get (in: This=0x9c9248, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7de78*=8, plFlavor=0x2f7de7c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\skype.exe\" ", varVal2=0x0), pType=0x2f7de78*=8, plFlavor=0x2f7de7c*=0) returned 0x0 [0279.030] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\skype.exe\" ") returned 0x62 [0279.030] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\skype.exe\" ") returned 0x62 [0279.030] CoTaskMemAlloc (cb=0x4) returned 0x989e50 [0279.030] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e50, puReturned=0x2f500f0 | out: apObjects=0x989e50*=0x9c9710, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.031] IUnknown:QueryInterface (in: This=0x9c9710, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c9710) returned 0x0 [0279.032] IUnknown:QueryInterface (in: This=0x9c9710, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.032] IUnknown:QueryInterface (in: This=0x9c9710, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.032] IUnknown:QueryInterface (in: This=0x9c9710, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.032] IUnknown:AddRef (This=0x9c9710) returned 0x3 [0279.032] IUnknown:QueryInterface (in: This=0x9c9710, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.032] IUnknown:QueryInterface (in: This=0x9c9710, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.032] IUnknown:QueryInterface (in: This=0x9c9710, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c9714) returned 0x0 [0279.032] IMarshal:GetUnmarshalClass (in: This=0x9c9714, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.032] IUnknown:Release (This=0x9c9714) returned 0x3 [0279.032] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.032] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.032] IUnknown:QueryInterface (in: This=0x9c9710, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.033] IUnknown:Release (This=0x9c9710) returned 0x2 [0279.033] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.033] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.033] IUnknown:QueryInterface (in: This=0x9c9710, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c9710) returned 0x0 [0279.033] IUnknown:AddRef (This=0x9c9710) returned 0x4 [0279.033] IUnknown:Release (This=0x9c9710) returned 0x3 [0279.033] IUnknown:Release (This=0x9c9710) returned 0x2 [0279.033] CoTaskMemFree (pv=0x989e50) [0279.033] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.033] IUnknown:AddRef (This=0x9c9710) returned 0x3 [0279.033] IWbemClassObject:Get (in: This=0x9c9710, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.033] IWbemClassObject:Get (in: This=0x9c9710, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5940\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.033] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5940\"") returned 0x66 [0279.034] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5940\"") returned 0x66 [0279.034] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.034] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.034] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.034] IUnknown:Release (This=0x968724) returned 0x1 [0279.035] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e70) returned 0x0 [0279.036] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e70, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.036] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e70, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9ce338) returned 0x0 [0279.036] WbemDefPath:IUnknown:Release (This=0x989e70) returned 0x0 [0279.036] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce338, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9ce338) returned 0x0 [0279.036] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce338, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.036] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce338, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.036] WbemDefPath:IUnknown:AddRef (This=0x9ce338) returned 0x3 [0279.036] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce338, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.036] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce338, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.036] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce338, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9ccc10) returned 0x0 [0279.037] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9ccc10, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.037] WbemDefPath:IUnknown:Release (This=0x9ccc10) returned 0x3 [0279.037] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.037] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.037] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce338, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.037] WbemDefPath:IUnknown:Release (This=0x9ce338) returned 0x2 [0279.037] WbemDefPath:IUnknown:Release (This=0x9ce338) returned 0x1 [0279.037] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.037] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.037] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce338, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9ce338) returned 0x0 [0279.037] WbemDefPath:IUnknown:AddRef (This=0x9ce338) returned 0x3 [0279.037] WbemDefPath:IUnknown:Release (This=0x9ce338) returned 0x2 [0279.037] WbemDefPath:IWbemPath:SetText (This=0x9ce338, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5940\"") returned 0x0 [0279.037] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.037] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.038] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.038] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.038] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.038] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.038] IWbemClassObject:Get (in: This=0x9c9710, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7e8d0*=0, plFlavor=0x2f7e8d4*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1734, varVal2=0x0), pType=0x2f7e8d0*=19, plFlavor=0x2f7e8d4*=0) returned 0x0 [0279.038] IWbemClassObject:Get (in: This=0x9c9710, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7e8d0*=19, plFlavor=0x2f7e8d4*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1734, varVal2=0x0), pType=0x2f7e8d0*=19, plFlavor=0x2f7e8d4*=0) returned 0x0 [0279.038] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.038] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.038] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.038] IWbemClassObject:Get (in: This=0x9c9710, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7e9d4*=0, plFlavor=0x2f7e9d8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x2f7e9d4*=8, plFlavor=0x2f7e9d8*=0) returned 0x0 [0279.038] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0279.039] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0279.039] IWbemClassObject:Get (in: This=0x9c9710, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7e9d4*=8, plFlavor=0x2f7e9d8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="smartftp.exe", varVal2=0x0), pType=0x2f7e9d4*=8, plFlavor=0x2f7e9d8*=0) returned 0x0 [0279.039] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0279.039] SysStringByteLen (bstr="smartftp.exe") returned 0x18 [0279.039] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.039] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.039] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.039] IWbemClassObject:Get (in: This=0x9c9710, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7eb18*=0, plFlavor=0x2f7eb1c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Sidebar\\smartftp.exe\" ", varVal2=0x0), pType=0x2f7eb18*=8, plFlavor=0x2f7eb1c*=0) returned 0x0 [0279.039] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Sidebar\\smartftp.exe\" ") returned 0x6c [0279.039] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Sidebar\\smartftp.exe\" ") returned 0x6c [0279.039] IWbemClassObject:Get (in: This=0x9c9710, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7eb18*=8, plFlavor=0x2f7eb1c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Sidebar\\smartftp.exe\" ", varVal2=0x0), pType=0x2f7eb18*=8, plFlavor=0x2f7eb1c*=0) returned 0x0 [0279.039] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Sidebar\\smartftp.exe\" ") returned 0x6c [0279.039] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Sidebar\\smartftp.exe\" ") returned 0x6c [0279.039] CoTaskMemAlloc (cb=0x4) returned 0x989d30 [0279.039] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d30, puReturned=0x2f500f0 | out: apObjects=0x989d30*=0x9c93e0, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.040] IUnknown:QueryInterface (in: This=0x9c93e0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c93e0) returned 0x0 [0279.041] IUnknown:QueryInterface (in: This=0x9c93e0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.041] IUnknown:QueryInterface (in: This=0x9c93e0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.041] IUnknown:QueryInterface (in: This=0x9c93e0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.041] IUnknown:AddRef (This=0x9c93e0) returned 0x3 [0279.041] IUnknown:QueryInterface (in: This=0x9c93e0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.041] IUnknown:QueryInterface (in: This=0x9c93e0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.041] IUnknown:QueryInterface (in: This=0x9c93e0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c93e4) returned 0x0 [0279.041] IMarshal:GetUnmarshalClass (in: This=0x9c93e4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.041] IUnknown:Release (This=0x9c93e4) returned 0x3 [0279.041] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.041] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.041] IUnknown:QueryInterface (in: This=0x9c93e0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.042] IUnknown:Release (This=0x9c93e0) returned 0x2 [0279.042] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.042] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.042] IUnknown:QueryInterface (in: This=0x9c93e0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c93e0) returned 0x0 [0279.042] IUnknown:AddRef (This=0x9c93e0) returned 0x4 [0279.042] IUnknown:Release (This=0x9c93e0) returned 0x3 [0279.042] IUnknown:Release (This=0x9c93e0) returned 0x2 [0279.042] CoTaskMemFree (pv=0x989d30) [0279.042] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.042] IUnknown:AddRef (This=0x9c93e0) returned 0x3 [0279.042] IWbemClassObject:Get (in: This=0x9c93e0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.089] IWbemClassObject:Get (in: This=0x9c93e0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5948\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.089] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5948\"") returned 0x66 [0279.089] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5948\"") returned 0x66 [0279.089] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.090] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.090] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.090] IUnknown:Release (This=0x968724) returned 0x1 [0279.092] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989dd0) returned 0x0 [0279.092] WbemDefPath:IUnknown:QueryInterface (in: This=0x989dd0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.092] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989dd0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9cd998) returned 0x0 [0279.092] WbemDefPath:IUnknown:Release (This=0x989dd0) returned 0x0 [0279.092] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd998, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9cd998) returned 0x0 [0279.092] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd998, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.092] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd998, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.092] WbemDefPath:IUnknown:AddRef (This=0x9cd998) returned 0x3 [0279.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd998, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd998, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd998, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9ccad8) returned 0x0 [0279.093] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9ccad8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.093] WbemDefPath:IUnknown:Release (This=0x9ccad8) returned 0x3 [0279.093] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.093] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd998, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.093] WbemDefPath:IUnknown:Release (This=0x9cd998) returned 0x2 [0279.093] WbemDefPath:IUnknown:Release (This=0x9cd998) returned 0x1 [0279.093] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.093] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.093] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd998, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9cd998) returned 0x0 [0279.093] WbemDefPath:IUnknown:AddRef (This=0x9cd998) returned 0x3 [0279.093] WbemDefPath:IUnknown:Release (This=0x9cd998) returned 0x2 [0279.093] WbemDefPath:IWbemPath:SetText (This=0x9cd998, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5948\"") returned 0x0 [0279.093] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.093] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.093] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.094] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.094] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.094] IWbemClassObject:Get (in: This=0x9c93e0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7f58c*=0, plFlavor=0x2f7f590*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x173c, varVal2=0x0), pType=0x2f7f58c*=19, plFlavor=0x2f7f590*=0) returned 0x0 [0279.094] IWbemClassObject:Get (in: This=0x9c93e0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7f58c*=19, plFlavor=0x2f7f590*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x173c, varVal2=0x0), pType=0x2f7f58c*=19, plFlavor=0x2f7f590*=0) returned 0x0 [0279.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.094] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.094] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.094] IWbemClassObject:Get (in: This=0x9c93e0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7f690*=0, plFlavor=0x2f7f694*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x2f7f690*=8, plFlavor=0x2f7f694*=0) returned 0x0 [0279.094] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0279.094] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0279.094] IWbemClassObject:Get (in: This=0x9c93e0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7f690*=8, plFlavor=0x2f7f694*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="thunderbird.exe", varVal2=0x0), pType=0x2f7f690*=8, plFlavor=0x2f7f694*=0) returned 0x0 [0279.095] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0279.095] SysStringByteLen (bstr="thunderbird.exe") returned 0x1e [0279.095] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.095] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.095] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.095] IWbemClassObject:Get (in: This=0x9c93e0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7f7dc*=0, plFlavor=0x2f7f7e0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Multimedia Platform\\thunderbird.exe\" ", varVal2=0x0), pType=0x2f7f7dc*=8, plFlavor=0x2f7f7e0*=0) returned 0x0 [0279.095] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Multimedia Platform\\thunderbird.exe\" ") returned 0x7e [0279.095] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Multimedia Platform\\thunderbird.exe\" ") returned 0x7e [0279.095] IWbemClassObject:Get (in: This=0x9c93e0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f7f7dc*=8, plFlavor=0x2f7f7e0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Multimedia Platform\\thunderbird.exe\" ", varVal2=0x0), pType=0x2f7f7dc*=8, plFlavor=0x2f7f7e0*=0) returned 0x0 [0279.095] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Multimedia Platform\\thunderbird.exe\" ") returned 0x7e [0279.095] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Multimedia Platform\\thunderbird.exe\" ") returned 0x7e [0279.095] CoTaskMemAlloc (cb=0x4) returned 0x989d20 [0279.095] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d20, puReturned=0x2f500f0 | out: apObjects=0x989d20*=0x9c9578, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.096] IUnknown:QueryInterface (in: This=0x9c9578, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c9578) returned 0x0 [0279.097] IUnknown:QueryInterface (in: This=0x9c9578, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.097] IUnknown:QueryInterface (in: This=0x9c9578, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.097] IUnknown:QueryInterface (in: This=0x9c9578, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.097] IUnknown:AddRef (This=0x9c9578) returned 0x3 [0279.097] IUnknown:QueryInterface (in: This=0x9c9578, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.097] IUnknown:QueryInterface (in: This=0x9c9578, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.097] IUnknown:QueryInterface (in: This=0x9c9578, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c957c) returned 0x0 [0279.097] IMarshal:GetUnmarshalClass (in: This=0x9c957c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.097] IUnknown:Release (This=0x9c957c) returned 0x3 [0279.097] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.097] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.097] IUnknown:QueryInterface (in: This=0x9c9578, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.097] IUnknown:Release (This=0x9c9578) returned 0x2 [0279.097] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.097] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.097] IUnknown:QueryInterface (in: This=0x9c9578, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c9578) returned 0x0 [0279.098] IUnknown:AddRef (This=0x9c9578) returned 0x4 [0279.098] IUnknown:Release (This=0x9c9578) returned 0x3 [0279.098] IUnknown:Release (This=0x9c9578) returned 0x2 [0279.098] CoTaskMemFree (pv=0x989d20) [0279.098] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.098] IUnknown:AddRef (This=0x9c9578) returned 0x3 [0279.098] IWbemClassObject:Get (in: This=0x9c9578, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.098] IWbemClassObject:Get (in: This=0x9c9578, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5968\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.098] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5968\"") returned 0x66 [0279.098] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5968\"") returned 0x66 [0279.098] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.099] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.099] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.099] IUnknown:Release (This=0x968724) returned 0x1 [0279.100] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989dd0) returned 0x0 [0279.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x989dd0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.100] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989dd0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9cde68) returned 0x0 [0279.101] WbemDefPath:IUnknown:Release (This=0x989dd0) returned 0x0 [0279.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cde68, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9cde68) returned 0x0 [0279.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cde68, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.101] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cde68, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.102] WbemDefPath:IUnknown:AddRef (This=0x9cde68) returned 0x3 [0279.102] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cde68, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.102] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cde68, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.102] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cde68, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9ccee0) returned 0x0 [0279.102] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9ccee0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.102] WbemDefPath:IUnknown:Release (This=0x9ccee0) returned 0x3 [0279.102] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.102] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.102] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cde68, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.102] WbemDefPath:IUnknown:Release (This=0x9cde68) returned 0x2 [0279.102] WbemDefPath:IUnknown:Release (This=0x9cde68) returned 0x1 [0279.102] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.102] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.102] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cde68, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9cde68) returned 0x0 [0279.102] WbemDefPath:IUnknown:AddRef (This=0x9cde68) returned 0x3 [0279.103] WbemDefPath:IUnknown:Release (This=0x9cde68) returned 0x2 [0279.103] WbemDefPath:IWbemPath:SetText (This=0x9cde68, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5968\"") returned 0x0 [0279.103] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.103] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.103] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.103] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.103] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.103] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.103] IWbemClassObject:Get (in: This=0x9c9578, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f80294*=0, plFlavor=0x2f80298*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1750, varVal2=0x0), pType=0x2f80294*=19, plFlavor=0x2f80298*=0) returned 0x0 [0279.103] IWbemClassObject:Get (in: This=0x9c9578, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f80294*=19, plFlavor=0x2f80298*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1750, varVal2=0x0), pType=0x2f80294*=19, plFlavor=0x2f80298*=0) returned 0x0 [0279.104] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.104] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.104] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.104] IWbemClassObject:Get (in: This=0x9c9578, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f80398*=0, plFlavor=0x2f8039c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x2f80398*=8, plFlavor=0x2f8039c*=0) returned 0x0 [0279.104] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0279.104] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0279.104] IWbemClassObject:Get (in: This=0x9c9578, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f80398*=8, plFlavor=0x2f8039c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="trillian.exe", varVal2=0x0), pType=0x2f80398*=8, plFlavor=0x2f8039c*=0) returned 0x0 [0279.104] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0279.104] SysStringByteLen (bstr="trillian.exe") returned 0x18 [0279.104] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.104] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.104] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.104] IWbemClassObject:Get (in: This=0x9c9578, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f804dc*=0, plFlavor=0x2f804e0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Uninstall Information\\trillian.exe\" ", varVal2=0x0), pType=0x2f804dc*=8, plFlavor=0x2f804e0*=0) returned 0x0 [0279.105] SysStringByteLen (bstr="\"C:\\Program Files\\Uninstall Information\\trillian.exe\" ") returned 0x6c [0279.105] SysStringByteLen (bstr="\"C:\\Program Files\\Uninstall Information\\trillian.exe\" ") returned 0x6c [0279.105] IWbemClassObject:Get (in: This=0x9c9578, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f804dc*=8, plFlavor=0x2f804e0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Uninstall Information\\trillian.exe\" ", varVal2=0x0), pType=0x2f804dc*=8, plFlavor=0x2f804e0*=0) returned 0x0 [0279.105] SysStringByteLen (bstr="\"C:\\Program Files\\Uninstall Information\\trillian.exe\" ") returned 0x6c [0279.105] SysStringByteLen (bstr="\"C:\\Program Files\\Uninstall Information\\trillian.exe\" ") returned 0x6c [0279.106] CoTaskMemAlloc (cb=0x4) returned 0x989e30 [0279.106] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e30, puReturned=0x2f500f0 | out: apObjects=0x989e30*=0x9c98a8, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.107] IUnknown:QueryInterface (in: This=0x9c98a8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9c98a8) returned 0x0 [0279.107] IUnknown:QueryInterface (in: This=0x9c98a8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.107] IUnknown:QueryInterface (in: This=0x9c98a8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.107] IUnknown:QueryInterface (in: This=0x9c98a8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.107] IUnknown:AddRef (This=0x9c98a8) returned 0x3 [0279.107] IUnknown:QueryInterface (in: This=0x9c98a8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.107] IUnknown:QueryInterface (in: This=0x9c98a8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.107] IUnknown:QueryInterface (in: This=0x9c98a8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9c98ac) returned 0x0 [0279.107] IMarshal:GetUnmarshalClass (in: This=0x9c98ac, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.107] IUnknown:Release (This=0x9c98ac) returned 0x3 [0279.107] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.108] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.108] IUnknown:QueryInterface (in: This=0x9c98a8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.108] IUnknown:Release (This=0x9c98a8) returned 0x2 [0279.108] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.108] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.108] IUnknown:QueryInterface (in: This=0x9c98a8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9c98a8) returned 0x0 [0279.108] IUnknown:AddRef (This=0x9c98a8) returned 0x4 [0279.108] IUnknown:Release (This=0x9c98a8) returned 0x3 [0279.108] IUnknown:Release (This=0x9c98a8) returned 0x2 [0279.108] CoTaskMemFree (pv=0x989e30) [0279.108] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.108] IUnknown:AddRef (This=0x9c98a8) returned 0x3 [0279.108] IWbemClassObject:Get (in: This=0x9c98a8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.109] IWbemClassObject:Get (in: This=0x9c98a8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5984\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.109] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5984\"") returned 0x66 [0279.109] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5984\"") returned 0x66 [0279.109] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.109] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.109] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.109] IUnknown:Release (This=0x968724) returned 0x1 [0279.111] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e50) returned 0x0 [0279.111] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e50, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.111] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e50, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9cdf48) returned 0x0 [0279.111] WbemDefPath:IUnknown:Release (This=0x989e50) returned 0x0 [0279.111] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdf48, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9cdf48) returned 0x0 [0279.111] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdf48, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.111] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdf48, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.111] WbemDefPath:IUnknown:AddRef (This=0x9cdf48) returned 0x3 [0279.111] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdf48, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.112] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdf48, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.112] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdf48, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9ccdc0) returned 0x0 [0279.112] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9ccdc0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.112] WbemDefPath:IUnknown:Release (This=0x9ccdc0) returned 0x3 [0279.112] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.112] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.112] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdf48, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.112] WbemDefPath:IUnknown:Release (This=0x9cdf48) returned 0x2 [0279.112] WbemDefPath:IUnknown:Release (This=0x9cdf48) returned 0x1 [0279.112] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.112] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.112] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cdf48, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9cdf48) returned 0x0 [0279.112] WbemDefPath:IUnknown:AddRef (This=0x9cdf48) returned 0x3 [0279.112] WbemDefPath:IUnknown:Release (This=0x9cdf48) returned 0x2 [0279.112] WbemDefPath:IWbemPath:SetText (This=0x9cdf48, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5984\"") returned 0x0 [0279.112] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.112] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.112] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.112] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.112] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.112] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.113] IWbemClassObject:Get (in: This=0x9c98a8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f80f50*=0, plFlavor=0x2f80f54*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1760, varVal2=0x0), pType=0x2f80f50*=19, plFlavor=0x2f80f54*=0) returned 0x0 [0279.113] IWbemClassObject:Get (in: This=0x9c98a8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f80f50*=19, plFlavor=0x2f80f54*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1760, varVal2=0x0), pType=0x2f80f50*=19, plFlavor=0x2f80f54*=0) returned 0x0 [0279.113] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.113] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.113] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.113] IWbemClassObject:Get (in: This=0x9c98a8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f81054*=0, plFlavor=0x2f81058*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x2f81054*=8, plFlavor=0x2f81058*=0) returned 0x0 [0279.113] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0279.113] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0279.113] IWbemClassObject:Get (in: This=0x9c98a8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f81054*=8, plFlavor=0x2f81058*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="webdrive.exe", varVal2=0x0), pType=0x2f81054*=8, plFlavor=0x2f81058*=0) returned 0x0 [0279.113] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0279.114] SysStringByteLen (bstr="webdrive.exe") returned 0x18 [0279.114] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.114] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.114] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.114] IWbemClassObject:Get (in: This=0x9c98a8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f81198*=0, plFlavor=0x2f8119c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Portable Devices\\webdrive.exe\" ", varVal2=0x0), pType=0x2f81198*=8, plFlavor=0x2f8119c*=0) returned 0x0 [0279.114] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Portable Devices\\webdrive.exe\" ") returned 0x72 [0279.114] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Portable Devices\\webdrive.exe\" ") returned 0x72 [0279.114] IWbemClassObject:Get (in: This=0x9c98a8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f81198*=8, plFlavor=0x2f8119c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Portable Devices\\webdrive.exe\" ", varVal2=0x0), pType=0x2f81198*=8, plFlavor=0x2f8119c*=0) returned 0x0 [0279.114] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Portable Devices\\webdrive.exe\" ") returned 0x72 [0279.114] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Portable Devices\\webdrive.exe\" ") returned 0x72 [0279.114] CoTaskMemAlloc (cb=0x4) returned 0x989c90 [0279.114] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989c90, puReturned=0x2f500f0 | out: apObjects=0x989c90*=0x9d9178, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.130] IUnknown:QueryInterface (in: This=0x9d9178, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d9178) returned 0x0 [0279.130] IUnknown:QueryInterface (in: This=0x9d9178, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.131] IUnknown:QueryInterface (in: This=0x9d9178, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.131] IUnknown:QueryInterface (in: This=0x9d9178, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.131] IUnknown:AddRef (This=0x9d9178) returned 0x3 [0279.131] IUnknown:QueryInterface (in: This=0x9d9178, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.131] IUnknown:QueryInterface (in: This=0x9d9178, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.131] IUnknown:QueryInterface (in: This=0x9d9178, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d917c) returned 0x0 [0279.131] IMarshal:GetUnmarshalClass (in: This=0x9d917c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.131] IUnknown:Release (This=0x9d917c) returned 0x3 [0279.131] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.131] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.131] IUnknown:QueryInterface (in: This=0x9d9178, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.132] IUnknown:Release (This=0x9d9178) returned 0x2 [0279.132] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.132] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.132] IUnknown:QueryInterface (in: This=0x9d9178, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d9178) returned 0x0 [0279.132] IUnknown:AddRef (This=0x9d9178) returned 0x4 [0279.132] IUnknown:Release (This=0x9d9178) returned 0x3 [0279.132] IUnknown:Release (This=0x9d9178) returned 0x2 [0279.132] CoTaskMemFree (pv=0x989c90) [0279.132] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.132] IUnknown:AddRef (This=0x9d9178) returned 0x3 [0279.132] IWbemClassObject:Get (in: This=0x9d9178, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.132] IWbemClassObject:Get (in: This=0x9d9178, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6008\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.133] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6008\"") returned 0x66 [0279.133] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6008\"") returned 0x66 [0279.133] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.133] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.133] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.133] IUnknown:Release (This=0x968724) returned 0x1 [0279.135] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989ca0) returned 0x0 [0279.135] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ca0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.135] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ca0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9cda08) returned 0x0 [0279.135] WbemDefPath:IUnknown:Release (This=0x989ca0) returned 0x0 [0279.135] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda08, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9cda08) returned 0x0 [0279.135] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda08, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.135] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda08, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.135] WbemDefPath:IUnknown:AddRef (This=0x9cda08) returned 0x3 [0279.135] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda08, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.135] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda08, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.135] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda08, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cd210) returned 0x0 [0279.136] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cd210, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.136] WbemDefPath:IUnknown:Release (This=0x9cd210) returned 0x3 [0279.136] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.136] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.136] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda08, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.136] WbemDefPath:IUnknown:Release (This=0x9cda08) returned 0x2 [0279.136] WbemDefPath:IUnknown:Release (This=0x9cda08) returned 0x1 [0279.136] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.136] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.136] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cda08, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9cda08) returned 0x0 [0279.136] WbemDefPath:IUnknown:AddRef (This=0x9cda08) returned 0x3 [0279.136] WbemDefPath:IUnknown:Release (This=0x9cda08) returned 0x2 [0279.136] WbemDefPath:IWbemPath:SetText (This=0x9cda08, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6008\"") returned 0x0 [0279.136] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.137] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.137] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.137] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.137] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.137] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.137] IWbemClassObject:Get (in: This=0x9d9178, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f81c1c*=0, plFlavor=0x2f81c20*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1778, varVal2=0x0), pType=0x2f81c1c*=19, plFlavor=0x2f81c20*=0) returned 0x0 [0279.137] IWbemClassObject:Get (in: This=0x9d9178, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f81c1c*=19, plFlavor=0x2f81c20*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1778, varVal2=0x0), pType=0x2f81c1c*=19, plFlavor=0x2f81c20*=0) returned 0x0 [0279.138] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.138] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.138] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.138] IWbemClassObject:Get (in: This=0x9d9178, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f81d20*=0, plFlavor=0x2f81d24*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x2f81d20*=8, plFlavor=0x2f81d24*=0) returned 0x0 [0279.138] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0279.138] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0279.138] IWbemClassObject:Get (in: This=0x9d9178, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f81d20*=8, plFlavor=0x2f81d24*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="winscp.exe", varVal2=0x0), pType=0x2f81d20*=8, plFlavor=0x2f81d24*=0) returned 0x0 [0279.138] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0279.138] SysStringByteLen (bstr="winscp.exe") returned 0x14 [0279.138] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.138] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.138] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.138] IWbemClassObject:Get (in: This=0x9d9178, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f81e5c*=0, plFlavor=0x2f81e60*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Portable Devices\\winscp.exe\" ", varVal2=0x0), pType=0x2f81e5c*=8, plFlavor=0x2f81e60*=0) returned 0x0 [0279.138] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Portable Devices\\winscp.exe\" ") returned 0x6e [0279.138] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Portable Devices\\winscp.exe\" ") returned 0x6e [0279.138] IWbemClassObject:Get (in: This=0x9d9178, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f81e5c*=8, plFlavor=0x2f81e60*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Portable Devices\\winscp.exe\" ", varVal2=0x0), pType=0x2f81e5c*=8, plFlavor=0x2f81e60*=0) returned 0x0 [0279.138] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Portable Devices\\winscp.exe\" ") returned 0x6e [0279.139] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Portable Devices\\winscp.exe\" ") returned 0x6e [0279.140] CoTaskMemAlloc (cb=0x4) returned 0x989e20 [0279.140] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e20, puReturned=0x2f500f0 | out: apObjects=0x989e20*=0x9d8320, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.141] IUnknown:QueryInterface (in: This=0x9d8320, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d8320) returned 0x0 [0279.141] IUnknown:QueryInterface (in: This=0x9d8320, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.141] IUnknown:QueryInterface (in: This=0x9d8320, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.141] IUnknown:QueryInterface (in: This=0x9d8320, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.142] IUnknown:AddRef (This=0x9d8320) returned 0x3 [0279.142] IUnknown:QueryInterface (in: This=0x9d8320, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.142] IUnknown:QueryInterface (in: This=0x9d8320, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.142] IUnknown:QueryInterface (in: This=0x9d8320, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d8324) returned 0x0 [0279.142] IMarshal:GetUnmarshalClass (in: This=0x9d8324, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.142] IUnknown:Release (This=0x9d8324) returned 0x3 [0279.142] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.142] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.142] IUnknown:QueryInterface (in: This=0x9d8320, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.142] IUnknown:Release (This=0x9d8320) returned 0x2 [0279.142] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.142] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.142] IUnknown:QueryInterface (in: This=0x9d8320, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d8320) returned 0x0 [0279.142] IUnknown:AddRef (This=0x9d8320) returned 0x4 [0279.142] IUnknown:Release (This=0x9d8320) returned 0x3 [0279.142] IUnknown:Release (This=0x9d8320) returned 0x2 [0279.143] CoTaskMemFree (pv=0x989e20) [0279.143] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.143] IUnknown:AddRef (This=0x9d8320) returned 0x3 [0279.143] IWbemClassObject:Get (in: This=0x9d8320, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.143] IWbemClassObject:Get (in: This=0x9d8320, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6020\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.143] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6020\"") returned 0x66 [0279.143] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6020\"") returned 0x66 [0279.143] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.144] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.144] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.144] IUnknown:Release (This=0x968724) returned 0x1 [0279.145] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d90) returned 0x0 [0279.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.146] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9ce488) returned 0x0 [0279.146] WbemDefPath:IUnknown:Release (This=0x989d90) returned 0x0 [0279.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce488, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9ce488) returned 0x0 [0279.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce488, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce488, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.146] WbemDefPath:IUnknown:AddRef (This=0x9ce488) returned 0x3 [0279.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce488, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce488, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.146] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce488, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cb350) returned 0x0 [0279.147] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cb350, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.147] WbemDefPath:IUnknown:Release (This=0x9cb350) returned 0x3 [0279.147] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.147] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce488, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.147] WbemDefPath:IUnknown:Release (This=0x9ce488) returned 0x2 [0279.147] WbemDefPath:IUnknown:Release (This=0x9ce488) returned 0x1 [0279.147] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.147] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.147] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce488, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9ce488) returned 0x0 [0279.147] WbemDefPath:IUnknown:AddRef (This=0x9ce488) returned 0x3 [0279.147] WbemDefPath:IUnknown:Release (This=0x9ce488) returned 0x2 [0279.147] WbemDefPath:IWbemPath:SetText (This=0x9ce488, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6020\"") returned 0x0 [0279.147] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.147] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.147] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.147] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.148] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.148] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.148] IWbemClassObject:Get (in: This=0x9d8320, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f828dc*=0, plFlavor=0x2f828e0*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1784, varVal2=0x0), pType=0x2f828dc*=19, plFlavor=0x2f828e0*=0) returned 0x0 [0279.148] IWbemClassObject:Get (in: This=0x9d8320, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f828dc*=19, plFlavor=0x2f828e0*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1784, varVal2=0x0), pType=0x2f828dc*=19, plFlavor=0x2f828e0*=0) returned 0x0 [0279.148] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.148] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.148] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.148] IWbemClassObject:Get (in: This=0x9d8320, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f829e0*=0, plFlavor=0x2f829e4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x2f829e0*=8, plFlavor=0x2f829e4*=0) returned 0x0 [0279.148] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0279.148] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0279.149] IWbemClassObject:Get (in: This=0x9d8320, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f829e0*=8, plFlavor=0x2f829e4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="active-charge.exe", varVal2=0x0), pType=0x2f829e0*=8, plFlavor=0x2f829e4*=0) returned 0x0 [0279.149] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0279.149] SysStringByteLen (bstr="active-charge.exe") returned 0x22 [0279.149] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.149] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.149] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.149] IWbemClassObject:Get (in: This=0x9d8320, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f82b34*=0, plFlavor=0x2f82b38*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Security\\active-charge.exe\" ", varVal2=0x0), pType=0x2f82b34*=8, plFlavor=0x2f82b38*=0) returned 0x0 [0279.149] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Security\\active-charge.exe\" ") returned 0x6c [0279.149] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Security\\active-charge.exe\" ") returned 0x6c [0279.149] IWbemClassObject:Get (in: This=0x9d8320, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f82b34*=8, plFlavor=0x2f82b38*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Security\\active-charge.exe\" ", varVal2=0x0), pType=0x2f82b34*=8, plFlavor=0x2f82b38*=0) returned 0x0 [0279.149] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Security\\active-charge.exe\" ") returned 0x6c [0279.149] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Security\\active-charge.exe\" ") returned 0x6c [0279.149] CoTaskMemAlloc (cb=0x4) returned 0x989cb0 [0279.150] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989cb0, puReturned=0x2f500f0 | out: apObjects=0x989cb0*=0x9d84b8, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.151] IUnknown:QueryInterface (in: This=0x9d84b8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d84b8) returned 0x0 [0279.151] IUnknown:QueryInterface (in: This=0x9d84b8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.151] IUnknown:QueryInterface (in: This=0x9d84b8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.151] IUnknown:QueryInterface (in: This=0x9d84b8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.151] IUnknown:AddRef (This=0x9d84b8) returned 0x3 [0279.151] IUnknown:QueryInterface (in: This=0x9d84b8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.151] IUnknown:QueryInterface (in: This=0x9d84b8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.151] IUnknown:QueryInterface (in: This=0x9d84b8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d84bc) returned 0x0 [0279.152] IMarshal:GetUnmarshalClass (in: This=0x9d84bc, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.152] IUnknown:Release (This=0x9d84bc) returned 0x3 [0279.152] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.152] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.153] IUnknown:QueryInterface (in: This=0x9d84b8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.153] IUnknown:Release (This=0x9d84b8) returned 0x2 [0279.153] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.153] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.153] IUnknown:QueryInterface (in: This=0x9d84b8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d84b8) returned 0x0 [0279.153] IUnknown:AddRef (This=0x9d84b8) returned 0x4 [0279.153] IUnknown:Release (This=0x9d84b8) returned 0x3 [0279.153] IUnknown:Release (This=0x9d84b8) returned 0x2 [0279.153] CoTaskMemFree (pv=0x989cb0) [0279.153] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.153] IUnknown:AddRef (This=0x9d84b8) returned 0x3 [0279.153] IWbemClassObject:Get (in: This=0x9d84b8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.154] IWbemClassObject:Get (in: This=0x9d84b8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6036\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.154] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6036\"") returned 0x66 [0279.154] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6036\"") returned 0x66 [0279.154] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.154] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.154] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.154] IUnknown:Release (This=0x968724) returned 0x1 [0279.156] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989c90) returned 0x0 [0279.156] WbemDefPath:IUnknown:QueryInterface (in: This=0x989c90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.156] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989c90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9cd928) returned 0x0 [0279.156] WbemDefPath:IUnknown:Release (This=0x989c90) returned 0x0 [0279.156] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd928, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9cd928) returned 0x0 [0279.156] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd928, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.156] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd928, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.156] WbemDefPath:IUnknown:AddRef (This=0x9cd928) returned 0x3 [0279.156] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd928, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.157] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd928, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.157] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd928, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cb320) returned 0x0 [0279.157] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cb320, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.157] WbemDefPath:IUnknown:Release (This=0x9cb320) returned 0x3 [0279.157] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.157] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.157] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd928, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.157] WbemDefPath:IUnknown:Release (This=0x9cd928) returned 0x2 [0279.157] WbemDefPath:IUnknown:Release (This=0x9cd928) returned 0x1 [0279.157] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.157] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.157] WbemDefPath:IUnknown:QueryInterface (in: This=0x9cd928, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9cd928) returned 0x0 [0279.157] WbemDefPath:IUnknown:AddRef (This=0x9cd928) returned 0x3 [0279.157] WbemDefPath:IUnknown:Release (This=0x9cd928) returned 0x2 [0279.157] WbemDefPath:IWbemPath:SetText (This=0x9cd928, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6036\"") returned 0x0 [0279.157] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.157] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.157] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.157] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.158] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.158] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.158] IWbemClassObject:Get (in: This=0x9d84b8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f835b4*=0, plFlavor=0x2f835b8*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1794, varVal2=0x0), pType=0x2f835b4*=19, plFlavor=0x2f835b8*=0) returned 0x0 [0279.158] IWbemClassObject:Get (in: This=0x9d84b8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f835b4*=19, plFlavor=0x2f835b8*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1794, varVal2=0x0), pType=0x2f835b4*=19, plFlavor=0x2f835b8*=0) returned 0x0 [0279.158] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.158] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.158] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.158] IWbemClassObject:Get (in: This=0x9d84b8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f836b8*=0, plFlavor=0x2f836bc*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x2f836b8*=8, plFlavor=0x2f836bc*=0) returned 0x0 [0279.159] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0279.159] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0279.159] IWbemClassObject:Get (in: This=0x9d84b8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f836b8*=8, plFlavor=0x2f836bc*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="accupos.exe", varVal2=0x0), pType=0x2f836b8*=8, plFlavor=0x2f836bc*=0) returned 0x0 [0279.159] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0279.159] SysStringByteLen (bstr="accupos.exe") returned 0x16 [0279.159] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.159] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.159] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.159] IWbemClassObject:Get (in: This=0x9d84b8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f837f4*=0, plFlavor=0x2f837f8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Java\\accupos.exe\" ", varVal2=0x0), pType=0x2f837f4*=8, plFlavor=0x2f837f8*=0) returned 0x0 [0279.159] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Java\\accupos.exe\" ") returned 0x54 [0279.159] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Java\\accupos.exe\" ") returned 0x54 [0279.159] IWbemClassObject:Get (in: This=0x9d84b8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f837f4*=8, plFlavor=0x2f837f8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Java\\accupos.exe\" ", varVal2=0x0), pType=0x2f837f4*=8, plFlavor=0x2f837f8*=0) returned 0x0 [0279.159] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Java\\accupos.exe\" ") returned 0x54 [0279.159] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Java\\accupos.exe\" ") returned 0x54 [0279.159] CoTaskMemAlloc (cb=0x4) returned 0x989d90 [0279.159] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d90, puReturned=0x2f500f0 | out: apObjects=0x989d90*=0x9d8e48, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.161] IUnknown:QueryInterface (in: This=0x9d8e48, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d8e48) returned 0x0 [0279.161] IUnknown:QueryInterface (in: This=0x9d8e48, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.161] IUnknown:QueryInterface (in: This=0x9d8e48, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.161] IUnknown:QueryInterface (in: This=0x9d8e48, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.161] IUnknown:AddRef (This=0x9d8e48) returned 0x3 [0279.161] IUnknown:QueryInterface (in: This=0x9d8e48, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.161] IUnknown:QueryInterface (in: This=0x9d8e48, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.161] IUnknown:QueryInterface (in: This=0x9d8e48, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d8e4c) returned 0x0 [0279.162] IMarshal:GetUnmarshalClass (in: This=0x9d8e4c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.162] IUnknown:Release (This=0x9d8e4c) returned 0x3 [0279.162] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.162] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.162] IUnknown:QueryInterface (in: This=0x9d8e48, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.162] IUnknown:Release (This=0x9d8e48) returned 0x2 [0279.162] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.162] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.162] IUnknown:QueryInterface (in: This=0x9d8e48, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d8e48) returned 0x0 [0279.162] IUnknown:AddRef (This=0x9d8e48) returned 0x4 [0279.162] IUnknown:Release (This=0x9d8e48) returned 0x3 [0279.162] IUnknown:Release (This=0x9d8e48) returned 0x2 [0279.162] CoTaskMemFree (pv=0x989d90) [0279.162] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.162] IUnknown:AddRef (This=0x9d8e48) returned 0x3 [0279.162] IWbemClassObject:Get (in: This=0x9d8e48, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.163] IWbemClassObject:Get (in: This=0x9d8e48, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6048\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.163] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6048\"") returned 0x66 [0279.163] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6048\"") returned 0x66 [0279.163] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.163] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.163] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.163] IUnknown:Release (This=0x968724) returned 0x1 [0279.165] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e70) returned 0x0 [0279.165] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e70, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.165] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e70, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9ce728) returned 0x0 [0279.165] WbemDefPath:IUnknown:Release (This=0x989e70) returned 0x0 [0279.165] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce728, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9ce728) returned 0x0 [0279.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce728, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce728, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.166] WbemDefPath:IUnknown:AddRef (This=0x9ce728) returned 0x3 [0279.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce728, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce728, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce728, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9cb668) returned 0x0 [0279.166] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9cb668, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.166] WbemDefPath:IUnknown:Release (This=0x9cb668) returned 0x3 [0279.166] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.166] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.166] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce728, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.166] WbemDefPath:IUnknown:Release (This=0x9ce728) returned 0x2 [0279.166] WbemDefPath:IUnknown:Release (This=0x9ce728) returned 0x1 [0279.167] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.167] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.167] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce728, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9ce728) returned 0x0 [0279.167] WbemDefPath:IUnknown:AddRef (This=0x9ce728) returned 0x3 [0279.167] WbemDefPath:IUnknown:Release (This=0x9ce728) returned 0x2 [0279.167] WbemDefPath:IWbemPath:SetText (This=0x9ce728, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6048\"") returned 0x0 [0279.167] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.167] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.178] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.178] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.178] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.178] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.178] IWbemClassObject:Get (in: This=0x9d8e48, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8422c*=0, plFlavor=0x2f84230*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17a0, varVal2=0x0), pType=0x2f8422c*=19, plFlavor=0x2f84230*=0) returned 0x0 [0279.179] IWbemClassObject:Get (in: This=0x9d8e48, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8422c*=19, plFlavor=0x2f84230*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17a0, varVal2=0x0), pType=0x2f8422c*=19, plFlavor=0x2f84230*=0) returned 0x0 [0279.179] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.179] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.179] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.179] IWbemClassObject:Get (in: This=0x9d8e48, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f84330*=0, plFlavor=0x2f84334*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x2f84330*=8, plFlavor=0x2f84334*=0) returned 0x0 [0279.179] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0279.179] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0279.179] IWbemClassObject:Get (in: This=0x9d8e48, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f84330*=8, plFlavor=0x2f84334*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="aldelo.exe", varVal2=0x0), pType=0x2f84330*=8, plFlavor=0x2f84334*=0) returned 0x0 [0279.179] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0279.179] SysStringByteLen (bstr="aldelo.exe") returned 0x14 [0279.180] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.180] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.180] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.180] IWbemClassObject:Get (in: This=0x9d8e48, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8446c*=0, plFlavor=0x2f84470*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Multimedia Platform\\aldelo.exe\" ", varVal2=0x0), pType=0x2f8446c*=8, plFlavor=0x2f84470*=0) returned 0x0 [0279.180] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Multimedia Platform\\aldelo.exe\" ") returned 0x80 [0279.180] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Multimedia Platform\\aldelo.exe\" ") returned 0x80 [0279.180] IWbemClassObject:Get (in: This=0x9d8e48, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8446c*=8, plFlavor=0x2f84470*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Multimedia Platform\\aldelo.exe\" ", varVal2=0x0), pType=0x2f8446c*=8, plFlavor=0x2f84470*=0) returned 0x0 [0279.180] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Multimedia Platform\\aldelo.exe\" ") returned 0x80 [0279.180] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Multimedia Platform\\aldelo.exe\" ") returned 0x80 [0279.180] CoTaskMemAlloc (cb=0x4) returned 0x989d90 [0279.180] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d90, puReturned=0x2f500f0 | out: apObjects=0x989d90*=0x9d8650, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.181] IUnknown:QueryInterface (in: This=0x9d8650, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d8650) returned 0x0 [0279.182] IUnknown:QueryInterface (in: This=0x9d8650, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.182] IUnknown:QueryInterface (in: This=0x9d8650, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.182] IUnknown:QueryInterface (in: This=0x9d8650, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.182] IUnknown:AddRef (This=0x9d8650) returned 0x3 [0279.182] IUnknown:QueryInterface (in: This=0x9d8650, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.182] IUnknown:QueryInterface (in: This=0x9d8650, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.182] IUnknown:QueryInterface (in: This=0x9d8650, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d8654) returned 0x0 [0279.182] IMarshal:GetUnmarshalClass (in: This=0x9d8654, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.182] IUnknown:Release (This=0x9d8654) returned 0x3 [0279.182] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.183] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.183] IUnknown:QueryInterface (in: This=0x9d8650, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.183] IUnknown:Release (This=0x9d8650) returned 0x2 [0279.183] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.183] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.183] IUnknown:QueryInterface (in: This=0x9d8650, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d8650) returned 0x0 [0279.183] IUnknown:AddRef (This=0x9d8650) returned 0x4 [0279.183] IUnknown:Release (This=0x9d8650) returned 0x3 [0279.183] IUnknown:Release (This=0x9d8650) returned 0x2 [0279.184] CoTaskMemFree (pv=0x989d90) [0279.184] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.184] IUnknown:AddRef (This=0x9d8650) returned 0x3 [0279.184] IWbemClassObject:Get (in: This=0x9d8650, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.184] IWbemClassObject:Get (in: This=0x9d8650, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6056\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.184] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6056\"") returned 0x66 [0279.184] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6056\"") returned 0x66 [0279.184] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.185] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.185] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.185] IUnknown:Release (This=0x968724) returned 0x1 [0279.186] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989dd0) returned 0x0 [0279.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x989dd0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.187] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989dd0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9ce648) returned 0x0 [0279.187] WbemDefPath:IUnknown:Release (This=0x989dd0) returned 0x0 [0279.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce648, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9ce648) returned 0x0 [0279.187] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce648, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce648, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.188] WbemDefPath:IUnknown:AddRef (This=0x9ce648) returned 0x3 [0279.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce648, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce648, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce648, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9dacc8) returned 0x0 [0279.188] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9dacc8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.188] WbemDefPath:IUnknown:Release (This=0x9dacc8) returned 0x3 [0279.188] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.188] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce648, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.188] WbemDefPath:IUnknown:Release (This=0x9ce648) returned 0x2 [0279.188] WbemDefPath:IUnknown:Release (This=0x9ce648) returned 0x1 [0279.188] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.188] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.188] WbemDefPath:IUnknown:QueryInterface (in: This=0x9ce648, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9ce648) returned 0x0 [0279.188] WbemDefPath:IUnknown:AddRef (This=0x9ce648) returned 0x3 [0279.188] WbemDefPath:IUnknown:Release (This=0x9ce648) returned 0x2 [0279.189] WbemDefPath:IWbemPath:SetText (This=0x9ce648, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6056\"") returned 0x0 [0279.189] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.189] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.189] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.189] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.189] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.189] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.189] IWbemClassObject:Get (in: This=0x9d8650, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f85124*=0, plFlavor=0x2f85128*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17a8, varVal2=0x0), pType=0x2f85124*=19, plFlavor=0x2f85128*=0) returned 0x0 [0279.189] IWbemClassObject:Get (in: This=0x9d8650, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f85124*=19, plFlavor=0x2f85128*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17a8, varVal2=0x0), pType=0x2f85124*=19, plFlavor=0x2f85128*=0) returned 0x0 [0279.189] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.189] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.189] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.190] IWbemClassObject:Get (in: This=0x9d8650, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f85228*=0, plFlavor=0x2f8522c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x2f85228*=8, plFlavor=0x2f8522c*=0) returned 0x0 [0279.190] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0279.190] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0279.190] IWbemClassObject:Get (in: This=0x9d8650, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f85228*=8, plFlavor=0x2f8522c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="afr38.exe", varVal2=0x0), pType=0x2f85228*=8, plFlavor=0x2f8522c*=0) returned 0x0 [0279.190] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0279.190] SysStringByteLen (bstr="afr38.exe") returned 0x12 [0279.190] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.190] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.190] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.190] IWbemClassObject:Get (in: This=0x9d8650, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8535c*=0, plFlavor=0x2f85360*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Mail\\afr38.exe\" ", varVal2=0x0), pType=0x2f8535c*=8, plFlavor=0x2f85360*=0) returned 0x0 [0279.190] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Mail\\afr38.exe\" ") returned 0x54 [0279.190] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Mail\\afr38.exe\" ") returned 0x54 [0279.190] IWbemClassObject:Get (in: This=0x9d8650, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8535c*=8, plFlavor=0x2f85360*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Mail\\afr38.exe\" ", varVal2=0x0), pType=0x2f8535c*=8, plFlavor=0x2f85360*=0) returned 0x0 [0279.190] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Mail\\afr38.exe\" ") returned 0x54 [0279.190] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Mail\\afr38.exe\" ") returned 0x54 [0279.190] CoTaskMemAlloc (cb=0x4) returned 0x989e70 [0279.190] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e70, puReturned=0x2f500f0 | out: apObjects=0x989e70*=0x9d9310, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.192] IUnknown:QueryInterface (in: This=0x9d9310, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d9310) returned 0x0 [0279.192] IUnknown:QueryInterface (in: This=0x9d9310, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.192] IUnknown:QueryInterface (in: This=0x9d9310, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.192] IUnknown:QueryInterface (in: This=0x9d9310, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.192] IUnknown:AddRef (This=0x9d9310) returned 0x3 [0279.192] IUnknown:QueryInterface (in: This=0x9d9310, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.192] IUnknown:QueryInterface (in: This=0x9d9310, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.192] IUnknown:QueryInterface (in: This=0x9d9310, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d9314) returned 0x0 [0279.192] IMarshal:GetUnmarshalClass (in: This=0x9d9314, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.192] IUnknown:Release (This=0x9d9314) returned 0x3 [0279.192] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.193] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.193] IUnknown:QueryInterface (in: This=0x9d9310, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.193] IUnknown:Release (This=0x9d9310) returned 0x2 [0279.193] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.193] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.193] IUnknown:QueryInterface (in: This=0x9d9310, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d9310) returned 0x0 [0279.193] IUnknown:AddRef (This=0x9d9310) returned 0x4 [0279.193] IUnknown:Release (This=0x9d9310) returned 0x3 [0279.193] IUnknown:Release (This=0x9d9310) returned 0x2 [0279.193] CoTaskMemFree (pv=0x989e70) [0279.193] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.193] IUnknown:AddRef (This=0x9d9310) returned 0x3 [0279.193] IWbemClassObject:Get (in: This=0x9d9310, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.194] IWbemClassObject:Get (in: This=0x9d9310, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6068\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.194] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6068\"") returned 0x66 [0279.194] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6068\"") returned 0x66 [0279.194] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.194] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.194] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.194] IUnknown:Release (This=0x968724) returned 0x1 [0279.196] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d90) returned 0x0 [0279.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.197] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dd220) returned 0x0 [0279.197] WbemDefPath:IUnknown:Release (This=0x989d90) returned 0x0 [0279.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd220, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dd220) returned 0x0 [0279.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd220, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd220, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.197] WbemDefPath:IUnknown:AddRef (This=0x9dd220) returned 0x3 [0279.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd220, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.198] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd220, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.198] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd220, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9daab8) returned 0x0 [0279.198] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9daab8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.198] WbemDefPath:IUnknown:Release (This=0x9daab8) returned 0x3 [0279.198] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.198] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.198] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd220, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.198] WbemDefPath:IUnknown:Release (This=0x9dd220) returned 0x2 [0279.198] WbemDefPath:IUnknown:Release (This=0x9dd220) returned 0x1 [0279.198] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.198] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.198] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd220, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dd220) returned 0x0 [0279.198] WbemDefPath:IUnknown:AddRef (This=0x9dd220) returned 0x3 [0279.198] WbemDefPath:IUnknown:Release (This=0x9dd220) returned 0x2 [0279.198] WbemDefPath:IWbemPath:SetText (This=0x9dd220, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6068\"") returned 0x0 [0279.198] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.199] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.217] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.217] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.217] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.217] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.217] IWbemClassObject:Get (in: This=0x9d9310, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f85d84*=0, plFlavor=0x2f85d88*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17b4, varVal2=0x0), pType=0x2f85d84*=19, plFlavor=0x2f85d88*=0) returned 0x0 [0279.217] IWbemClassObject:Get (in: This=0x9d9310, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f85d84*=19, plFlavor=0x2f85d88*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17b4, varVal2=0x0), pType=0x2f85d84*=19, plFlavor=0x2f85d88*=0) returned 0x0 [0279.218] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.218] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.218] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.218] IWbemClassObject:Get (in: This=0x9d9310, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f85e88*=0, plFlavor=0x2f85e8c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x2f85e88*=8, plFlavor=0x2f85e8c*=0) returned 0x0 [0279.218] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0279.218] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0279.218] IWbemClassObject:Get (in: This=0x9d9310, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f85e88*=8, plFlavor=0x2f85e8c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ccv_server.exe", varVal2=0x0), pType=0x2f85e88*=8, plFlavor=0x2f85e8c*=0) returned 0x0 [0279.218] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0279.218] SysStringByteLen (bstr="ccv_server.exe") returned 0x1c [0279.218] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.218] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.218] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.218] IWbemClassObject:Get (in: This=0x9d9310, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f85fd4*=0, plFlavor=0x2f85fd8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\ccv_server.exe\" ", varVal2=0x0), pType=0x2f85fd4*=8, plFlavor=0x2f85fd8*=0) returned 0x0 [0279.218] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\ccv_server.exe\" ") returned 0x68 [0279.219] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\ccv_server.exe\" ") returned 0x68 [0279.219] IWbemClassObject:Get (in: This=0x9d9310, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f85fd4*=8, plFlavor=0x2f85fd8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Internet Explorer\\ccv_server.exe\" ", varVal2=0x0), pType=0x2f85fd4*=8, plFlavor=0x2f85fd8*=0) returned 0x0 [0279.219] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\ccv_server.exe\" ") returned 0x68 [0279.219] SysStringByteLen (bstr="\"C:\\Program Files\\Internet Explorer\\ccv_server.exe\" ") returned 0x68 [0279.219] CoTaskMemAlloc (cb=0x4) returned 0x989d20 [0279.219] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d20, puReturned=0x2f500f0 | out: apObjects=0x989d20*=0x9d97d8, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.220] IUnknown:QueryInterface (in: This=0x9d97d8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d97d8) returned 0x0 [0279.220] IUnknown:QueryInterface (in: This=0x9d97d8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.220] IUnknown:QueryInterface (in: This=0x9d97d8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.221] IUnknown:QueryInterface (in: This=0x9d97d8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.221] IUnknown:AddRef (This=0x9d97d8) returned 0x3 [0279.221] IUnknown:QueryInterface (in: This=0x9d97d8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.221] IUnknown:QueryInterface (in: This=0x9d97d8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.221] IUnknown:QueryInterface (in: This=0x9d97d8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d97dc) returned 0x0 [0279.221] IMarshal:GetUnmarshalClass (in: This=0x9d97dc, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.221] IUnknown:Release (This=0x9d97dc) returned 0x3 [0279.221] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.221] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.221] IUnknown:QueryInterface (in: This=0x9d97d8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.221] IUnknown:Release (This=0x9d97d8) returned 0x2 [0279.222] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.222] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.222] IUnknown:QueryInterface (in: This=0x9d97d8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d97d8) returned 0x0 [0279.222] IUnknown:AddRef (This=0x9d97d8) returned 0x4 [0279.222] IUnknown:Release (This=0x9d97d8) returned 0x3 [0279.222] IUnknown:Release (This=0x9d97d8) returned 0x2 [0279.222] CoTaskMemFree (pv=0x989d20) [0279.222] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.222] IUnknown:AddRef (This=0x9d97d8) returned 0x3 [0279.222] IWbemClassObject:Get (in: This=0x9d97d8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.222] IWbemClassObject:Get (in: This=0x9d97d8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6076\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.222] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6076\"") returned 0x66 [0279.223] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6076\"") returned 0x66 [0279.223] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.223] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.223] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.223] IUnknown:Release (This=0x968724) returned 0x1 [0279.224] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989dd0) returned 0x0 [0279.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x989dd0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.225] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989dd0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dcb20) returned 0x0 [0279.225] WbemDefPath:IUnknown:Release (This=0x989dd0) returned 0x0 [0279.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb20, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dcb20) returned 0x0 [0279.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb20, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb20, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.225] WbemDefPath:IUnknown:AddRef (This=0x9dcb20) returned 0x3 [0279.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb20, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb20, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.225] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb20, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9daf80) returned 0x0 [0279.225] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9daf80, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.226] WbemDefPath:IUnknown:Release (This=0x9daf80) returned 0x3 [0279.226] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.226] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb20, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.226] WbemDefPath:IUnknown:Release (This=0x9dcb20) returned 0x2 [0279.226] WbemDefPath:IUnknown:Release (This=0x9dcb20) returned 0x1 [0279.226] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.226] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.226] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb20, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dcb20) returned 0x0 [0279.226] WbemDefPath:IUnknown:AddRef (This=0x9dcb20) returned 0x3 [0279.226] WbemDefPath:IUnknown:Release (This=0x9dcb20) returned 0x2 [0279.226] WbemDefPath:IWbemPath:SetText (This=0x9dcb20, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6076\"") returned 0x0 [0279.226] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.226] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.226] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.226] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.226] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.226] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.226] IWbemClassObject:Get (in: This=0x9d97d8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f86a4c*=0, plFlavor=0x2f86a50*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17bc, varVal2=0x0), pType=0x2f86a4c*=19, plFlavor=0x2f86a50*=0) returned 0x0 [0279.227] IWbemClassObject:Get (in: This=0x9d97d8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f86a4c*=19, plFlavor=0x2f86a50*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17bc, varVal2=0x0), pType=0x2f86a4c*=19, plFlavor=0x2f86a50*=0) returned 0x0 [0279.227] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.227] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.227] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.227] IWbemClassObject:Get (in: This=0x9d97d8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f86b50*=0, plFlavor=0x2f86b54*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x2f86b50*=8, plFlavor=0x2f86b54*=0) returned 0x0 [0279.227] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0279.227] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0279.227] IWbemClassObject:Get (in: This=0x9d97d8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f86b50*=8, plFlavor=0x2f86b54*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="centralcreditcard.exe", varVal2=0x0), pType=0x2f86b50*=8, plFlavor=0x2f86b54*=0) returned 0x0 [0279.227] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0279.227] SysStringByteLen (bstr="centralcreditcard.exe") returned 0x2a [0279.227] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.227] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.227] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.228] IWbemClassObject:Get (in: This=0x9d97d8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f86cb4*=0, plFlavor=0x2f86cb8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Sidebar\\centralcreditcard.exe\" ", varVal2=0x0), pType=0x2f86cb4*=8, plFlavor=0x2f86cb8*=0) returned 0x0 [0279.228] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Sidebar\\centralcreditcard.exe\" ") returned 0x7e [0279.228] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Sidebar\\centralcreditcard.exe\" ") returned 0x7e [0279.228] IWbemClassObject:Get (in: This=0x9d97d8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f86cb4*=8, plFlavor=0x2f86cb8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows Sidebar\\centralcreditcard.exe\" ", varVal2=0x0), pType=0x2f86cb4*=8, plFlavor=0x2f86cb8*=0) returned 0x0 [0279.228] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Sidebar\\centralcreditcard.exe\" ") returned 0x7e [0279.228] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows Sidebar\\centralcreditcard.exe\" ") returned 0x7e [0279.228] CoTaskMemAlloc (cb=0x4) returned 0x989d30 [0279.228] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d30, puReturned=0x2f500f0 | out: apObjects=0x989d30*=0x9d87e8, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.231] IUnknown:QueryInterface (in: This=0x9d87e8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d87e8) returned 0x0 [0279.231] IUnknown:QueryInterface (in: This=0x9d87e8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.231] IUnknown:QueryInterface (in: This=0x9d87e8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.231] IUnknown:QueryInterface (in: This=0x9d87e8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.232] IUnknown:AddRef (This=0x9d87e8) returned 0x3 [0279.232] IUnknown:QueryInterface (in: This=0x9d87e8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.232] IUnknown:QueryInterface (in: This=0x9d87e8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.232] IUnknown:QueryInterface (in: This=0x9d87e8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d87ec) returned 0x0 [0279.232] IMarshal:GetUnmarshalClass (in: This=0x9d87ec, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.232] IUnknown:Release (This=0x9d87ec) returned 0x3 [0279.232] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.232] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.232] IUnknown:QueryInterface (in: This=0x9d87e8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.232] IUnknown:Release (This=0x9d87e8) returned 0x2 [0279.232] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.232] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.232] IUnknown:QueryInterface (in: This=0x9d87e8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d87e8) returned 0x0 [0279.232] IUnknown:AddRef (This=0x9d87e8) returned 0x4 [0279.232] IUnknown:Release (This=0x9d87e8) returned 0x3 [0279.232] IUnknown:Release (This=0x9d87e8) returned 0x2 [0279.232] CoTaskMemFree (pv=0x989d30) [0279.232] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.233] IUnknown:AddRef (This=0x9d87e8) returned 0x3 [0279.233] IWbemClassObject:Get (in: This=0x9d87e8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.233] IWbemClassObject:Get (in: This=0x9d87e8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6084\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.233] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6084\"") returned 0x66 [0279.233] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6084\"") returned 0x66 [0279.233] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.234] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.234] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.234] IUnknown:Release (This=0x968724) returned 0x1 [0279.235] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e50) returned 0x0 [0279.235] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e50, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.236] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e50, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dcf80) returned 0x0 [0279.236] WbemDefPath:IUnknown:Release (This=0x989e50) returned 0x0 [0279.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcf80, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dcf80) returned 0x0 [0279.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcf80, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcf80, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.236] WbemDefPath:IUnknown:AddRef (This=0x9dcf80) returned 0x3 [0279.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcf80, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcf80, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.236] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcf80, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9daf20) returned 0x0 [0279.236] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9daf20, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.236] WbemDefPath:IUnknown:Release (This=0x9daf20) returned 0x3 [0279.236] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.237] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.237] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcf80, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.237] WbemDefPath:IUnknown:Release (This=0x9dcf80) returned 0x2 [0279.237] WbemDefPath:IUnknown:Release (This=0x9dcf80) returned 0x1 [0279.237] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.237] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.237] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcf80, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dcf80) returned 0x0 [0279.237] WbemDefPath:IUnknown:AddRef (This=0x9dcf80) returned 0x3 [0279.237] WbemDefPath:IUnknown:Release (This=0x9dcf80) returned 0x2 [0279.237] WbemDefPath:IWbemPath:SetText (This=0x9dcf80, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6084\"") returned 0x0 [0279.237] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.237] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.237] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.237] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.237] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.237] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.237] IWbemClassObject:Get (in: This=0x9d87e8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8776c*=0, plFlavor=0x2f87770*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17c4, varVal2=0x0), pType=0x2f8776c*=19, plFlavor=0x2f87770*=0) returned 0x0 [0279.238] IWbemClassObject:Get (in: This=0x9d87e8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8776c*=19, plFlavor=0x2f87770*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17c4, varVal2=0x0), pType=0x2f8776c*=19, plFlavor=0x2f87770*=0) returned 0x0 [0279.238] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.238] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.238] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.238] IWbemClassObject:Get (in: This=0x9d87e8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f87870*=0, plFlavor=0x2f87874*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x2f87870*=8, plFlavor=0x2f87874*=0) returned 0x0 [0279.238] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0279.238] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0279.238] IWbemClassObject:Get (in: This=0x9d87e8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f87870*=8, plFlavor=0x2f87874*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="creditservice.exe", varVal2=0x0), pType=0x2f87870*=8, plFlavor=0x2f87874*=0) returned 0x0 [0279.238] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0279.238] SysStringByteLen (bstr="creditservice.exe") returned 0x22 [0279.238] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.238] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.239] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.239] IWbemClassObject:Get (in: This=0x9d87e8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f879c4*=0, plFlavor=0x2f879c8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft\\creditservice.exe\" ", varVal2=0x0), pType=0x2f879c4*=8, plFlavor=0x2f879c8*=0) returned 0x0 [0279.239] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft\\creditservice.exe\" ") returned 0x6a [0279.239] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft\\creditservice.exe\" ") returned 0x6a [0279.239] IWbemClassObject:Get (in: This=0x9d87e8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f879c4*=8, plFlavor=0x2f879c8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft\\creditservice.exe\" ", varVal2=0x0), pType=0x2f879c4*=8, plFlavor=0x2f879c8*=0) returned 0x0 [0279.239] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft\\creditservice.exe\" ") returned 0x6a [0279.239] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft\\creditservice.exe\" ") returned 0x6a [0279.239] CoTaskMemAlloc (cb=0x4) returned 0x989e30 [0279.239] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e30, puReturned=0x2f500f0 | out: apObjects=0x989e30*=0x9d8fe0, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.240] IUnknown:QueryInterface (in: This=0x9d8fe0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d8fe0) returned 0x0 [0279.241] IUnknown:QueryInterface (in: This=0x9d8fe0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.241] IUnknown:QueryInterface (in: This=0x9d8fe0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.241] IUnknown:QueryInterface (in: This=0x9d8fe0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.241] IUnknown:AddRef (This=0x9d8fe0) returned 0x3 [0279.241] IUnknown:QueryInterface (in: This=0x9d8fe0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.241] IUnknown:QueryInterface (in: This=0x9d8fe0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.241] IUnknown:QueryInterface (in: This=0x9d8fe0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d8fe4) returned 0x0 [0279.241] IMarshal:GetUnmarshalClass (in: This=0x9d8fe4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.241] IUnknown:Release (This=0x9d8fe4) returned 0x3 [0279.241] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.241] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.241] IUnknown:QueryInterface (in: This=0x9d8fe0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.241] IUnknown:Release (This=0x9d8fe0) returned 0x2 [0279.241] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.241] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.241] IUnknown:QueryInterface (in: This=0x9d8fe0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d8fe0) returned 0x0 [0279.242] IUnknown:AddRef (This=0x9d8fe0) returned 0x4 [0279.242] IUnknown:Release (This=0x9d8fe0) returned 0x3 [0279.242] IUnknown:Release (This=0x9d8fe0) returned 0x2 [0279.242] CoTaskMemFree (pv=0x989e30) [0279.242] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.242] IUnknown:AddRef (This=0x9d8fe0) returned 0x3 [0279.242] IWbemClassObject:Get (in: This=0x9d8fe0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.242] IWbemClassObject:Get (in: This=0x9d8fe0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6104\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.242] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6104\"") returned 0x66 [0279.242] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6104\"") returned 0x66 [0279.243] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.243] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.243] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.243] IUnknown:Release (This=0x968724) returned 0x1 [0279.245] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d90) returned 0x0 [0279.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.245] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dd530) returned 0x0 [0279.245] WbemDefPath:IUnknown:Release (This=0x989d90) returned 0x0 [0279.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd530, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dd530) returned 0x0 [0279.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd530, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.245] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd530, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.248] WbemDefPath:IUnknown:AddRef (This=0x9dd530) returned 0x3 [0279.248] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd530, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.248] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd530, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.248] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd530, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9db2e0) returned 0x0 [0279.248] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9db2e0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.248] WbemDefPath:IUnknown:Release (This=0x9db2e0) returned 0x3 [0279.248] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.248] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.248] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd530, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.249] WbemDefPath:IUnknown:Release (This=0x9dd530) returned 0x2 [0279.249] WbemDefPath:IUnknown:Release (This=0x9dd530) returned 0x1 [0279.249] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.249] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.249] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd530, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dd530) returned 0x0 [0279.249] WbemDefPath:IUnknown:AddRef (This=0x9dd530) returned 0x3 [0279.249] WbemDefPath:IUnknown:Release (This=0x9dd530) returned 0x2 [0279.249] WbemDefPath:IWbemPath:SetText (This=0x9dd530, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6104\"") returned 0x0 [0279.249] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.249] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.249] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.250] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.250] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.250] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.250] IWbemClassObject:Get (in: This=0x9d8fe0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f88444*=0, plFlavor=0x2f88448*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17d8, varVal2=0x0), pType=0x2f88444*=19, plFlavor=0x2f88448*=0) returned 0x0 [0279.250] IWbemClassObject:Get (in: This=0x9d8fe0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f88444*=19, plFlavor=0x2f88448*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17d8, varVal2=0x0), pType=0x2f88444*=19, plFlavor=0x2f88448*=0) returned 0x0 [0279.250] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.250] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.250] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.250] IWbemClassObject:Get (in: This=0x9d8fe0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f88548*=0, plFlavor=0x2f8854c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="edcsvr.exe", varVal2=0x0), pType=0x2f88548*=8, plFlavor=0x2f8854c*=0) returned 0x0 [0279.250] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0279.251] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0279.251] IWbemClassObject:Get (in: This=0x9d8fe0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f88548*=8, plFlavor=0x2f8854c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="edcsvr.exe", varVal2=0x0), pType=0x2f88548*=8, plFlavor=0x2f8854c*=0) returned 0x0 [0279.251] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0279.251] SysStringByteLen (bstr="edcsvr.exe") returned 0x14 [0279.251] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.251] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.251] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.251] IWbemClassObject:Get (in: This=0x9d8fe0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f88684*=0, plFlavor=0x2f88688*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows NT\\edcsvr.exe\" ", varVal2=0x0), pType=0x2f88684*=8, plFlavor=0x2f88688*=0) returned 0x0 [0279.251] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows NT\\edcsvr.exe\" ") returned 0x5e [0279.251] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows NT\\edcsvr.exe\" ") returned 0x5e [0279.251] IWbemClassObject:Get (in: This=0x9d8fe0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f88684*=8, plFlavor=0x2f88688*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Windows NT\\edcsvr.exe\" ", varVal2=0x0), pType=0x2f88684*=8, plFlavor=0x2f88688*=0) returned 0x0 [0279.251] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows NT\\edcsvr.exe\" ") returned 0x5e [0279.251] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Windows NT\\edcsvr.exe\" ") returned 0x5e [0279.251] CoTaskMemAlloc (cb=0x4) returned 0x989d20 [0279.251] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d20, puReturned=0x2f500f0 | out: apObjects=0x989d20*=0x9d8980, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.253] IUnknown:QueryInterface (in: This=0x9d8980, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d8980) returned 0x0 [0279.253] IUnknown:QueryInterface (in: This=0x9d8980, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.253] IUnknown:QueryInterface (in: This=0x9d8980, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.253] IUnknown:QueryInterface (in: This=0x9d8980, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.253] IUnknown:AddRef (This=0x9d8980) returned 0x3 [0279.253] IUnknown:QueryInterface (in: This=0x9d8980, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.253] IUnknown:QueryInterface (in: This=0x9d8980, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.253] IUnknown:QueryInterface (in: This=0x9d8980, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d8984) returned 0x0 [0279.253] IMarshal:GetUnmarshalClass (in: This=0x9d8984, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.253] IUnknown:Release (This=0x9d8984) returned 0x3 [0279.254] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.254] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.254] IUnknown:QueryInterface (in: This=0x9d8980, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.254] IUnknown:Release (This=0x9d8980) returned 0x2 [0279.254] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.254] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.254] IUnknown:QueryInterface (in: This=0x9d8980, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d8980) returned 0x0 [0279.254] IUnknown:AddRef (This=0x9d8980) returned 0x4 [0279.254] IUnknown:Release (This=0x9d8980) returned 0x3 [0279.254] IUnknown:Release (This=0x9d8980) returned 0x2 [0279.254] CoTaskMemFree (pv=0x989d20) [0279.254] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.254] IUnknown:AddRef (This=0x9d8980) returned 0x3 [0279.254] IWbemClassObject:Get (in: This=0x9d8980, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.255] IWbemClassObject:Get (in: This=0x9d8980, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6116\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.255] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6116\"") returned 0x66 [0279.255] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6116\"") returned 0x66 [0279.255] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.255] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.255] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.255] IUnknown:Release (This=0x968724) returned 0x1 [0279.257] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989cf0) returned 0x0 [0279.257] WbemDefPath:IUnknown:QueryInterface (in: This=0x989cf0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.257] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989cf0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dd5a0) returned 0x0 [0279.257] WbemDefPath:IUnknown:Release (This=0x989cf0) returned 0x0 [0279.257] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd5a0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dd5a0) returned 0x0 [0279.257] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd5a0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.257] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd5a0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.258] WbemDefPath:IUnknown:AddRef (This=0x9dd5a0) returned 0x3 [0279.258] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd5a0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.258] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd5a0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.258] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd5a0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9db2f8) returned 0x0 [0279.258] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9db2f8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.258] WbemDefPath:IUnknown:Release (This=0x9db2f8) returned 0x3 [0279.258] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.258] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.258] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd5a0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.258] WbemDefPath:IUnknown:Release (This=0x9dd5a0) returned 0x2 [0279.258] WbemDefPath:IUnknown:Release (This=0x9dd5a0) returned 0x1 [0279.258] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.258] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.258] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd5a0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dd5a0) returned 0x0 [0279.258] WbemDefPath:IUnknown:AddRef (This=0x9dd5a0) returned 0x3 [0279.258] WbemDefPath:IUnknown:Release (This=0x9dd5a0) returned 0x2 [0279.258] WbemDefPath:IWbemPath:SetText (This=0x9dd5a0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6116\"") returned 0x0 [0279.258] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.258] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.258] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.259] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.259] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.259] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.259] IWbemClassObject:Get (in: This=0x9d8980, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f890c8*=0, plFlavor=0x2f890cc*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17e4, varVal2=0x0), pType=0x2f890c8*=19, plFlavor=0x2f890cc*=0) returned 0x0 [0279.259] IWbemClassObject:Get (in: This=0x9d8980, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f890c8*=19, plFlavor=0x2f890cc*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17e4, varVal2=0x0), pType=0x2f890c8*=19, plFlavor=0x2f890cc*=0) returned 0x0 [0279.259] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.259] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.259] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.259] IWbemClassObject:Get (in: This=0x9d8980, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f891cc*=0, plFlavor=0x2f891d0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x2f891cc*=8, plFlavor=0x2f891d0*=0) returned 0x0 [0279.259] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0279.259] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0279.260] IWbemClassObject:Get (in: This=0x9d8980, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f891cc*=8, plFlavor=0x2f891d0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="mxslipstream.exe", varVal2=0x0), pType=0x2f891cc*=8, plFlavor=0x2f891d0*=0) returned 0x0 [0279.260] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0279.260] SysStringByteLen (bstr="mxslipstream.exe") returned 0x20 [0279.260] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.260] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.260] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.260] IWbemClassObject:Get (in: This=0x9d8980, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f89320*=0, plFlavor=0x2f89324*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Java\\mxslipstream.exe\" ", varVal2=0x0), pType=0x2f89320*=8, plFlavor=0x2f89324*=0) returned 0x0 [0279.260] SysStringByteLen (bstr="\"C:\\Program Files\\Java\\mxslipstream.exe\" ") returned 0x52 [0279.260] SysStringByteLen (bstr="\"C:\\Program Files\\Java\\mxslipstream.exe\" ") returned 0x52 [0279.260] IWbemClassObject:Get (in: This=0x9d8980, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f89320*=8, plFlavor=0x2f89324*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Java\\mxslipstream.exe\" ", varVal2=0x0), pType=0x2f89320*=8, plFlavor=0x2f89324*=0) returned 0x0 [0279.260] SysStringByteLen (bstr="\"C:\\Program Files\\Java\\mxslipstream.exe\" ") returned 0x52 [0279.260] SysStringByteLen (bstr="\"C:\\Program Files\\Java\\mxslipstream.exe\" ") returned 0x52 [0279.260] CoTaskMemAlloc (cb=0x4) returned 0x989dd0 [0279.260] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989dd0, puReturned=0x2f500f0 | out: apObjects=0x989dd0*=0x9d8cb0, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.262] IUnknown:QueryInterface (in: This=0x9d8cb0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d8cb0) returned 0x0 [0279.263] IUnknown:QueryInterface (in: This=0x9d8cb0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.263] IUnknown:QueryInterface (in: This=0x9d8cb0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.263] IUnknown:QueryInterface (in: This=0x9d8cb0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.263] IUnknown:AddRef (This=0x9d8cb0) returned 0x3 [0279.263] IUnknown:QueryInterface (in: This=0x9d8cb0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.263] IUnknown:QueryInterface (in: This=0x9d8cb0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.263] IUnknown:QueryInterface (in: This=0x9d8cb0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d8cb4) returned 0x0 [0279.263] IMarshal:GetUnmarshalClass (in: This=0x9d8cb4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.263] IUnknown:Release (This=0x9d8cb4) returned 0x3 [0279.263] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.264] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.264] IUnknown:QueryInterface (in: This=0x9d8cb0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.264] IUnknown:Release (This=0x9d8cb0) returned 0x2 [0279.264] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.264] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.264] IUnknown:QueryInterface (in: This=0x9d8cb0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d8cb0) returned 0x0 [0279.264] IUnknown:AddRef (This=0x9d8cb0) returned 0x4 [0279.264] IUnknown:Release (This=0x9d8cb0) returned 0x3 [0279.264] IUnknown:Release (This=0x9d8cb0) returned 0x2 [0279.264] CoTaskMemFree (pv=0x989dd0) [0279.264] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.264] IUnknown:AddRef (This=0x9d8cb0) returned 0x3 [0279.264] IWbemClassObject:Get (in: This=0x9d8cb0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.265] IWbemClassObject:Get (in: This=0x9d8cb0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6128\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.265] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6128\"") returned 0x66 [0279.265] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6128\"") returned 0x66 [0279.265] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.265] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.265] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.265] IUnknown:Release (This=0x968724) returned 0x1 [0279.267] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989ce0) returned 0x0 [0279.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ce0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.267] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ce0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dd450) returned 0x0 [0279.267] WbemDefPath:IUnknown:Release (This=0x989ce0) returned 0x0 [0279.267] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd450, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dd450) returned 0x0 [0279.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd450, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd450, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.268] WbemDefPath:IUnknown:AddRef (This=0x9dd450) returned 0x3 [0279.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd450, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd450, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd450, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9db4a8) returned 0x0 [0279.268] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9db4a8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.268] WbemDefPath:IUnknown:Release (This=0x9db4a8) returned 0x3 [0279.268] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.268] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd450, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.268] WbemDefPath:IUnknown:Release (This=0x9dd450) returned 0x2 [0279.268] WbemDefPath:IUnknown:Release (This=0x9dd450) returned 0x1 [0279.268] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.268] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.268] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd450, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dd450) returned 0x0 [0279.269] WbemDefPath:IUnknown:AddRef (This=0x9dd450) returned 0x3 [0279.269] WbemDefPath:IUnknown:Release (This=0x9dd450) returned 0x2 [0279.269] WbemDefPath:IWbemPath:SetText (This=0x9dd450, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6128\"") returned 0x0 [0279.269] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.269] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.269] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.269] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.269] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.269] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.269] IWbemClassObject:Get (in: This=0x9d8cb0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f89d4c*=0, plFlavor=0x2f89d50*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17f0, varVal2=0x0), pType=0x2f89d4c*=19, plFlavor=0x2f89d50*=0) returned 0x0 [0279.269] IWbemClassObject:Get (in: This=0x9d8cb0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f89d4c*=19, plFlavor=0x2f89d50*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17f0, varVal2=0x0), pType=0x2f89d4c*=19, plFlavor=0x2f89d50*=0) returned 0x0 [0279.269] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.269] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.269] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.270] IWbemClassObject:Get (in: This=0x9d8cb0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f89e50*=0, plFlavor=0x2f89e54*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fpos.exe", varVal2=0x0), pType=0x2f89e50*=8, plFlavor=0x2f89e54*=0) returned 0x0 [0279.270] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0279.270] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0279.270] IWbemClassObject:Get (in: This=0x9d8cb0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f89e50*=8, plFlavor=0x2f89e54*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="fpos.exe", varVal2=0x0), pType=0x2f89e50*=8, plFlavor=0x2f89e54*=0) returned 0x0 [0279.270] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0279.270] SysStringByteLen (bstr="fpos.exe") returned 0x10 [0279.270] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.270] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.270] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.270] IWbemClassObject:Get (in: This=0x9d8cb0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f89f84*=0, plFlavor=0x2f89f88*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\WindowsPowerShell\\fpos.exe\" ", varVal2=0x0), pType=0x2f89f84*=8, plFlavor=0x2f89f88*=0) returned 0x0 [0279.270] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\WindowsPowerShell\\fpos.exe\" ") returned 0x68 [0279.271] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\WindowsPowerShell\\fpos.exe\" ") returned 0x68 [0279.271] IWbemClassObject:Get (in: This=0x9d8cb0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f89f84*=8, plFlavor=0x2f89f88*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\WindowsPowerShell\\fpos.exe\" ", varVal2=0x0), pType=0x2f89f84*=8, plFlavor=0x2f89f88*=0) returned 0x0 [0279.271] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\WindowsPowerShell\\fpos.exe\" ") returned 0x68 [0279.271] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\WindowsPowerShell\\fpos.exe\" ") returned 0x68 [0279.271] CoTaskMemAlloc (cb=0x4) returned 0x989d90 [0279.271] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d90, puReturned=0x2f500f0 | out: apObjects=0x989d90*=0x9d7ff0, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.272] IUnknown:QueryInterface (in: This=0x9d7ff0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d7ff0) returned 0x0 [0279.272] IUnknown:QueryInterface (in: This=0x9d7ff0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.272] IUnknown:QueryInterface (in: This=0x9d7ff0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.272] IUnknown:QueryInterface (in: This=0x9d7ff0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.273] IUnknown:AddRef (This=0x9d7ff0) returned 0x3 [0279.273] IUnknown:QueryInterface (in: This=0x9d7ff0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.273] IUnknown:QueryInterface (in: This=0x9d7ff0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.273] IUnknown:QueryInterface (in: This=0x9d7ff0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d7ff4) returned 0x0 [0279.273] IMarshal:GetUnmarshalClass (in: This=0x9d7ff4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.273] IUnknown:Release (This=0x9d7ff4) returned 0x3 [0279.273] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.273] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.273] IUnknown:QueryInterface (in: This=0x9d7ff0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.273] IUnknown:Release (This=0x9d7ff0) returned 0x2 [0279.273] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.273] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.274] IUnknown:QueryInterface (in: This=0x9d7ff0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d7ff0) returned 0x0 [0279.274] IUnknown:AddRef (This=0x9d7ff0) returned 0x4 [0279.274] IUnknown:Release (This=0x9d7ff0) returned 0x3 [0279.274] IUnknown:Release (This=0x9d7ff0) returned 0x2 [0279.274] CoTaskMemFree (pv=0x989d90) [0279.274] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.274] IUnknown:AddRef (This=0x9d7ff0) returned 0x3 [0279.274] IWbemClassObject:Get (in: This=0x9d7ff0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.274] IWbemClassObject:Get (in: This=0x9d7ff0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6140\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.275] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6140\"") returned 0x66 [0279.275] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6140\"") returned 0x66 [0279.275] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.275] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.275] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.275] IUnknown:Release (This=0x968724) returned 0x1 [0279.277] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e50) returned 0x0 [0279.287] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e50, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.287] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e50, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dd7d0) returned 0x0 [0279.287] WbemDefPath:IUnknown:Release (This=0x989e50) returned 0x0 [0279.288] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd7d0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dd7d0) returned 0x0 [0279.288] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd7d0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.288] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd7d0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.288] WbemDefPath:IUnknown:AddRef (This=0x9dd7d0) returned 0x3 [0279.288] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd7d0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.288] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd7d0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.288] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd7d0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9db550) returned 0x0 [0279.288] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9db550, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.288] WbemDefPath:IUnknown:Release (This=0x9db550) returned 0x3 [0279.288] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.288] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.289] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd7d0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.289] WbemDefPath:IUnknown:Release (This=0x9dd7d0) returned 0x2 [0279.289] WbemDefPath:IUnknown:Release (This=0x9dd7d0) returned 0x1 [0279.289] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.289] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.289] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd7d0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dd7d0) returned 0x0 [0279.289] WbemDefPath:IUnknown:AddRef (This=0x9dd7d0) returned 0x3 [0279.289] WbemDefPath:IUnknown:Release (This=0x9dd7d0) returned 0x2 [0279.289] WbemDefPath:IWbemPath:SetText (This=0x9dd7d0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"6140\"") returned 0x0 [0279.289] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.289] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.289] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.289] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.289] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.289] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.289] IWbemClassObject:Get (in: This=0x9d7ff0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8a9f0*=0, plFlavor=0x2f8a9f4*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17fc, varVal2=0x0), pType=0x2f8a9f0*=19, plFlavor=0x2f8a9f4*=0) returned 0x0 [0279.290] IWbemClassObject:Get (in: This=0x9d7ff0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8a9f0*=19, plFlavor=0x2f8a9f4*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x17fc, varVal2=0x0), pType=0x2f8a9f0*=19, plFlavor=0x2f8a9f4*=0) returned 0x0 [0279.290] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.290] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.290] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.290] IWbemClassObject:Get (in: This=0x9d7ff0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8aaf4*=0, plFlavor=0x2f8aaf8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x2f8aaf4*=8, plFlavor=0x2f8aaf8*=0) returned 0x0 [0279.290] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0279.290] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0279.290] IWbemClassObject:Get (in: This=0x9d7ff0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8aaf4*=8, plFlavor=0x2f8aaf8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="isspos.exe", varVal2=0x0), pType=0x2f8aaf4*=8, plFlavor=0x2f8aaf8*=0) returned 0x0 [0279.290] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0279.290] SysStringByteLen (bstr="isspos.exe") returned 0x14 [0279.290] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.290] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.290] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.291] IWbemClassObject:Get (in: This=0x9d7ff0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8ac30*=0, plFlavor=0x2f8ac34*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\WindowsPowerShell\\isspos.exe\" ", varVal2=0x0), pType=0x2f8ac30*=8, plFlavor=0x2f8ac34*=0) returned 0x0 [0279.291] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\WindowsPowerShell\\isspos.exe\" ") returned 0x6c [0279.291] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\WindowsPowerShell\\isspos.exe\" ") returned 0x6c [0279.291] IWbemClassObject:Get (in: This=0x9d7ff0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8ac30*=8, plFlavor=0x2f8ac34*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\WindowsPowerShell\\isspos.exe\" ", varVal2=0x0), pType=0x2f8ac30*=8, plFlavor=0x2f8ac34*=0) returned 0x0 [0279.291] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\WindowsPowerShell\\isspos.exe\" ") returned 0x6c [0279.291] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\WindowsPowerShell\\isspos.exe\" ") returned 0x6c [0279.291] CoTaskMemAlloc (cb=0x4) returned 0x989d90 [0279.291] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d90, puReturned=0x2f500f0 | out: apObjects=0x989d90*=0x9d94a8, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.292] IUnknown:QueryInterface (in: This=0x9d94a8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d94a8) returned 0x0 [0279.294] IUnknown:QueryInterface (in: This=0x9d94a8, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.294] IUnknown:QueryInterface (in: This=0x9d94a8, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.294] IUnknown:QueryInterface (in: This=0x9d94a8, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.294] IUnknown:AddRef (This=0x9d94a8) returned 0x3 [0279.294] IUnknown:QueryInterface (in: This=0x9d94a8, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.294] IUnknown:QueryInterface (in: This=0x9d94a8, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.294] IUnknown:QueryInterface (in: This=0x9d94a8, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d94ac) returned 0x0 [0279.294] IMarshal:GetUnmarshalClass (in: This=0x9d94ac, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.294] IUnknown:Release (This=0x9d94ac) returned 0x3 [0279.295] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.295] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.295] IUnknown:QueryInterface (in: This=0x9d94a8, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.295] IUnknown:Release (This=0x9d94a8) returned 0x2 [0279.295] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.295] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.295] IUnknown:QueryInterface (in: This=0x9d94a8, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d94a8) returned 0x0 [0279.295] IUnknown:AddRef (This=0x9d94a8) returned 0x4 [0279.295] IUnknown:Release (This=0x9d94a8) returned 0x3 [0279.295] IUnknown:Release (This=0x9d94a8) returned 0x2 [0279.295] CoTaskMemFree (pv=0x989d90) [0279.295] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.295] IUnknown:AddRef (This=0x9d94a8) returned 0x3 [0279.295] IWbemClassObject:Get (in: This=0x9d94a8, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.296] IWbemClassObject:Get (in: This=0x9d94a8, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2296\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.296] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2296\"") returned 0x66 [0279.296] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2296\"") returned 0x66 [0279.296] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.296] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.296] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.296] IUnknown:Release (This=0x968724) returned 0x1 [0279.298] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d20) returned 0x0 [0279.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d20, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.298] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d20, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dd1b0) returned 0x0 [0279.298] WbemDefPath:IUnknown:Release (This=0x989d20) returned 0x0 [0279.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd1b0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dd1b0) returned 0x0 [0279.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd1b0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.298] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd1b0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.299] WbemDefPath:IUnknown:AddRef (This=0x9dd1b0) returned 0x3 [0279.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd1b0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd1b0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd1b0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9db8c8) returned 0x0 [0279.299] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9db8c8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.299] WbemDefPath:IUnknown:Release (This=0x9db8c8) returned 0x3 [0279.299] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.299] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd1b0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.299] WbemDefPath:IUnknown:Release (This=0x9dd1b0) returned 0x2 [0279.299] WbemDefPath:IUnknown:Release (This=0x9dd1b0) returned 0x1 [0279.299] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.299] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.299] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd1b0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dd1b0) returned 0x0 [0279.299] WbemDefPath:IUnknown:AddRef (This=0x9dd1b0) returned 0x3 [0279.299] WbemDefPath:IUnknown:Release (This=0x9dd1b0) returned 0x2 [0279.299] WbemDefPath:IWbemPath:SetText (This=0x9dd1b0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2296\"") returned 0x0 [0279.299] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.299] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.300] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.300] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.300] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.300] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.300] IWbemClassObject:Get (in: This=0x9d94a8, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8b6a0*=0, plFlavor=0x2f8b6a4*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8f8, varVal2=0x0), pType=0x2f8b6a0*=19, plFlavor=0x2f8b6a4*=0) returned 0x0 [0279.300] IWbemClassObject:Get (in: This=0x9d94a8, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8b6a0*=19, plFlavor=0x2f8b6a4*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x8f8, varVal2=0x0), pType=0x2f8b6a0*=19, plFlavor=0x2f8b6a4*=0) returned 0x0 [0279.300] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.300] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.300] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.300] IWbemClassObject:Get (in: This=0x9d94a8, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8b7a4*=0, plFlavor=0x2f8b7a8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x2f8b7a4*=8, plFlavor=0x2f8b7a8*=0) returned 0x0 [0279.300] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0279.300] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0279.301] IWbemClassObject:Get (in: This=0x9d94a8, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8b7a4*=8, plFlavor=0x2f8b7a8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spcwin.exe", varVal2=0x0), pType=0x2f8b7a4*=8, plFlavor=0x2f8b7a8*=0) returned 0x0 [0279.301] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0279.301] SysStringByteLen (bstr="spcwin.exe") returned 0x14 [0279.301] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.301] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.301] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.301] IWbemClassObject:Get (in: This=0x9d94a8, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8b8e0*=0, plFlavor=0x2f8b8e4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\WindowsPowerShell\\spcwin.exe\" ", varVal2=0x0), pType=0x2f8b8e0*=8, plFlavor=0x2f8b8e4*=0) returned 0x0 [0279.301] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\WindowsPowerShell\\spcwin.exe\" ") returned 0x6c [0279.301] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\WindowsPowerShell\\spcwin.exe\" ") returned 0x6c [0279.301] IWbemClassObject:Get (in: This=0x9d94a8, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8b8e0*=8, plFlavor=0x2f8b8e4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\WindowsPowerShell\\spcwin.exe\" ", varVal2=0x0), pType=0x2f8b8e0*=8, plFlavor=0x2f8b8e4*=0) returned 0x0 [0279.301] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\WindowsPowerShell\\spcwin.exe\" ") returned 0x6c [0279.301] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\WindowsPowerShell\\spcwin.exe\" ") returned 0x6c [0279.301] CoTaskMemAlloc (cb=0x4) returned 0x989c90 [0279.301] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989c90, puReturned=0x2f500f0 | out: apObjects=0x989c90*=0x9d9640, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.302] IUnknown:QueryInterface (in: This=0x9d9640, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d9640) returned 0x0 [0279.303] IUnknown:QueryInterface (in: This=0x9d9640, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.303] IUnknown:QueryInterface (in: This=0x9d9640, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.303] IUnknown:QueryInterface (in: This=0x9d9640, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.303] IUnknown:AddRef (This=0x9d9640) returned 0x3 [0279.303] IUnknown:QueryInterface (in: This=0x9d9640, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.303] IUnknown:QueryInterface (in: This=0x9d9640, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.303] IUnknown:QueryInterface (in: This=0x9d9640, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d9644) returned 0x0 [0279.303] IMarshal:GetUnmarshalClass (in: This=0x9d9644, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.303] IUnknown:Release (This=0x9d9644) returned 0x3 [0279.303] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.303] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.303] IUnknown:QueryInterface (in: This=0x9d9640, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.304] IUnknown:Release (This=0x9d9640) returned 0x2 [0279.304] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.304] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.304] IUnknown:QueryInterface (in: This=0x9d9640, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d9640) returned 0x0 [0279.304] IUnknown:AddRef (This=0x9d9640) returned 0x4 [0279.304] IUnknown:Release (This=0x9d9640) returned 0x3 [0279.304] IUnknown:Release (This=0x9d9640) returned 0x2 [0279.304] CoTaskMemFree (pv=0x989c90) [0279.304] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.304] IUnknown:AddRef (This=0x9d9640) returned 0x3 [0279.304] IWbemClassObject:Get (in: This=0x9d9640, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.304] IWbemClassObject:Get (in: This=0x9d9640, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4700\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.304] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4700\"") returned 0x66 [0279.305] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4700\"") returned 0x66 [0279.305] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.305] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.305] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.305] IUnknown:Release (This=0x968724) returned 0x1 [0279.307] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989c90) returned 0x0 [0279.307] WbemDefPath:IUnknown:QueryInterface (in: This=0x989c90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.307] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989c90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dd610) returned 0x0 [0279.307] WbemDefPath:IUnknown:Release (This=0x989c90) returned 0x0 [0279.307] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd610, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dd610) returned 0x0 [0279.307] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd610, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.307] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd610, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.308] WbemDefPath:IUnknown:AddRef (This=0x9dd610) returned 0x3 [0279.308] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd610, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.308] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd610, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.308] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd610, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9db8b0) returned 0x0 [0279.308] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9db8b0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.308] WbemDefPath:IUnknown:Release (This=0x9db8b0) returned 0x3 [0279.308] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.309] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd610, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.309] WbemDefPath:IUnknown:Release (This=0x9dd610) returned 0x2 [0279.309] WbemDefPath:IUnknown:Release (This=0x9dd610) returned 0x1 [0279.309] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.309] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.309] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd610, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dd610) returned 0x0 [0279.309] WbemDefPath:IUnknown:AddRef (This=0x9dd610) returned 0x3 [0279.309] WbemDefPath:IUnknown:Release (This=0x9dd610) returned 0x2 [0279.309] WbemDefPath:IWbemPath:SetText (This=0x9dd610, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4700\"") returned 0x0 [0279.309] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.309] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.309] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.309] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.309] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.309] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.309] IWbemClassObject:Get (in: This=0x9d9640, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8c35c*=0, plFlavor=0x2f8c360*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x125c, varVal2=0x0), pType=0x2f8c35c*=19, plFlavor=0x2f8c360*=0) returned 0x0 [0279.310] IWbemClassObject:Get (in: This=0x9d9640, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8c35c*=19, plFlavor=0x2f8c360*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x125c, varVal2=0x0), pType=0x2f8c35c*=19, plFlavor=0x2f8c360*=0) returned 0x0 [0279.310] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.310] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.310] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.310] IWbemClassObject:Get (in: This=0x9d9640, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8c460*=0, plFlavor=0x2f8c464*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x2f8c460*=8, plFlavor=0x2f8c464*=0) returned 0x0 [0279.310] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0279.310] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0279.310] IWbemClassObject:Get (in: This=0x9d9640, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8c460*=8, plFlavor=0x2f8c464*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="omnipos.exe", varVal2=0x0), pType=0x2f8c460*=8, plFlavor=0x2f8c464*=0) returned 0x0 [0279.310] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0279.310] SysStringByteLen (bstr="omnipos.exe") returned 0x16 [0279.310] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.310] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.310] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.311] IWbemClassObject:Get (in: This=0x9d9640, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8c59c*=0, plFlavor=0x2f8c5a0*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\omnipos.exe\" ", varVal2=0x0), pType=0x2f8c59c*=8, plFlavor=0x2f8c5a0*=0) returned 0x0 [0279.311] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\omnipos.exe\" ") returned 0x96 [0279.311] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\omnipos.exe\" ") returned 0x96 [0279.311] IWbemClassObject:Get (in: This=0x9d9640, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8c59c*=8, plFlavor=0x2f8c5a0*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\omnipos.exe\" ", varVal2=0x0), pType=0x2f8c59c*=8, plFlavor=0x2f8c5a0*=0) returned 0x0 [0279.311] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\omnipos.exe\" ") returned 0x96 [0279.311] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Defender Advanced Threat Protection\\omnipos.exe\" ") returned 0x96 [0279.311] CoTaskMemAlloc (cb=0x4) returned 0x989d20 [0279.311] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d20, puReturned=0x2f500f0 | out: apObjects=0x989d20*=0x9d7990, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.337] IUnknown:QueryInterface (in: This=0x9d7990, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d7990) returned 0x0 [0279.337] IUnknown:QueryInterface (in: This=0x9d7990, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.337] IUnknown:QueryInterface (in: This=0x9d7990, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.337] IUnknown:QueryInterface (in: This=0x9d7990, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.338] IUnknown:AddRef (This=0x9d7990) returned 0x3 [0279.338] IUnknown:QueryInterface (in: This=0x9d7990, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.338] IUnknown:QueryInterface (in: This=0x9d7990, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.338] IUnknown:QueryInterface (in: This=0x9d7990, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d7994) returned 0x0 [0279.338] IMarshal:GetUnmarshalClass (in: This=0x9d7994, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.338] IUnknown:Release (This=0x9d7994) returned 0x3 [0279.338] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.338] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.338] IUnknown:QueryInterface (in: This=0x9d7990, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.338] IUnknown:Release (This=0x9d7990) returned 0x2 [0279.338] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.338] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.338] IUnknown:QueryInterface (in: This=0x9d7990, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d7990) returned 0x0 [0279.338] IUnknown:AddRef (This=0x9d7990) returned 0x4 [0279.338] IUnknown:Release (This=0x9d7990) returned 0x3 [0279.338] IUnknown:Release (This=0x9d7990) returned 0x2 [0279.338] CoTaskMemFree (pv=0x989d20) [0279.339] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.339] IUnknown:AddRef (This=0x9d7990) returned 0x3 [0279.339] IWbemClassObject:Get (in: This=0x9d7990, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.339] IWbemClassObject:Get (in: This=0x9d7990, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"936\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.339] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"936\"") returned 0x64 [0279.497] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"936\"") returned 0x64 [0279.497] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.498] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.498] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.498] IUnknown:Release (This=0x968724) returned 0x1 [0279.499] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989cd0) returned 0x0 [0279.500] WbemDefPath:IUnknown:QueryInterface (in: This=0x989cd0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.500] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989cd0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dce30) returned 0x0 [0279.500] WbemDefPath:IUnknown:Release (This=0x989cd0) returned 0x0 [0279.500] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dce30, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dce30) returned 0x0 [0279.500] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dce30, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.500] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dce30, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.501] WbemDefPath:IUnknown:AddRef (This=0x9dce30) returned 0x3 [0279.501] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dce30, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.501] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dce30, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.501] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dce30, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9dbb08) returned 0x0 [0279.501] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9dbb08, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.501] WbemDefPath:IUnknown:Release (This=0x9dbb08) returned 0x3 [0279.501] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.501] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.501] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dce30, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.501] WbemDefPath:IUnknown:Release (This=0x9dce30) returned 0x2 [0279.501] WbemDefPath:IUnknown:Release (This=0x9dce30) returned 0x1 [0279.501] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.501] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.501] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dce30, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dce30) returned 0x0 [0279.501] WbemDefPath:IUnknown:AddRef (This=0x9dce30) returned 0x3 [0279.502] WbemDefPath:IUnknown:Release (This=0x9dce30) returned 0x2 [0279.502] WbemDefPath:IWbemPath:SetText (This=0x9dce30, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"936\"") returned 0x0 [0279.502] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.502] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.502] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.502] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.502] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.502] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.502] IWbemClassObject:Get (in: This=0x9d7990, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8d088*=0, plFlavor=0x2f8d08c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a8, varVal2=0x0), pType=0x2f8d088*=19, plFlavor=0x2f8d08c*=0) returned 0x0 [0279.503] IWbemClassObject:Get (in: This=0x9d7990, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8d088*=19, plFlavor=0x2f8d08c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3a8, varVal2=0x0), pType=0x2f8d088*=19, plFlavor=0x2f8d08c*=0) returned 0x0 [0279.503] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.503] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.503] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.503] IWbemClassObject:Get (in: This=0x9d7990, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8d188*=0, plFlavor=0x2f8d18c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spgagentservice.exe", varVal2=0x0), pType=0x2f8d188*=8, plFlavor=0x2f8d18c*=0) returned 0x0 [0279.503] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0279.503] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0279.503] IWbemClassObject:Get (in: This=0x9d7990, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8d188*=8, plFlavor=0x2f8d18c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="spgagentservice.exe", varVal2=0x0), pType=0x2f8d188*=8, plFlavor=0x2f8d18c*=0) returned 0x0 [0279.503] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0279.503] SysStringByteLen (bstr="spgagentservice.exe") returned 0x26 [0279.503] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.503] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.503] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.503] IWbemClassObject:Get (in: This=0x9d7990, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8d2e4*=0, plFlavor=0x2f8d2e8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Adobe\\spgagentservice.exe\" ", varVal2=0x0), pType=0x2f8d2e4*=8, plFlavor=0x2f8d2e8*=0) returned 0x0 [0279.504] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\spgagentservice.exe\" ") returned 0x66 [0279.504] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\spgagentservice.exe\" ") returned 0x66 [0279.504] IWbemClassObject:Get (in: This=0x9d7990, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8d2e4*=8, plFlavor=0x2f8d2e8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Adobe\\spgagentservice.exe\" ", varVal2=0x0), pType=0x2f8d2e4*=8, plFlavor=0x2f8d2e8*=0) returned 0x0 [0279.504] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\spgagentservice.exe\" ") returned 0x66 [0279.504] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Adobe\\spgagentservice.exe\" ") returned 0x66 [0279.504] CoTaskMemAlloc (cb=0x4) returned 0x989d90 [0279.504] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d90, puReturned=0x2f500f0 | out: apObjects=0x989d90*=0x9d7b28, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.507] IUnknown:QueryInterface (in: This=0x9d7b28, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d7b28) returned 0x0 [0279.507] IUnknown:QueryInterface (in: This=0x9d7b28, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.507] IUnknown:QueryInterface (in: This=0x9d7b28, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.507] IUnknown:QueryInterface (in: This=0x9d7b28, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.508] IUnknown:AddRef (This=0x9d7b28) returned 0x3 [0279.508] IUnknown:QueryInterface (in: This=0x9d7b28, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.508] IUnknown:QueryInterface (in: This=0x9d7b28, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.508] IUnknown:QueryInterface (in: This=0x9d7b28, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d7b2c) returned 0x0 [0279.508] IMarshal:GetUnmarshalClass (in: This=0x9d7b2c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.508] IUnknown:Release (This=0x9d7b2c) returned 0x3 [0279.508] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.508] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.508] IUnknown:QueryInterface (in: This=0x9d7b28, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.508] IUnknown:Release (This=0x9d7b28) returned 0x2 [0279.508] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.508] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.508] IUnknown:QueryInterface (in: This=0x9d7b28, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d7b28) returned 0x0 [0279.508] IUnknown:AddRef (This=0x9d7b28) returned 0x4 [0279.508] IUnknown:Release (This=0x9d7b28) returned 0x3 [0279.508] IUnknown:Release (This=0x9d7b28) returned 0x2 [0279.508] CoTaskMemFree (pv=0x989d90) [0279.509] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.509] IUnknown:AddRef (This=0x9d7b28) returned 0x3 [0279.509] IWbemClassObject:Get (in: This=0x9d7b28, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.509] IWbemClassObject:Get (in: This=0x9d7b28, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4300\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.509] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4300\"") returned 0x66 [0279.509] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4300\"") returned 0x66 [0279.509] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.509] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.510] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.510] IUnknown:Release (This=0x968724) returned 0x1 [0279.512] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d30) returned 0x0 [0279.512] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d30, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.512] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d30, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dca40) returned 0x0 [0279.512] WbemDefPath:IUnknown:Release (This=0x989d30) returned 0x0 [0279.512] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dca40, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dca40) returned 0x0 [0279.512] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dca40, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.512] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dca40, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.513] WbemDefPath:IUnknown:AddRef (This=0x9dca40) returned 0x3 [0279.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dca40, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dca40, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dca40, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9db970) returned 0x0 [0279.513] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9db970, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.513] WbemDefPath:IUnknown:Release (This=0x9db970) returned 0x3 [0279.513] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.513] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dca40, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.513] WbemDefPath:IUnknown:Release (This=0x9dca40) returned 0x2 [0279.513] WbemDefPath:IUnknown:Release (This=0x9dca40) returned 0x1 [0279.513] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.513] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.513] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dca40, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dca40) returned 0x0 [0279.513] WbemDefPath:IUnknown:AddRef (This=0x9dca40) returned 0x3 [0279.513] WbemDefPath:IUnknown:Release (This=0x9dca40) returned 0x2 [0279.513] WbemDefPath:IWbemPath:SetText (This=0x9dca40, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4300\"") returned 0x0 [0279.514] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.514] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.514] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.514] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.514] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.514] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.514] IWbemClassObject:Get (in: This=0x9d7b28, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8dd50*=0, plFlavor=0x2f8dd54*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10cc, varVal2=0x0), pType=0x2f8dd50*=19, plFlavor=0x2f8dd54*=0) returned 0x0 [0279.514] IWbemClassObject:Get (in: This=0x9d7b28, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8dd50*=19, plFlavor=0x2f8dd54*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x10cc, varVal2=0x0), pType=0x2f8dd50*=19, plFlavor=0x2f8dd54*=0) returned 0x0 [0279.514] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.514] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.514] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.515] IWbemClassObject:Get (in: This=0x9d7b28, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8de54*=0, plFlavor=0x2f8de58*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="utg2.exe", varVal2=0x0), pType=0x2f8de54*=8, plFlavor=0x2f8de58*=0) returned 0x0 [0279.515] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0279.515] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0279.515] IWbemClassObject:Get (in: This=0x9d7b28, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8de54*=8, plFlavor=0x2f8de58*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="utg2.exe", varVal2=0x0), pType=0x2f8de54*=8, plFlavor=0x2f8de58*=0) returned 0x0 [0279.515] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0279.515] SysStringByteLen (bstr="utg2.exe") returned 0x10 [0279.515] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.515] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.515] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.515] IWbemClassObject:Get (in: This=0x9d7b28, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8df88*=0, plFlavor=0x2f8df8c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Photo Viewer\\utg2.exe\" ", varVal2=0x0), pType=0x2f8df88*=8, plFlavor=0x2f8df8c*=0) returned 0x0 [0279.515] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Photo Viewer\\utg2.exe\" ") returned 0x62 [0279.516] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Photo Viewer\\utg2.exe\" ") returned 0x62 [0279.516] IWbemClassObject:Get (in: This=0x9d7b28, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8df88*=8, plFlavor=0x2f8df8c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Photo Viewer\\utg2.exe\" ", varVal2=0x0), pType=0x2f8df88*=8, plFlavor=0x2f8df8c*=0) returned 0x0 [0279.516] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Photo Viewer\\utg2.exe\" ") returned 0x62 [0279.516] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Photo Viewer\\utg2.exe\" ") returned 0x62 [0279.516] CoTaskMemAlloc (cb=0x4) returned 0x989e30 [0279.516] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e30, puReturned=0x2f500f0 | out: apObjects=0x989e30*=0x9d7cc0, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.520] IUnknown:QueryInterface (in: This=0x9d7cc0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d7cc0) returned 0x0 [0279.520] IUnknown:QueryInterface (in: This=0x9d7cc0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.520] IUnknown:QueryInterface (in: This=0x9d7cc0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.520] IUnknown:QueryInterface (in: This=0x9d7cc0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.520] IUnknown:AddRef (This=0x9d7cc0) returned 0x3 [0279.520] IUnknown:QueryInterface (in: This=0x9d7cc0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.520] IUnknown:QueryInterface (in: This=0x9d7cc0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.520] IUnknown:QueryInterface (in: This=0x9d7cc0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d7cc4) returned 0x0 [0279.521] IMarshal:GetUnmarshalClass (in: This=0x9d7cc4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.521] IUnknown:Release (This=0x9d7cc4) returned 0x3 [0279.521] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.521] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.521] IUnknown:QueryInterface (in: This=0x9d7cc0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.521] IUnknown:Release (This=0x9d7cc0) returned 0x2 [0279.521] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.521] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.521] IUnknown:QueryInterface (in: This=0x9d7cc0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d7cc0) returned 0x0 [0279.521] IUnknown:AddRef (This=0x9d7cc0) returned 0x4 [0279.521] IUnknown:Release (This=0x9d7cc0) returned 0x3 [0279.521] IUnknown:Release (This=0x9d7cc0) returned 0x2 [0279.521] CoTaskMemFree (pv=0x989e30) [0279.521] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.521] IUnknown:AddRef (This=0x9d7cc0) returned 0x3 [0279.522] IWbemClassObject:Get (in: This=0x9d7cc0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.522] IWbemClassObject:Get (in: This=0x9d7cc0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3700\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.522] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3700\"") returned 0x66 [0279.522] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3700\"") returned 0x66 [0279.522] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.522] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.522] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.522] IUnknown:Release (This=0x968724) returned 0x1 [0279.524] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e70) returned 0x0 [0279.524] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e70, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.524] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e70, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dd140) returned 0x0 [0279.524] WbemDefPath:IUnknown:Release (This=0x989e70) returned 0x0 [0279.524] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd140, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dd140) returned 0x0 [0279.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd140, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd140, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.525] WbemDefPath:IUnknown:AddRef (This=0x9dd140) returned 0x3 [0279.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd140, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd140, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd140, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9dbf28) returned 0x0 [0279.525] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9dbf28, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.525] WbemDefPath:IUnknown:Release (This=0x9dbf28) returned 0x3 [0279.525] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.525] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.525] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd140, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.525] WbemDefPath:IUnknown:Release (This=0x9dd140) returned 0x2 [0279.525] WbemDefPath:IUnknown:Release (This=0x9dd140) returned 0x1 [0279.526] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.526] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.526] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd140, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dd140) returned 0x0 [0279.526] WbemDefPath:IUnknown:AddRef (This=0x9dd140) returned 0x3 [0279.526] WbemDefPath:IUnknown:Release (This=0x9dd140) returned 0x2 [0279.526] WbemDefPath:IWbemPath:SetText (This=0x9dd140, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3700\"") returned 0x0 [0279.526] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.526] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.526] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.526] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.526] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.526] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.526] IWbemClassObject:Get (in: This=0x9d7cc0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8e9e0*=0, plFlavor=0x2f8e9e4*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe74, varVal2=0x0), pType=0x2f8e9e0*=19, plFlavor=0x2f8e9e4*=0) returned 0x0 [0279.526] IWbemClassObject:Get (in: This=0x9d7cc0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8e9e0*=19, plFlavor=0x2f8e9e4*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xe74, varVal2=0x0), pType=0x2f8e9e0*=19, plFlavor=0x2f8e9e4*=0) returned 0x0 [0279.527] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.527] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.528] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.528] IWbemClassObject:Get (in: This=0x9d7cc0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8eae4*=0, plFlavor=0x2f8eae8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="away whatever opportunity.exe", varVal2=0x0), pType=0x2f8eae4*=8, plFlavor=0x2f8eae8*=0) returned 0x0 [0279.528] SysStringByteLen (bstr="away whatever opportunity.exe") returned 0x3a [0279.528] SysStringByteLen (bstr="away whatever opportunity.exe") returned 0x3a [0279.528] IWbemClassObject:Get (in: This=0x9d7cc0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8eae4*=8, plFlavor=0x2f8eae8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="away whatever opportunity.exe", varVal2=0x0), pType=0x2f8eae4*=8, plFlavor=0x2f8eae8*=0) returned 0x0 [0279.528] SysStringByteLen (bstr="away whatever opportunity.exe") returned 0x3a [0279.528] SysStringByteLen (bstr="away whatever opportunity.exe") returned 0x3a [0279.528] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.528] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.528] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.528] IWbemClassObject:Get (in: This=0x9d7cc0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8ec68*=0, plFlavor=0x2f8ec6c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\away whatever opportunity.exe\" ", varVal2=0x0), pType=0x2f8ec68*=8, plFlavor=0x2f8ec6c*=0) returned 0x0 [0279.528] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\away whatever opportunity.exe\" ") returned 0x8a [0279.528] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\away whatever opportunity.exe\" ") returned 0x8a [0279.528] IWbemClassObject:Get (in: This=0x9d7cc0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8ec68*=8, plFlavor=0x2f8ec6c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\away whatever opportunity.exe\" ", varVal2=0x0), pType=0x2f8ec68*=8, plFlavor=0x2f8ec6c*=0) returned 0x0 [0279.528] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\away whatever opportunity.exe\" ") returned 0x8a [0279.528] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\away whatever opportunity.exe\" ") returned 0x8a [0279.529] CoTaskMemAlloc (cb=0x4) returned 0x989d90 [0279.529] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989d90, puReturned=0x2f500f0 | out: apObjects=0x989d90*=0x9d7e58, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.530] IUnknown:QueryInterface (in: This=0x9d7e58, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d7e58) returned 0x0 [0279.531] IUnknown:QueryInterface (in: This=0x9d7e58, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.531] IUnknown:QueryInterface (in: This=0x9d7e58, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.531] IUnknown:QueryInterface (in: This=0x9d7e58, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.531] IUnknown:AddRef (This=0x9d7e58) returned 0x3 [0279.531] IUnknown:QueryInterface (in: This=0x9d7e58, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.531] IUnknown:QueryInterface (in: This=0x9d7e58, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.531] IUnknown:QueryInterface (in: This=0x9d7e58, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d7e5c) returned 0x0 [0279.531] IMarshal:GetUnmarshalClass (in: This=0x9d7e5c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.531] IUnknown:Release (This=0x9d7e5c) returned 0x3 [0279.531] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.531] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.531] IUnknown:QueryInterface (in: This=0x9d7e58, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.531] IUnknown:Release (This=0x9d7e58) returned 0x2 [0279.531] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.531] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.532] IUnknown:QueryInterface (in: This=0x9d7e58, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d7e58) returned 0x0 [0279.532] IUnknown:AddRef (This=0x9d7e58) returned 0x4 [0279.532] IUnknown:Release (This=0x9d7e58) returned 0x3 [0279.532] IUnknown:Release (This=0x9d7e58) returned 0x2 [0279.532] CoTaskMemFree (pv=0x989d90) [0279.532] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.532] IUnknown:AddRef (This=0x9d7e58) returned 0x3 [0279.532] IWbemClassObject:Get (in: This=0x9d7e58, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.532] IWbemClassObject:Get (in: This=0x9d7e58, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2552\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.532] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2552\"") returned 0x66 [0279.532] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2552\"") returned 0x66 [0279.532] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.533] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.533] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.533] IUnknown:Release (This=0x968724) returned 0x1 [0279.534] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d90) returned 0x0 [0279.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.535] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dcb90) returned 0x0 [0279.535] WbemDefPath:IUnknown:Release (This=0x989d90) returned 0x0 [0279.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb90, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dcb90) returned 0x0 [0279.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb90, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb90, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.535] WbemDefPath:IUnknown:AddRef (This=0x9dcb90) returned 0x3 [0279.535] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb90, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb90, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb90, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9dbd30) returned 0x0 [0279.536] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9dbd30, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.536] WbemDefPath:IUnknown:Release (This=0x9dbd30) returned 0x3 [0279.536] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.536] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb90, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.536] WbemDefPath:IUnknown:Release (This=0x9dcb90) returned 0x2 [0279.536] WbemDefPath:IUnknown:Release (This=0x9dcb90) returned 0x1 [0279.536] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.536] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.536] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcb90, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dcb90) returned 0x0 [0279.536] WbemDefPath:IUnknown:AddRef (This=0x9dcb90) returned 0x3 [0279.536] WbemDefPath:IUnknown:Release (This=0x9dcb90) returned 0x2 [0279.536] WbemDefPath:IWbemPath:SetText (This=0x9dcb90, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"2552\"") returned 0x0 [0279.536] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.536] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.536] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.536] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.536] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.536] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.537] IWbemClassObject:Get (in: This=0x9d7e58, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8f754*=0, plFlavor=0x2f8f758*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9f8, varVal2=0x0), pType=0x2f8f754*=19, plFlavor=0x2f8f758*=0) returned 0x0 [0279.537] IWbemClassObject:Get (in: This=0x9d7e58, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8f754*=19, plFlavor=0x2f8f758*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x9f8, varVal2=0x0), pType=0x2f8f754*=19, plFlavor=0x2f8f758*=0) returned 0x0 [0279.537] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.537] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.537] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.537] IWbemClassObject:Get (in: This=0x9d7e58, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8f858*=0, plFlavor=0x2f8f85c*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="professionalgo.exe", varVal2=0x0), pType=0x2f8f858*=8, plFlavor=0x2f8f85c*=0) returned 0x0 [0279.537] SysStringByteLen (bstr="professionalgo.exe") returned 0x24 [0279.537] SysStringByteLen (bstr="professionalgo.exe") returned 0x24 [0279.537] IWbemClassObject:Get (in: This=0x9d7e58, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8f858*=8, plFlavor=0x2f8f85c*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="professionalgo.exe", varVal2=0x0), pType=0x2f8f858*=8, plFlavor=0x2f8f85c*=0) returned 0x0 [0279.537] SysStringByteLen (bstr="professionalgo.exe") returned 0x24 [0279.538] SysStringByteLen (bstr="professionalgo.exe") returned 0x24 [0279.538] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.538] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.538] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.538] IWbemClassObject:Get (in: This=0x9d7e58, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8f9b4*=0, plFlavor=0x2f8f9b8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Photo Viewer\\professionalgo.exe\" ", varVal2=0x0), pType=0x2f8f9b4*=8, plFlavor=0x2f8f9b8*=0) returned 0x0 [0279.538] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Photo Viewer\\professionalgo.exe\" ") returned 0x76 [0279.538] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Photo Viewer\\professionalgo.exe\" ") returned 0x76 [0279.538] IWbemClassObject:Get (in: This=0x9d7e58, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f8f9b4*=8, plFlavor=0x2f8f9b8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files\\Windows Photo Viewer\\professionalgo.exe\" ", varVal2=0x0), pType=0x2f8f9b4*=8, plFlavor=0x2f8f9b8*=0) returned 0x0 [0279.538] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Photo Viewer\\professionalgo.exe\" ") returned 0x76 [0279.538] SysStringByteLen (bstr="\"C:\\Program Files\\Windows Photo Viewer\\professionalgo.exe\" ") returned 0x76 [0279.538] CoTaskMemAlloc (cb=0x4) returned 0x989e60 [0279.538] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e60, puReturned=0x2f500f0 | out: apObjects=0x989e60*=0x9d8188, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.559] IUnknown:QueryInterface (in: This=0x9d8188, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d8188) returned 0x0 [0279.559] IUnknown:QueryInterface (in: This=0x9d8188, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.559] IUnknown:QueryInterface (in: This=0x9d8188, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.559] IUnknown:QueryInterface (in: This=0x9d8188, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.560] IUnknown:AddRef (This=0x9d8188) returned 0x3 [0279.560] IUnknown:QueryInterface (in: This=0x9d8188, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.560] IUnknown:QueryInterface (in: This=0x9d8188, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.560] IUnknown:QueryInterface (in: This=0x9d8188, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d818c) returned 0x0 [0279.560] IMarshal:GetUnmarshalClass (in: This=0x9d818c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.560] IUnknown:Release (This=0x9d818c) returned 0x3 [0279.560] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.560] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.560] IUnknown:QueryInterface (in: This=0x9d8188, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.560] IUnknown:Release (This=0x9d8188) returned 0x2 [0279.560] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.560] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.560] IUnknown:QueryInterface (in: This=0x9d8188, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d8188) returned 0x0 [0279.560] IUnknown:AddRef (This=0x9d8188) returned 0x4 [0279.560] IUnknown:Release (This=0x9d8188) returned 0x3 [0279.560] IUnknown:Release (This=0x9d8188) returned 0x2 [0279.560] CoTaskMemFree (pv=0x989e60) [0279.560] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.561] IUnknown:AddRef (This=0x9d8188) returned 0x3 [0279.561] IWbemClassObject:Get (in: This=0x9d8188, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.561] IWbemClassObject:Get (in: This=0x9d8188, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4828\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.561] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4828\"") returned 0x66 [0279.561] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4828\"") returned 0x66 [0279.561] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.561] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.561] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.561] IUnknown:Release (This=0x968724) returned 0x1 [0279.563] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989d90) returned 0x0 [0279.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x989d90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.564] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989d90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dd4c0) returned 0x0 [0279.564] WbemDefPath:IUnknown:Release (This=0x989d90) returned 0x0 [0279.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd4c0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dd4c0) returned 0x0 [0279.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd4c0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd4c0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.564] WbemDefPath:IUnknown:AddRef (This=0x9dd4c0) returned 0x3 [0279.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd4c0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd4c0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.564] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd4c0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9dc108) returned 0x0 [0279.564] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9dc108, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.564] WbemDefPath:IUnknown:Release (This=0x9dc108) returned 0x3 [0279.565] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.565] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.565] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd4c0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.565] WbemDefPath:IUnknown:Release (This=0x9dd4c0) returned 0x2 [0279.565] WbemDefPath:IUnknown:Release (This=0x9dd4c0) returned 0x1 [0279.565] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.565] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.565] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd4c0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dd4c0) returned 0x0 [0279.565] WbemDefPath:IUnknown:AddRef (This=0x9dd4c0) returned 0x3 [0279.565] WbemDefPath:IUnknown:Release (This=0x9dd4c0) returned 0x2 [0279.565] WbemDefPath:IWbemPath:SetText (This=0x9dd4c0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4828\"") returned 0x0 [0279.565] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.565] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.565] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.565] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.565] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.565] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.565] IWbemClassObject:Get (in: This=0x9d8188, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f9045c*=0, plFlavor=0x2f90460*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12dc, varVal2=0x0), pType=0x2f9045c*=19, plFlavor=0x2f90460*=0) returned 0x0 [0279.566] IWbemClassObject:Get (in: This=0x9d8188, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f9045c*=19, plFlavor=0x2f90460*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x12dc, varVal2=0x0), pType=0x2f9045c*=19, plFlavor=0x2f90460*=0) returned 0x0 [0279.566] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.566] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.566] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.566] IWbemClassObject:Get (in: This=0x9d8188, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f90560*=0, plFlavor=0x2f90564*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="after.exe", varVal2=0x0), pType=0x2f90560*=8, plFlavor=0x2f90564*=0) returned 0x0 [0279.566] SysStringByteLen (bstr="after.exe") returned 0x12 [0279.566] SysStringByteLen (bstr="after.exe") returned 0x12 [0279.566] IWbemClassObject:Get (in: This=0x9d8188, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f90560*=8, plFlavor=0x2f90564*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="after.exe", varVal2=0x0), pType=0x2f90560*=8, plFlavor=0x2f90564*=0) returned 0x0 [0279.566] SysStringByteLen (bstr="after.exe") returned 0x12 [0279.566] SysStringByteLen (bstr="after.exe") returned 0x12 [0279.566] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.566] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.566] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.566] IWbemClassObject:Get (in: This=0x9d8188, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f90694*=0, plFlavor=0x2f90698*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\after.exe\" ", varVal2=0x0), pType=0x2f90694*=8, plFlavor=0x2f90698*=0) returned 0x0 [0279.567] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\after.exe\" ") returned 0x62 [0279.567] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\after.exe\" ") returned 0x62 [0279.567] IWbemClassObject:Get (in: This=0x9d8188, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f90694*=8, plFlavor=0x2f90698*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Program Files (x86)\\Microsoft.NET\\after.exe\" ", varVal2=0x0), pType=0x2f90694*=8, plFlavor=0x2f90698*=0) returned 0x0 [0279.567] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\after.exe\" ") returned 0x62 [0279.567] SysStringByteLen (bstr="\"C:\\Program Files (x86)\\Microsoft.NET\\after.exe\" ") returned 0x62 [0279.567] CoTaskMemAlloc (cb=0x4) returned 0x989e20 [0279.567] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e20, puReturned=0x2f500f0 | out: apObjects=0x989e20*=0x9d8b18, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.569] IUnknown:QueryInterface (in: This=0x9d8b18, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9d8b18) returned 0x0 [0279.570] IUnknown:QueryInterface (in: This=0x9d8b18, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.570] IUnknown:QueryInterface (in: This=0x9d8b18, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.570] IUnknown:QueryInterface (in: This=0x9d8b18, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.570] IUnknown:AddRef (This=0x9d8b18) returned 0x3 [0279.570] IUnknown:QueryInterface (in: This=0x9d8b18, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.570] IUnknown:QueryInterface (in: This=0x9d8b18, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.570] IUnknown:QueryInterface (in: This=0x9d8b18, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9d8b1c) returned 0x0 [0279.570] IMarshal:GetUnmarshalClass (in: This=0x9d8b1c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.570] IUnknown:Release (This=0x9d8b1c) returned 0x3 [0279.570] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.570] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.570] IUnknown:QueryInterface (in: This=0x9d8b18, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.570] IUnknown:Release (This=0x9d8b18) returned 0x2 [0279.571] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.571] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.571] IUnknown:QueryInterface (in: This=0x9d8b18, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9d8b18) returned 0x0 [0279.571] IUnknown:AddRef (This=0x9d8b18) returned 0x4 [0279.571] IUnknown:Release (This=0x9d8b18) returned 0x3 [0279.571] IUnknown:Release (This=0x9d8b18) returned 0x2 [0279.571] CoTaskMemFree (pv=0x989e20) [0279.571] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.571] IUnknown:AddRef (This=0x9d8b18) returned 0x3 [0279.571] IWbemClassObject:Get (in: This=0x9d8b18, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.571] IWbemClassObject:Get (in: This=0x9d8b18, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"904\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.571] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"904\"") returned 0x64 [0279.572] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"904\"") returned 0x64 [0279.572] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.572] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.572] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.572] IUnknown:Release (This=0x968724) returned 0x1 [0279.573] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989c90) returned 0x0 [0279.574] WbemDefPath:IUnknown:QueryInterface (in: This=0x989c90, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.574] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989c90, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dcd50) returned 0x0 [0279.574] WbemDefPath:IUnknown:Release (This=0x989c90) returned 0x0 [0279.574] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcd50, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dcd50) returned 0x0 [0279.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcd50, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcd50, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.575] WbemDefPath:IUnknown:AddRef (This=0x9dcd50) returned 0x3 [0279.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcd50, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcd50, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcd50, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9dbfb8) returned 0x0 [0279.575] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9dbfb8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.575] WbemDefPath:IUnknown:Release (This=0x9dbfb8) returned 0x3 [0279.575] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.575] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcd50, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.575] WbemDefPath:IUnknown:Release (This=0x9dcd50) returned 0x2 [0279.575] WbemDefPath:IUnknown:Release (This=0x9dcd50) returned 0x1 [0279.575] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.576] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.576] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcd50, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dcd50) returned 0x0 [0279.576] WbemDefPath:IUnknown:AddRef (This=0x9dcd50) returned 0x3 [0279.576] WbemDefPath:IUnknown:Release (This=0x9dcd50) returned 0x2 [0279.576] WbemDefPath:IWbemPath:SetText (This=0x9dcd50, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"904\"") returned 0x0 [0279.576] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.576] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.576] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.576] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.576] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.576] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.576] IWbemClassObject:Get (in: This=0x9d8b18, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f910e0*=0, plFlavor=0x2f910e4*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x388, varVal2=0x0), pType=0x2f910e0*=19, plFlavor=0x2f910e4*=0) returned 0x0 [0279.576] IWbemClassObject:Get (in: This=0x9d8b18, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f910e0*=19, plFlavor=0x2f910e4*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x388, varVal2=0x0), pType=0x2f910e0*=19, plFlavor=0x2f910e4*=0) returned 0x0 [0279.577] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.577] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.577] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.577] IWbemClassObject:Get (in: This=0x9d8b18, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f911e0*=0, plFlavor=0x2f911e4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RuntimeBroker.exe", varVal2=0x0), pType=0x2f911e0*=8, plFlavor=0x2f911e4*=0) returned 0x0 [0279.577] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0279.577] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0279.577] IWbemClassObject:Get (in: This=0x9d8b18, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f911e0*=8, plFlavor=0x2f911e4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="RuntimeBroker.exe", varVal2=0x0), pType=0x2f911e0*=8, plFlavor=0x2f911e4*=0) returned 0x0 [0279.577] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0279.577] SysStringByteLen (bstr="RuntimeBroker.exe") returned 0x22 [0279.577] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.577] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.577] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.577] IWbemClassObject:Get (in: This=0x9d8b18, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f91334*=0, plFlavor=0x2f91338*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding", varVal2=0x0), pType=0x2f91334*=8, plFlavor=0x2f91338*=0) returned 0x0 [0279.577] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0279.577] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0279.577] IWbemClassObject:Get (in: This=0x9d8b18, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f91334*=8, plFlavor=0x2f91338*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding", varVal2=0x0), pType=0x2f91334*=8, plFlavor=0x2f91338*=0) returned 0x0 [0279.577] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0279.577] SysStringByteLen (bstr="C:\\Windows\\System32\\RuntimeBroker.exe -Embedding") returned 0x60 [0279.578] CoTaskMemAlloc (cb=0x4) returned 0x989e20 [0279.578] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e20, puReturned=0x2f500f0 | out: apObjects=0x989e20*=0x9e5018, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.580] IUnknown:QueryInterface (in: This=0x9e5018, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9e5018) returned 0x0 [0279.580] IUnknown:QueryInterface (in: This=0x9e5018, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.580] IUnknown:QueryInterface (in: This=0x9e5018, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.580] IUnknown:QueryInterface (in: This=0x9e5018, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.581] IUnknown:AddRef (This=0x9e5018) returned 0x3 [0279.581] IUnknown:QueryInterface (in: This=0x9e5018, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.581] IUnknown:QueryInterface (in: This=0x9e5018, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.581] IUnknown:QueryInterface (in: This=0x9e5018, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9e501c) returned 0x0 [0279.581] IMarshal:GetUnmarshalClass (in: This=0x9e501c, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.581] IUnknown:Release (This=0x9e501c) returned 0x3 [0279.581] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.581] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.581] IUnknown:QueryInterface (in: This=0x9e5018, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.581] IUnknown:Release (This=0x9e5018) returned 0x2 [0279.581] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.581] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.581] IUnknown:QueryInterface (in: This=0x9e5018, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9e5018) returned 0x0 [0279.581] IUnknown:AddRef (This=0x9e5018) returned 0x4 [0279.581] IUnknown:Release (This=0x9e5018) returned 0x3 [0279.581] IUnknown:Release (This=0x9e5018) returned 0x2 [0279.581] CoTaskMemFree (pv=0x989e20) [0279.582] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.582] IUnknown:AddRef (This=0x9e5018) returned 0x3 [0279.582] IWbemClassObject:Get (in: This=0x9e5018, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.582] IWbemClassObject:Get (in: This=0x9e5018, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3424\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.582] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3424\"") returned 0x66 [0279.582] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3424\"") returned 0x66 [0279.582] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.582] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.582] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.582] IUnknown:Release (This=0x968724) returned 0x1 [0279.584] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989ce0) returned 0x0 [0279.584] WbemDefPath:IUnknown:QueryInterface (in: This=0x989ce0, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.584] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989ce0, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dcea0) returned 0x0 [0279.584] WbemDefPath:IUnknown:Release (This=0x989ce0) returned 0x0 [0279.584] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcea0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dcea0) returned 0x0 [0279.585] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcea0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.585] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcea0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.585] WbemDefPath:IUnknown:AddRef (This=0x9dcea0) returned 0x3 [0279.585] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcea0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.585] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcea0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.585] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcea0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9dc3a8) returned 0x0 [0279.585] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9dc3a8, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.585] WbemDefPath:IUnknown:Release (This=0x9dc3a8) returned 0x3 [0279.585] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.585] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.585] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcea0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.585] WbemDefPath:IUnknown:Release (This=0x9dcea0) returned 0x2 [0279.585] WbemDefPath:IUnknown:Release (This=0x9dcea0) returned 0x1 [0279.585] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.585] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.585] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dcea0, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dcea0) returned 0x0 [0279.585] WbemDefPath:IUnknown:AddRef (This=0x9dcea0) returned 0x3 [0279.586] WbemDefPath:IUnknown:Release (This=0x9dcea0) returned 0x2 [0279.586] WbemDefPath:IWbemPath:SetText (This=0x9dcea0, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"3424\"") returned 0x0 [0279.586] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.586] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.586] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.586] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.586] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.586] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.586] IWbemClassObject:Get (in: This=0x9e5018, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f91d8c*=0, plFlavor=0x2f91d90*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd60, varVal2=0x0), pType=0x2f91d8c*=19, plFlavor=0x2f91d90*=0) returned 0x0 [0279.586] IWbemClassObject:Get (in: This=0x9e5018, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f91d8c*=19, plFlavor=0x2f91d90*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xd60, varVal2=0x0), pType=0x2f91d8c*=19, plFlavor=0x2f91d90*=0) returned 0x0 [0279.586] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.586] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.587] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.587] IWbemClassObject:Get (in: This=0x9e5018, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f91e90*=0, plFlavor=0x2f91e94*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="work.exe", varVal2=0x0), pType=0x2f91e90*=8, plFlavor=0x2f91e94*=0) returned 0x0 [0279.587] SysStringByteLen (bstr="work.exe") returned 0x10 [0279.587] SysStringByteLen (bstr="work.exe") returned 0x10 [0279.587] IWbemClassObject:Get (in: This=0x9e5018, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f91e90*=8, plFlavor=0x2f91e94*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="work.exe", varVal2=0x0), pType=0x2f91e90*=8, plFlavor=0x2f91e94*=0) returned 0x0 [0279.587] SysStringByteLen (bstr="work.exe") returned 0x10 [0279.587] SysStringByteLen (bstr="work.exe") returned 0x10 [0279.587] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.587] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.587] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.587] IWbemClassObject:Get (in: This=0x9e5018, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f91fc4*=0, plFlavor=0x2f91fc8*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="work.exe -priverdD", varVal2=0x0), pType=0x2f91fc4*=8, plFlavor=0x2f91fc8*=0) returned 0x0 [0279.587] SysStringByteLen (bstr="work.exe -priverdD") returned 0x26 [0279.588] SysStringByteLen (bstr="work.exe -priverdD") returned 0x26 [0279.588] IWbemClassObject:Get (in: This=0x9e5018, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f91fc4*=8, plFlavor=0x2f91fc8*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="work.exe -priverdD", varVal2=0x0), pType=0x2f91fc4*=8, plFlavor=0x2f91fc8*=0) returned 0x0 [0279.588] SysStringByteLen (bstr="work.exe -priverdD") returned 0x26 [0279.588] SysStringByteLen (bstr="work.exe -priverdD") returned 0x26 [0279.588] CoTaskMemAlloc (cb=0x4) returned 0x989da0 [0279.588] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989da0, puReturned=0x2f500f0 | out: apObjects=0x989da0*=0x9e64d0, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.612] IUnknown:QueryInterface (in: This=0x9e64d0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9e64d0) returned 0x0 [0279.613] IUnknown:QueryInterface (in: This=0x9e64d0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.613] IUnknown:QueryInterface (in: This=0x9e64d0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.613] IUnknown:QueryInterface (in: This=0x9e64d0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.613] IUnknown:AddRef (This=0x9e64d0) returned 0x3 [0279.613] IUnknown:QueryInterface (in: This=0x9e64d0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.613] IUnknown:QueryInterface (in: This=0x9e64d0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.613] IUnknown:QueryInterface (in: This=0x9e64d0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9e64d4) returned 0x0 [0279.613] IMarshal:GetUnmarshalClass (in: This=0x9e64d4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.614] IUnknown:Release (This=0x9e64d4) returned 0x3 [0279.614] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.614] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.614] IUnknown:QueryInterface (in: This=0x9e64d0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.614] IUnknown:Release (This=0x9e64d0) returned 0x2 [0279.614] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.614] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.614] IUnknown:QueryInterface (in: This=0x9e64d0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9e64d0) returned 0x0 [0279.614] IUnknown:AddRef (This=0x9e64d0) returned 0x4 [0279.614] IUnknown:Release (This=0x9e64d0) returned 0x3 [0279.614] IUnknown:Release (This=0x9e64d0) returned 0x2 [0279.614] CoTaskMemFree (pv=0x989da0) [0279.614] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.614] IUnknown:AddRef (This=0x9e64d0) returned 0x3 [0279.614] IWbemClassObject:Get (in: This=0x9e64d0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.615] IWbemClassObject:Get (in: This=0x9e64d0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5160\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.615] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5160\"") returned 0x66 [0279.615] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5160\"") returned 0x66 [0279.615] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.615] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.615] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.615] IUnknown:Release (This=0x968724) returned 0x1 [0279.617] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e20) returned 0x0 [0279.617] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e20, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.617] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e20, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dd990) returned 0x0 [0279.617] WbemDefPath:IUnknown:Release (This=0x989e20) returned 0x0 [0279.617] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd990, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dd990) returned 0x0 [0279.617] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd990, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.617] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd990, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.618] WbemDefPath:IUnknown:AddRef (This=0x9dd990) returned 0x3 [0279.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd990, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd990, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd990, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9dc720) returned 0x0 [0279.618] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9dc720, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.618] WbemDefPath:IUnknown:Release (This=0x9dc720) returned 0x3 [0279.618] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.618] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd990, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.618] WbemDefPath:IUnknown:Release (This=0x9dd990) returned 0x2 [0279.618] WbemDefPath:IUnknown:Release (This=0x9dd990) returned 0x1 [0279.618] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.618] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.618] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd990, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dd990) returned 0x0 [0279.618] WbemDefPath:IUnknown:AddRef (This=0x9dd990) returned 0x3 [0279.618] WbemDefPath:IUnknown:Release (This=0x9dd990) returned 0x2 [0279.618] WbemDefPath:IWbemPath:SetText (This=0x9dd990, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"5160\"") returned 0x0 [0279.618] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.618] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.618] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.618] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.619] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.619] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.619] IWbemClassObject:Get (in: This=0x9e64d0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f92968*=0, plFlavor=0x2f9296c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1428, varVal2=0x0), pType=0x2f92968*=19, plFlavor=0x2f9296c*=0) returned 0x0 [0279.619] IWbemClassObject:Get (in: This=0x9e64d0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f92968*=19, plFlavor=0x2f9296c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1428, varVal2=0x0), pType=0x2f92968*=19, plFlavor=0x2f9296c*=0) returned 0x0 [0279.619] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.619] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.619] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.619] IWbemClassObject:Get (in: This=0x9e64d0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f92a6c*=0, plFlavor=0x2f92a70*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gesf.exe", varVal2=0x0), pType=0x2f92a6c*=8, plFlavor=0x2f92a70*=0) returned 0x0 [0279.619] SysStringByteLen (bstr="gesf.exe") returned 0x10 [0279.619] SysStringByteLen (bstr="gesf.exe") returned 0x10 [0279.619] IWbemClassObject:Get (in: This=0x9e64d0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f92a6c*=8, plFlavor=0x2f92a70*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="gesf.exe", varVal2=0x0), pType=0x2f92a6c*=8, plFlavor=0x2f92a70*=0) returned 0x0 [0279.620] SysStringByteLen (bstr="gesf.exe") returned 0x10 [0279.620] SysStringByteLen (bstr="gesf.exe") returned 0x10 [0279.620] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.620] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.620] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.620] IWbemClassObject:Get (in: This=0x9e64d0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f92ba0*=0, plFlavor=0x2f92ba4*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe\" ", varVal2=0x0), pType=0x2f92ba0*=8, plFlavor=0x2f92ba4*=0) returned 0x0 [0279.620] SysStringByteLen (bstr="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe\" ") returned 0x70 [0279.620] SysStringByteLen (bstr="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe\" ") returned 0x70 [0279.620] IWbemClassObject:Get (in: This=0x9e64d0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f92ba0*=8, plFlavor=0x2f92ba4*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe\" ", varVal2=0x0), pType=0x2f92ba0*=8, plFlavor=0x2f92ba4*=0) returned 0x0 [0279.620] SysStringByteLen (bstr="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe\" ") returned 0x70 [0279.620] SysStringByteLen (bstr="\"C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe\" ") returned 0x70 [0279.620] CoTaskMemAlloc (cb=0x4) returned 0x989e50 [0279.620] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989e50, puReturned=0x2f500f0 | out: apObjects=0x989e50*=0x9e51b0, puReturned=0x2f500f0*=0x1) returned 0x0 [0279.623] IUnknown:QueryInterface (in: This=0x9e51b0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e9a4 | out: ppvObject=0x73e9a4*=0x9e51b0) returned 0x0 [0279.623] IUnknown:QueryInterface (in: This=0x9e51b0, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73e958 | out: ppvObject=0x73e958*=0x0) returned 0x80004002 [0279.623] IUnknown:QueryInterface (in: This=0x9e51b0, riid=0x6f961f34*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73e780 | out: ppvObject=0x73e780*=0x0) returned 0x80004002 [0279.623] IUnknown:QueryInterface (in: This=0x9e51b0, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e560 | out: ppvObject=0x73e560*=0x0) returned 0x80004002 [0279.624] IUnknown:AddRef (This=0x9e51b0) returned 0x3 [0279.624] IUnknown:QueryInterface (in: This=0x9e51b0, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e2b4 | out: ppvObject=0x73e2b4*=0x0) returned 0x80004002 [0279.624] IUnknown:QueryInterface (in: This=0x9e51b0, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e264 | out: ppvObject=0x73e264*=0x0) returned 0x80004002 [0279.624] IUnknown:QueryInterface (in: This=0x9e51b0, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e270 | out: ppvObject=0x73e270*=0x9e51b4) returned 0x0 [0279.624] IMarshal:GetUnmarshalClass (in: This=0x9e51b4, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e278 | out: pCid=0x73e278*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0279.624] IUnknown:Release (This=0x9e51b4) returned 0x3 [0279.624] CoGetContextToken (in: pToken=0x73e2d0 | out: pToken=0x73e2d0) returned 0x0 [0279.624] CoGetContextToken (in: pToken=0x73e6e4 | out: pToken=0x73e6e4) returned 0x0 [0279.624] IUnknown:QueryInterface (in: This=0x9e51b0, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e764 | out: ppvObject=0x73e764*=0x0) returned 0x80004002 [0279.624] IUnknown:Release (This=0x9e51b0) returned 0x2 [0279.624] CoGetContextToken (in: pToken=0x73ecd4 | out: pToken=0x73ecd4) returned 0x0 [0279.624] CoGetContextToken (in: pToken=0x73ec34 | out: pToken=0x73ec34) returned 0x0 [0279.624] IUnknown:QueryInterface (in: This=0x9e51b0, riid=0x73ed04*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x73ed00 | out: ppvObject=0x73ed00*=0x9e51b0) returned 0x0 [0279.624] IUnknown:AddRef (This=0x9e51b0) returned 0x4 [0279.624] IUnknown:Release (This=0x9e51b0) returned 0x3 [0279.624] IUnknown:Release (This=0x9e51b0) returned 0x2 [0279.624] CoTaskMemFree (pv=0x989e50) [0279.625] CoGetContextToken (in: pToken=0x73f044 | out: pToken=0x73f044) returned 0x0 [0279.625] IUnknown:AddRef (This=0x9e51b0) returned 0x3 [0279.625] IWbemClassObject:Get (in: This=0x9e51b0, wszName="__GENUS", lFlags=0, pVal=0x73f340*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3c0*=0, plFlavor=0x73f3bc*=0 | out: pVal=0x73f340*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x73f3c0*=3, plFlavor=0x73f3bc*=64) returned 0x0 [0279.625] IWbemClassObject:Get (in: This=0x9e51b0, wszName="__PATH", lFlags=0, pVal=0x73f324*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x73f3a8*=0, plFlavor=0x73f3a4*=0 | out: pVal=0x73f324*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4368\"", varVal2=0x0), pType=0x73f3a8*=8, plFlavor=0x73f3a4*=64) returned 0x0 [0279.625] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4368\"") returned 0x66 [0279.625] SysStringByteLen (bstr="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4368\"") returned 0x66 [0279.625] CoGetObjectContext (in: riid=0x2f4aba0*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73f350 | out: ppv=0x73f350*=0x968724) returned 0x0 [0279.625] IComThreadingInfo:GetCurrentApartmentType (in: This=0x968724, pAptType=0x73f348 | out: pAptType=0x73f348*=1) returned 0x0 [0279.626] IUnknown:QueryInterface (in: This=0x968724, riid=0x2f4ab88*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x73f34c | out: ppvObject=0x73f34c*=0x0) returned 0x80004002 [0279.626] IUnknown:Release (This=0x968724) returned 0x1 [0279.627] CoGetClassObject (in: rclsid=0x990914*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6f9c6c84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x73ecb8 | out: ppv=0x73ecb8*=0x989e20) returned 0x0 [0279.627] WbemDefPath:IUnknown:QueryInterface (in: This=0x989e20, riid=0x6f98ddcc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x73eed0 | out: ppvObject=0x73eed0*=0x0) returned 0x80004002 [0279.627] WbemDefPath:IClassFactory:CreateInstance (in: This=0x989e20, pUnkOuter=0x0, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eedc | out: ppvObject=0x73eedc*=0x9dd840) returned 0x0 [0279.628] WbemDefPath:IUnknown:Release (This=0x989e20) returned 0x0 [0279.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd840, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73eafc | out: ppvObject=0x73eafc*=0x9dd840) returned 0x0 [0279.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd840, riid=0x6f961c1c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x73eab0 | out: ppvObject=0x73eab0*=0x0) returned 0x80004002 [0279.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd840, riid=0x6f961348*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x73e6b8 | out: ppvObject=0x73e6b8*=0x0) returned 0x80004002 [0279.628] WbemDefPath:IUnknown:AddRef (This=0x9dd840) returned 0x3 [0279.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd840, riid=0x6f9618dc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x73e40c | out: ppvObject=0x73e40c*=0x0) returned 0x80004002 [0279.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd840, riid=0x6f961814*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x73e3bc | out: ppvObject=0x73e3bc*=0x0) returned 0x80004002 [0279.628] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd840, riid=0x6f891498*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e3c8 | out: ppvObject=0x73e3c8*=0x9dc630) returned 0x0 [0279.628] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x9dc630, riid=0x6f872b54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x73e3d0 | out: pCid=0x73e3d0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0279.629] WbemDefPath:IUnknown:Release (This=0x9dc630) returned 0x3 [0279.629] CoGetContextToken (in: pToken=0x73e428 | out: pToken=0x73e428) returned 0x0 [0279.629] CoGetContextToken (in: pToken=0x73e83c | out: pToken=0x73e83c) returned 0x0 [0279.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd840, riid=0x6f961b58*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x73e8bc | out: ppvObject=0x73e8bc*=0x0) returned 0x80004002 [0279.629] WbemDefPath:IUnknown:Release (This=0x9dd840) returned 0x2 [0279.629] WbemDefPath:IUnknown:Release (This=0x9dd840) returned 0x1 [0279.629] CoGetContextToken (in: pToken=0x73f1d4 | out: pToken=0x73f1d4) returned 0x0 [0279.629] CoGetContextToken (in: pToken=0x73f134 | out: pToken=0x73f134) returned 0x0 [0279.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x9dd840, riid=0x73f204*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x73f200 | out: ppvObject=0x73f200*=0x9dd840) returned 0x0 [0279.629] WbemDefPath:IUnknown:AddRef (This=0x9dd840) returned 0x3 [0279.629] WbemDefPath:IUnknown:Release (This=0x9dd840) returned 0x2 [0279.629] WbemDefPath:IWbemPath:SetText (This=0x9dd840, uMode=0x4, pszPath="\\\\PXTHFFRYO7\\root\\cimv2:Win32_Process.Handle=\"4368\"") returned 0x0 [0279.629] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f37c | out: puCount=0x73f37c*=0x2) returned 0x0 [0279.629] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0x0, pszText=0x0 | out: puBuffLength=0x73f378*=0xf, pszText=0x0) returned 0x0 [0279.629] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f378*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f378*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.629] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.629] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.629] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.630] IWbemClassObject:Get (in: This=0x9e51b0, wszName="ProcessId", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f93618*=0, plFlavor=0x2f9361c*=0 | out: pVal=0x73f344*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1110, varVal2=0x0), pType=0x2f93618*=19, plFlavor=0x2f9361c*=0) returned 0x0 [0279.630] IWbemClassObject:Get (in: This=0x9e51b0, wszName="ProcessId", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f93618*=19, plFlavor=0x2f9361c*=0 | out: pVal=0x73f34c*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1110, varVal2=0x0), pType=0x2f93618*=19, plFlavor=0x2f9361c*=0) returned 0x0 [0279.630] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.630] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.630] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.630] IWbemClassObject:Get (in: This=0x9e51b0, wszName="Name", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f9371c*=0, plFlavor=0x2f93720*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MusNotifyIcon.exe", varVal2=0x0), pType=0x2f9371c*=8, plFlavor=0x2f93720*=0) returned 0x0 [0279.630] SysStringByteLen (bstr="MusNotifyIcon.exe") returned 0x22 [0279.631] SysStringByteLen (bstr="MusNotifyIcon.exe") returned 0x22 [0279.631] IWbemClassObject:Get (in: This=0x9e51b0, wszName="Name", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f9371c*=8, plFlavor=0x2f93720*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MusNotifyIcon.exe", varVal2=0x0), pType=0x2f9371c*=8, plFlavor=0x2f93720*=0) returned 0x0 [0279.631] SysStringByteLen (bstr="MusNotifyIcon.exe") returned 0x22 [0279.631] SysStringByteLen (bstr="MusNotifyIcon.exe") returned 0x22 [0279.631] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x987dd0, puCount=0x73f348 | out: puCount=0x73f348*=0x2) returned 0x0 [0279.631] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0x0, pszText=0x0 | out: puBuffLength=0x73f344*=0xf, pszText=0x0) returned 0x0 [0279.631] WbemDefPath:IWbemPath:GetText (in: This=0x987dd0, lFlags=4, puBuffLength=0x73f344*=0xf, pszText="00000000000000" | out: puBuffLength=0x73f344*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0279.631] IWbemClassObject:Get (in: This=0x9e51b0, wszName="CommandLine", lFlags=0, pVal=0x73f344*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f93870*=0, plFlavor=0x2f93874*=0 | out: pVal=0x73f344*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="%systemroot%\\system32\\MusNotifyIcon.exe NotifyTrayIcon 13", varVal2=0x0), pType=0x2f93870*=8, plFlavor=0x2f93874*=0) returned 0x0 [0279.631] SysStringByteLen (bstr="%systemroot%\\system32\\MusNotifyIcon.exe NotifyTrayIcon 13") returned 0x72 [0279.631] SysStringByteLen (bstr="%systemroot%\\system32\\MusNotifyIcon.exe NotifyTrayIcon 13") returned 0x72 [0279.631] IWbemClassObject:Get (in: This=0x9e51b0, wszName="CommandLine", lFlags=0, pVal=0x73f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2f93870*=8, plFlavor=0x2f93874*=0 | out: pVal=0x73f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="%systemroot%\\system32\\MusNotifyIcon.exe NotifyTrayIcon 13", varVal2=0x0), pType=0x2f93870*=8, plFlavor=0x2f93874*=0) returned 0x0 [0279.631] SysStringByteLen (bstr="%systemroot%\\system32\\MusNotifyIcon.exe NotifyTrayIcon 13") returned 0x72 [0279.631] SysStringByteLen (bstr="%systemroot%\\system32\\MusNotifyIcon.exe NotifyTrayIcon 13") returned 0x72 [0279.632] CoTaskMemAlloc (cb=0x4) returned 0x989ca0 [0279.632] IEnumWbemClassObject:Next (in: This=0x9a66c0, lTimeout=-1, uCount=0x1, apObjects=0x989ca0, puReturned=0x2f500f0 | out: apObjects=0x989ca0*=0x0, puReturned=0x2f500f0*=0x0) returned 0x1 [0279.669] CoTaskMemFree (pv=0x989ca0) [0279.670] CoGetContextToken (in: pToken=0x73f274 | out: pToken=0x73f274) returned 0x0 [0279.670] IUnknown:Release (This=0x9a66c0) returned 0x1 [0279.670] IUnknown:Release (This=0x9a66c0) returned 0x0 [0279.672] CoGetContextToken (in: pToken=0x73f274 | out: pToken=0x73f274) returned 0x0 [0279.672] IUnknown:Release (This=0x9a4fd8) returned 0x1 [0279.672] IUnknown:Release (This=0x9a4fd8) returned 0x0 [0279.783] SysReAllocStringLen (in: pbstr=0x73ba34*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73ba34*="kernel32.dll") returned 1 [0279.783] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0279.783] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0279.786] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0279.789] CreateFileW (lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.servicemodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.servicemodel.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x460 [0279.789] GetLastError () returned 0x0 [0279.789] SysReAllocStringLen (in: pbstr=0x73b40c*=0x0, psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", len=0x75 | out: pbstr=0x73b40c*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll") returned 1 [0279.825] GetThreadLocale () returned 0x409 [0279.841] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0279.841] GetThreadLocale () returned 0x409 [0279.842] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0279.842] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", nBufferLength=0x104, lpBuffer=0x73b190, lpFilePart=0x73b18c | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", lpFilePart=0x73b18c*="System.ServiceModel.dll") returned 0x75 [0279.842] SysReAllocStringLen (in: pbstr=0x73b40c*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", len=0x75 | out: pbstr=0x73b40c*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll") returned 1 [0279.842] SysReAllocStringLen (in: pbstr=0x73b3bc*=0x0, psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", len=0x75 | out: pbstr=0x73b3bc*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll") returned 1 [0279.842] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", cchLength=0x75 | out: lpsz="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.servicemodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.servicemodel.dll") returned 0x75 [0279.842] SysReAllocStringLen (in: pbstr=0x73b40c*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", psz="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.servicemodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.servicemodel.dll", len=0x75 | out: pbstr=0x73b40c*="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.servicemodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.servicemodel.dll") returned 1 [0279.842] SetLastError (dwErrCode=0x0) [0279.842] CreateFileW (lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.servicemodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.servicemodel.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x46c [0279.843] GetLastError () returned 0x0 [0279.843] SysReAllocStringLen (in: pbstr=0x73b138*=0x0, psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", len=0x75 | out: pbstr=0x73b138*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll") returned 1 [0279.843] GetThreadLocale () returned 0x409 [0279.843] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0279.843] GetThreadLocale () returned 0x409 [0279.843] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0279.843] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", nBufferLength=0x104, lpBuffer=0x73aebc, lpFilePart=0x73aeb8 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", lpFilePart=0x73aeb8*="System.ServiceModel.dll") returned 0x75 [0279.843] SysReAllocStringLen (in: pbstr=0x73b138*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", len=0x75 | out: pbstr=0x73b138*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll") returned 1 [0279.843] SysReAllocStringLen (in: pbstr=0x73b0e8*=0x0, psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", len=0x75 | out: pbstr=0x73b0e8*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll") returned 1 [0279.843] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", cchLength=0x75 | out: lpsz="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.servicemodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.servicemodel.dll") returned 0x75 [0279.843] SysReAllocStringLen (in: pbstr=0x73b138*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.ServiceModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.ServiceModel.dll", psz="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.servicemodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.servicemodel.dll", len=0x75 | out: pbstr=0x73b138*="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.servicemodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.servicemodel.dll") returned 1 [0279.843] SetLastError (dwErrCode=0x0) [0279.879] CreateFileMappingW (hFile=0x460, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x470 [0279.971] GetCurrentThreadId () returned 0xfe0 [0279.971] ResetEvent (hEvent=0x1f4) returned 1 [0279.971] GetCurrentThreadId () returned 0xfe0 [0279.971] GetCurrentThreadId () returned 0xfe0 [0279.971] GetCurrentThreadId () returned 0xfe0 [0279.971] GetCurrentThreadId () returned 0xfe0 [0279.971] ResetEvent (hEvent=0x1f4) returned 1 [0279.971] GetCurrentThreadId () returned 0xfe0 [0279.971] GetCurrentThreadId () returned 0xfe0 [0279.971] SetEvent (hEvent=0x1f8) returned 1 [0279.971] SetEvent (hEvent=0x1f4) returned 1 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] SetEvent (hEvent=0x1f8) returned 1 [0279.990] MapViewOfFileEx (hFileMappingObject=0x470, dwDesiredAccess=0x0, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0, lpBaseAddress=0x0) returned 0x55f0000 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] GetCurrentThreadId () returned 0xfe0 [0279.990] SetEvent (hEvent=0x1f8) returned 1 [0279.990] MapViewOfFileEx (hFileMappingObject=0x470, dwDesiredAccess=0x0, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0, lpBaseAddress=0x0) returned 0x5c10000 [0279.991] UnmapViewOfFile (lpBaseAddress=0x55f0000) returned 1 [0279.991] GetCurrentThreadId () returned 0xfe0 [0279.991] ResetEvent (hEvent=0x1f4) returned 1 [0279.991] GetCurrentThreadId () returned 0xfe0 [0279.991] GetCurrentThreadId () returned 0xfe0 [0279.991] GetCurrentThreadId () returned 0xfe0 [0279.991] GetCurrentThreadId () returned 0xfe0 [0279.991] ResetEvent (hEvent=0x1f4) returned 1 [0279.991] GetCurrentThreadId () returned 0xfe0 [0279.991] GetCurrentThreadId () returned 0xfe0 [0279.991] SetEvent (hEvent=0x1f8) returned 1 [0279.991] SetEvent (hEvent=0x1f4) returned 1 [0279.992] CloseHandle (hObject=0x46c) returned 1 [0280.327] SysReAllocStringLen (in: pbstr=0x73cba8*=0x0, psz="VERSION.dll", len=0xb | out: pbstr=0x73cba8*="VERSION.dll") returned 1 [0280.327] CharLowerBuffW (in: lpsz="VERSION.dll", cchLength=0xb | out: lpsz="version.dll") returned 0xb [0280.327] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\VERSION.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0280.327] GetLastError () returned 0x7e [0280.327] SetLastError (dwErrCode=0x7e) [0280.328] SysReAllocStringLen (in: pbstr=0x73cba8*=0x0, psz="VERSION.dll", len=0xb | out: pbstr=0x73cba8*="VERSION.dll") returned 1 [0280.328] CharLowerBuffW (in: lpsz="VERSION.dll", cchLength=0xb | out: lpsz="version.dll") returned 0xb [0280.328] LoadLibraryExW (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x800) returned 0x752b0000 [0280.328] GetLastError () returned 0x0 [0280.328] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0280.329] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0280.329] GetModuleFileNameA (in: hModule=0x752b0000, lpFilename=0x73ca8c, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0280.329] GetCurrentProcess () returned 0xffffffff [0280.329] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73cb90*=0x752b50bc, NumberOfBytesToProtect=0x73cb94, NewAccessProtection=0x4, OldAccessProtection=0x73cbc8 | out: BaseAddress=0x73cb90*=0x752b5000, NumberOfBytesToProtect=0x73cb94, OldAccessProtection=0x73cbc8*=0x2) returned 0x0 [0280.329] GetCurrentProcess () returned 0xffffffff [0280.329] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73cb90*=0x752b50bc, NumberOfBytesToProtect=0x73cb94, NewAccessProtection=0x2, OldAccessProtection=0x73cbc8 | out: BaseAddress=0x73cb90*=0x752b5000, NumberOfBytesToProtect=0x73cb94, OldAccessProtection=0x73cbc8*=0x4) returned 0x0 [0280.330] GetCurrentProcess () returned 0xffffffff [0280.330] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73cb90*=0x752b50c8, NumberOfBytesToProtect=0x73cb94, NewAccessProtection=0x4, OldAccessProtection=0x73cbc8 | out: BaseAddress=0x73cb90*=0x752b5000, NumberOfBytesToProtect=0x73cb94, OldAccessProtection=0x73cbc8*=0x2) returned 0x0 [0280.330] GetCurrentProcess () returned 0xffffffff [0280.330] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73cb90*=0x752b50c8, NumberOfBytesToProtect=0x73cb94, NewAccessProtection=0x2, OldAccessProtection=0x73cbc8 | out: BaseAddress=0x73cb90*=0x752b5000, NumberOfBytesToProtect=0x73cb94, OldAccessProtection=0x73cbc8*=0x4) returned 0x0 [0280.330] SetLastError (dwErrCode=0x0) [0280.331] GetProcAddress (hModule=0x752b0000, lpProcName="GetFileVersionInfoSizeW") returned 0x752b15c0 [0280.334] GetProcAddress (hModule=0x752b0000, lpProcName="GetFileVersionInfoW") returned 0x752b15e0 [0280.337] GetProcAddress (hModule=0x752b0000, lpProcName="VerQueryValueW") returned 0x752b1560 [0280.680] SysReAllocStringLen (in: pbstr=0x73a664*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73a664*="kernel32.dll") returned 1 [0280.680] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0280.680] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0280.683] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0280.691] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\smdiagnostics\\a076de95458faf301b0890a85642988b\\smdiagnostics.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474 [0280.692] GetLastError () returned 0x0 [0280.692] SysReAllocStringLen (in: pbstr=0x73a1ac*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux", len=0x76 | out: pbstr=0x73a1ac*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux") returned 1 [0280.692] GetThreadLocale () returned 0x409 [0280.692] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0280.692] GetThreadLocale () returned 0x409 [0280.692] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0280.692] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x739f30, lpFilePart=0x739f2c | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux", lpFilePart=0x739f2c*="SMDiagnostics.ni.dll.aux") returned 0x76 [0280.692] SysReAllocStringLen (in: pbstr=0x73a1ac*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux", len=0x76 | out: pbstr=0x73a1ac*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux") returned 1 [0280.692] SysReAllocStringLen (in: pbstr=0x73a15c*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux", len=0x76 | out: pbstr=0x73a15c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux") returned 1 [0280.692] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux", cchLength=0x76 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\smdiagnostics\\a076de95458faf301b0890a85642988b\\smdiagnostics.ni.dll.aux") returned 0x76 [0280.692] SysReAllocStringLen (in: pbstr=0x73a1ac*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\smdiagnostics\\a076de95458faf301b0890a85642988b\\smdiagnostics.ni.dll.aux", len=0x76 | out: pbstr=0x73a1ac*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\smdiagnostics\\a076de95458faf301b0890a85642988b\\smdiagnostics.ni.dll.aux") returned 1 [0280.692] SetLastError (dwErrCode=0x0) [0280.692] GetCurrentThreadId () returned 0xfe0 [0280.692] GetCurrentThreadId () returned 0xfe0 [0280.692] GetCurrentThreadId () returned 0xfe0 [0280.692] GetCurrentThreadId () returned 0xfe0 [0280.692] GetCurrentThreadId () returned 0xfe0 [0280.693] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0280.693] GetCurrentThreadId () returned 0xfe0 [0280.693] GetCurrentThreadId () returned 0xfe0 [0280.693] GetCurrentThreadId () returned 0xfe0 [0280.693] SetEvent (hEvent=0x1f8) returned 1 [0280.693] GetFileSize (in: hFile=0x474, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x39c [0280.693] GetCurrentThreadId () returned 0xfe0 [0280.693] GetCurrentThreadId () returned 0xfe0 [0280.693] GetCurrentThreadId () returned 0xfe0 [0280.693] GetCurrentThreadId () returned 0xfe0 [0280.693] GetCurrentThreadId () returned 0xfe0 [0280.693] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0280.693] GetCurrentThreadId () returned 0xfe0 [0280.693] GetCurrentThreadId () returned 0xfe0 [0280.693] GetCurrentThreadId () returned 0xfe0 [0280.693] SetEvent (hEvent=0x1f8) returned 1 [0280.710] ReadFile (in: hFile=0x474, lpBuffer=0x9a7768, nNumberOfBytesToRead=0x39c, lpNumberOfBytesRead=0x73a260, lpOverlapped=0x0 | out: lpBuffer=0x9a7768*, lpNumberOfBytesRead=0x73a260*=0x39c, lpOverlapped=0x0) returned 1 [0280.712] GetCurrentThreadId () returned 0xfe0 [0280.712] ResetEvent (hEvent=0x1f4) returned 1 [0280.712] GetCurrentThreadId () returned 0xfe0 [0280.712] GetCurrentThreadId () returned 0xfe0 [0280.712] GetCurrentThreadId () returned 0xfe0 [0280.712] GetCurrentThreadId () returned 0xfe0 [0280.712] ResetEvent (hEvent=0x1f4) returned 1 [0280.712] GetCurrentThreadId () returned 0xfe0 [0280.712] GetCurrentThreadId () returned 0xfe0 [0280.712] SetEvent (hEvent=0x1f8) returned 1 [0280.713] SetEvent (hEvent=0x1f4) returned 1 [0280.713] CloseHandle (hObject=0x474) returned 1 [0280.757] SysReAllocStringLen (in: pbstr=0x739074*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x739074*="kernel32.dll") returned 1 [0280.757] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0280.758] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0280.761] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0280.764] GetCurrentThreadId () returned 0xfe0 [0280.764] ResetEvent (hEvent=0x1f4) returned 1 [0280.764] GetCurrentThreadId () returned 0xfe0 [0280.764] GetCurrentThreadId () returned 0xfe0 [0280.764] GetCurrentThreadId () returned 0xfe0 [0280.764] GetCurrentThreadId () returned 0xfe0 [0280.764] ResetEvent (hEvent=0x1f4) returned 1 [0280.764] GetCurrentThreadId () returned 0xfe0 [0280.764] GetCurrentThreadId () returned 0xfe0 [0280.764] SetEvent (hEvent=0x1f8) returned 1 [0280.764] SetEvent (hEvent=0x1f4) returned 1 [0280.764] CloseHandle (hObject=0x474) returned 1 [0280.771] SysReAllocStringLen (in: pbstr=0x739774*=0x0, psz="SMDiagnostics.ni.dll", len=0x14 | out: pbstr=0x739774*="SMDiagnostics.ni.dll") returned 1 [0280.771] CharLowerBuffW (in: lpsz="SMDiagnostics.ni.dll", cchLength=0x14 | out: lpsz="smdiagnostics.ni.dll") returned 0x14 [0280.772] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\SMDiagnostics\\a076de95458faf301b0890a85642988b\\SMDiagnostics.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x6cd10000 [0280.802] GetLastError () returned 0x0 [0280.802] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0280.803] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0280.803] SetLastError (dwErrCode=0x0) [0281.668] SysReAllocStringLen (in: pbstr=0x73a4fc*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73a4fc*="kernel32.dll") returned 1 [0281.668] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0281.668] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0281.671] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0281.981] CreateFileW (lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.identitymodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.identitymodel.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474 [0281.981] GetLastError () returned 0x0 [0281.999] SysReAllocStringLen (in: pbstr=0x739ed4*=0x0, psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", len=0x77 | out: pbstr=0x739ed4*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll") returned 1 [0281.999] GetThreadLocale () returned 0x409 [0281.999] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0281.999] GetThreadLocale () returned 0x409 [0281.999] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0281.999] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", nBufferLength=0x104, lpBuffer=0x739c58, lpFilePart=0x739c54 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", lpFilePart=0x739c54*="System.IdentityModel.dll") returned 0x77 [0281.999] SysReAllocStringLen (in: pbstr=0x739ed4*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", len=0x77 | out: pbstr=0x739ed4*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll") returned 1 [0281.999] SysReAllocStringLen (in: pbstr=0x739e84*=0x0, psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", len=0x77 | out: pbstr=0x739e84*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll") returned 1 [0281.999] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", cchLength=0x77 | out: lpsz="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.identitymodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.identitymodel.dll") returned 0x77 [0281.999] SysReAllocStringLen (in: pbstr=0x739ed4*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", psz="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.identitymodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.identitymodel.dll", len=0x77 | out: pbstr=0x739ed4*="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.identitymodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.identitymodel.dll") returned 1 [0281.999] SetLastError (dwErrCode=0x0) [0282.000] CreateFileW (lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.identitymodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.identitymodel.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4a0 [0282.000] GetLastError () returned 0x0 [0282.000] SysReAllocStringLen (in: pbstr=0x739c00*=0x0, psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", len=0x77 | out: pbstr=0x739c00*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll") returned 1 [0282.000] GetThreadLocale () returned 0x409 [0282.000] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0282.000] GetThreadLocale () returned 0x409 [0282.000] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0282.000] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", nBufferLength=0x104, lpBuffer=0x739984, lpFilePart=0x739980 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", lpFilePart=0x739980*="System.IdentityModel.dll") returned 0x77 [0282.000] SysReAllocStringLen (in: pbstr=0x739c00*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", len=0x77 | out: pbstr=0x739c00*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll") returned 1 [0282.000] SysReAllocStringLen (in: pbstr=0x739bb0*=0x0, psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", len=0x77 | out: pbstr=0x739bb0*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll") returned 1 [0282.000] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", cchLength=0x77 | out: lpsz="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.identitymodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.identitymodel.dll") returned 0x77 [0282.000] SysReAllocStringLen (in: pbstr=0x739c00*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.IdentityModel\\v4.0_4.0.0.0__b77a5c561934e089\\System.IdentityModel.dll", psz="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.identitymodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.identitymodel.dll", len=0x77 | out: pbstr=0x739c00*="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.identitymodel\\v4.0_4.0.0.0__b77a5c561934e089\\system.identitymodel.dll") returned 1 [0282.001] SetLastError (dwErrCode=0x0) [0282.002] CreateFileMappingW (hFile=0x474, lpFileMappingAttributes=0x0, flProtect=0x1000002, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x0, lpName=0x0) returned 0x4a4 [0282.074] GetCurrentThreadId () returned 0xfe0 [0282.074] ResetEvent (hEvent=0x1f4) returned 1 [0282.074] GetCurrentThreadId () returned 0xfe0 [0282.074] GetCurrentThreadId () returned 0xfe0 [0282.074] GetCurrentThreadId () returned 0xfe0 [0282.074] GetCurrentThreadId () returned 0xfe0 [0282.074] ResetEvent (hEvent=0x1f4) returned 1 [0282.074] GetCurrentThreadId () returned 0xfe0 [0282.074] GetCurrentThreadId () returned 0xfe0 [0282.074] SetEvent (hEvent=0x1f8) returned 1 [0282.074] SetEvent (hEvent=0x1f4) returned 1 [0282.075] GetCurrentThreadId () returned 0xfe0 [0282.075] GetCurrentThreadId () returned 0xfe0 [0282.075] GetCurrentThreadId () returned 0xfe0 [0282.075] GetCurrentThreadId () returned 0xfe0 [0282.075] GetCurrentThreadId () returned 0xfe0 [0282.075] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0282.075] GetCurrentThreadId () returned 0xfe0 [0282.075] GetCurrentThreadId () returned 0xfe0 [0282.075] GetCurrentThreadId () returned 0xfe0 [0282.075] SetEvent (hEvent=0x1f8) returned 1 [0282.075] MapViewOfFileEx (hFileMappingObject=0x4a4, dwDesiredAccess=0x0, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0, lpBaseAddress=0x0) returned 0x5780000 [0282.075] GetCurrentThreadId () returned 0xfe0 [0282.075] GetCurrentThreadId () returned 0xfe0 [0282.075] GetCurrentThreadId () returned 0xfe0 [0282.075] GetCurrentThreadId () returned 0xfe0 [0282.075] GetCurrentThreadId () returned 0xfe0 [0282.076] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0282.076] GetCurrentThreadId () returned 0xfe0 [0282.076] GetCurrentThreadId () returned 0xfe0 [0282.076] GetCurrentThreadId () returned 0xfe0 [0282.076] SetEvent (hEvent=0x1f8) returned 1 [0282.076] MapViewOfFileEx (hFileMappingObject=0x4a4, dwDesiredAccess=0x0, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0, lpBaseAddress=0x0) returned 0x5890000 [0282.092] UnmapViewOfFile (lpBaseAddress=0x5780000) returned 1 [0282.093] GetCurrentThreadId () returned 0xfe0 [0282.093] ResetEvent (hEvent=0x1f4) returned 1 [0282.093] GetCurrentThreadId () returned 0xfe0 [0282.093] GetCurrentThreadId () returned 0xfe0 [0282.093] GetCurrentThreadId () returned 0xfe0 [0282.093] GetCurrentThreadId () returned 0xfe0 [0282.093] ResetEvent (hEvent=0x1f4) returned 1 [0282.093] GetCurrentThreadId () returned 0xfe0 [0282.093] GetCurrentThreadId () returned 0xfe0 [0282.093] SetEvent (hEvent=0x1f8) returned 1 [0282.093] SetEvent (hEvent=0x1f4) returned 1 [0282.093] CloseHandle (hObject=0x4a0) returned 1 [0282.334] GetProcAddress (hModule=0x75ce0000, lpProcName="GetACP") returned 0x75d00320 [0282.334] GetACP () returned 0x4e4 [0282.339] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x73ea30, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x10204, lpName="Global\\NLS_CodePage_1252_3_2_0_0") returned 0x4a0 [0282.339] GetCurrentThreadId () returned 0xfe0 [0282.339] ResetEvent (hEvent=0x1f4) returned 1 [0282.339] GetCurrentThreadId () returned 0xfe0 [0282.339] GetCurrentThreadId () returned 0xfe0 [0282.339] GetCurrentThreadId () returned 0xfe0 [0282.339] GetCurrentThreadId () returned 0xfe0 [0282.339] ResetEvent (hEvent=0x1f4) returned 1 [0282.339] GetCurrentThreadId () returned 0xfe0 [0282.339] GetCurrentThreadId () returned 0xfe0 [0282.339] SetEvent (hEvent=0x1f8) returned 1 [0282.339] SetEvent (hEvent=0x1f4) returned 1 [0282.373] GetCurrentThreadId () returned 0xfe0 [0282.373] GetCurrentThreadId () returned 0xfe0 [0282.373] GetCurrentThreadId () returned 0xfe0 [0282.373] GetCurrentThreadId () returned 0xfe0 [0282.374] GetCurrentThreadId () returned 0xfe0 [0282.374] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0282.374] GetCurrentThreadId () returned 0xfe0 [0282.374] GetCurrentThreadId () returned 0xfe0 [0282.374] GetCurrentThreadId () returned 0xfe0 [0282.374] SetEvent (hEvent=0x1f8) returned 1 [0282.374] MapViewOfFile (hFileMappingObject=0x4a0, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x5790000 [0282.474] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\bdd5625eea3b03a8be11204987738096\\system.configuration.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac [0282.474] GetLastError () returned 0x0 [0282.497] SysReAllocStringLen (in: pbstr=0x73cacc*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux", len=0x84 | out: pbstr=0x73cacc*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux") returned 1 [0282.498] GetThreadLocale () returned 0x409 [0282.498] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0282.498] GetThreadLocale () returned 0x409 [0282.498] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0282.498] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x73c850, lpFilePart=0x73c84c | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux", lpFilePart=0x73c84c*="System.Configuration.ni.dll.aux") returned 0x84 [0282.498] SysReAllocStringLen (in: pbstr=0x73cacc*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux", len=0x84 | out: pbstr=0x73cacc*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux") returned 1 [0282.498] SysReAllocStringLen (in: pbstr=0x73ca7c*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux", len=0x84 | out: pbstr=0x73ca7c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux") returned 1 [0282.498] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux", cchLength=0x84 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\bdd5625eea3b03a8be11204987738096\\system.configuration.ni.dll.aux") returned 0x84 [0282.498] SysReAllocStringLen (in: pbstr=0x73cacc*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\bdd5625eea3b03a8be11204987738096\\system.configuration.ni.dll.aux", len=0x84 | out: pbstr=0x73cacc*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\bdd5625eea3b03a8be11204987738096\\system.configuration.ni.dll.aux") returned 1 [0282.498] SetLastError (dwErrCode=0x0) [0282.498] GetCurrentThreadId () returned 0xfe0 [0282.498] GetCurrentThreadId () returned 0xfe0 [0282.498] GetCurrentThreadId () returned 0xfe0 [0282.498] GetCurrentThreadId () returned 0xfe0 [0282.498] GetCurrentThreadId () returned 0xfe0 [0282.498] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0282.499] GetCurrentThreadId () returned 0xfe0 [0282.499] GetCurrentThreadId () returned 0xfe0 [0282.499] GetCurrentThreadId () returned 0xfe0 [0282.499] SetEvent (hEvent=0x1f8) returned 1 [0282.499] GetFileSize (in: hFile=0x4ac, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x360 [0282.499] GetCurrentThreadId () returned 0xfe0 [0282.499] GetCurrentThreadId () returned 0xfe0 [0282.499] GetCurrentThreadId () returned 0xfe0 [0282.499] GetCurrentThreadId () returned 0xfe0 [0282.499] GetCurrentThreadId () returned 0xfe0 [0282.499] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0282.499] GetCurrentThreadId () returned 0xfe0 [0282.499] GetCurrentThreadId () returned 0xfe0 [0282.499] GetCurrentThreadId () returned 0xfe0 [0282.499] SetEvent (hEvent=0x1f8) returned 1 [0282.499] ReadFile (in: hFile=0x4ac, lpBuffer=0x9fec70, nNumberOfBytesToRead=0x360, lpNumberOfBytesRead=0x73cb80, lpOverlapped=0x0 | out: lpBuffer=0x9fec70*, lpNumberOfBytesRead=0x73cb80*=0x360, lpOverlapped=0x0) returned 1 [0282.499] GetCurrentThreadId () returned 0xfe0 [0282.499] ResetEvent (hEvent=0x1f4) returned 1 [0282.500] GetCurrentThreadId () returned 0xfe0 [0282.500] GetCurrentThreadId () returned 0xfe0 [0282.500] GetCurrentThreadId () returned 0xfe0 [0282.500] GetCurrentThreadId () returned 0xfe0 [0282.500] ResetEvent (hEvent=0x1f4) returned 1 [0282.500] GetCurrentThreadId () returned 0xfe0 [0282.500] GetCurrentThreadId () returned 0xfe0 [0282.500] SetEvent (hEvent=0x1f8) returned 1 [0282.500] SetEvent (hEvent=0x1f4) returned 1 [0282.500] CloseHandle (hObject=0x4ac) returned 1 [0282.510] SysReAllocStringLen (in: pbstr=0x73c094*=0x0, psz="System.Configuration.ni.dll", len=0x1b | out: pbstr=0x73c094*="System.Configuration.ni.dll") returned 1 [0282.510] CharLowerBuffW (in: lpsz="System.Configuration.ni.dll", cchLength=0x1b | out: lpsz="system.configuration.ni.dll") returned 0x1b [0282.511] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\bdd5625eea3b03a8be11204987738096\\System.Configuration.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x6cc00000 [0282.529] GetLastError () returned 0x0 [0282.529] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0282.530] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0282.530] SetLastError (dwErrCode=0x0) [0282.734] SysReAllocStringLen (in: pbstr=0x73f0d4*=0x0, psz="kernel32", len=0x8 | out: pbstr=0x73f0d4*="kernel32") returned 1 [0282.734] CharLowerBuffW (in: lpsz="kernel32", cchLength=0x8 | out: lpsz="kernel32") returned 0x8 [0282.735] GetModuleHandleW (lpModuleName="kernel32") returned 0x75ce0000 [0282.755] GetProcAddress (hModule=0x75ce0000, lpProcName="CompareStringOrdinal") returned 0x75cf6170 [0282.759] GetProcAddress (hModule=0x75ce0000, lpProcName="GetLongPathName") returned 0x0 [0282.762] GetProcAddress (hModule=0x75ce0000, lpProcName="GetLongPathNameW") returned 0x75cfe1c0 [0282.762] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\", lpszLongPath=0x73ecd4, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\") returned 0x13 [0282.766] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFullPathName") returned 0x0 [0282.817] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFullPathNameW") returned 0x75d03330 [0282.817] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", nBufferLength=0x105, lpBuffer=0x73ece8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", lpFilePart=0x0) returned 0x3d [0282.830] CreateFileW (lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\system.xml.ni.dll.aux"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac [0282.830] GetLastError () returned 0x0 [0282.830] SysReAllocStringLen (in: pbstr=0x73c86c*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux", len=0x70 | out: pbstr=0x73c86c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux") returned 1 [0282.830] GetThreadLocale () returned 0x409 [0282.830] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0282.830] GetThreadLocale () returned 0x409 [0282.831] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0282.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux", nBufferLength=0x104, lpBuffer=0x73c5f0, lpFilePart=0x73c5ec | out: lpBuffer="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux", lpFilePart=0x73c5ec*="System.Xml.ni.dll.aux") returned 0x70 [0282.831] SysReAllocStringLen (in: pbstr=0x73c86c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux", psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux", len=0x70 | out: pbstr=0x73c86c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux") returned 1 [0282.831] SysReAllocStringLen (in: pbstr=0x73c81c*=0x0, psz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux", len=0x70 | out: pbstr=0x73c81c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux") returned 1 [0282.831] CharLowerBuffW (in: lpsz="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux", cchLength=0x70 | out: lpsz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\system.xml.ni.dll.aux") returned 0x70 [0282.831] SysReAllocStringLen (in: pbstr=0x73c86c*="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll.aux", psz="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\system.xml.ni.dll.aux", len=0x70 | out: pbstr=0x73c86c*="c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\system.xml.ni.dll.aux") returned 1 [0282.831] SetLastError (dwErrCode=0x0) [0282.831] GetCurrentThreadId () returned 0xfe0 [0282.831] GetCurrentThreadId () returned 0xfe0 [0282.831] GetCurrentThreadId () returned 0xfe0 [0282.831] GetCurrentThreadId () returned 0xfe0 [0282.831] GetCurrentThreadId () returned 0xfe0 [0282.831] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0282.831] GetCurrentThreadId () returned 0xfe0 [0282.831] GetCurrentThreadId () returned 0xfe0 [0282.831] GetCurrentThreadId () returned 0xfe0 [0282.831] SetEvent (hEvent=0x1f8) returned 1 [0282.831] GetFileSize (in: hFile=0x4ac, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x2ec [0282.831] GetCurrentThreadId () returned 0xfe0 [0282.831] GetCurrentThreadId () returned 0xfe0 [0282.832] GetCurrentThreadId () returned 0xfe0 [0282.832] GetCurrentThreadId () returned 0xfe0 [0282.832] GetCurrentThreadId () returned 0xfe0 [0282.832] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0282.832] GetCurrentThreadId () returned 0xfe0 [0282.832] GetCurrentThreadId () returned 0xfe0 [0282.832] GetCurrentThreadId () returned 0xfe0 [0282.832] SetEvent (hEvent=0x1f8) returned 1 [0282.832] ReadFile (in: hFile=0x4ac, lpBuffer=0x9fec70, nNumberOfBytesToRead=0x2ec, lpNumberOfBytesRead=0x73c920, lpOverlapped=0x0 | out: lpBuffer=0x9fec70*, lpNumberOfBytesRead=0x73c920*=0x2ec, lpOverlapped=0x0) returned 1 [0282.832] GetCurrentThreadId () returned 0xfe0 [0282.832] ResetEvent (hEvent=0x1f4) returned 1 [0282.832] GetCurrentThreadId () returned 0xfe0 [0282.832] GetCurrentThreadId () returned 0xfe0 [0282.832] GetCurrentThreadId () returned 0xfe0 [0282.832] GetCurrentThreadId () returned 0xfe0 [0282.832] ResetEvent (hEvent=0x1f4) returned 1 [0282.832] GetCurrentThreadId () returned 0xfe0 [0282.832] GetCurrentThreadId () returned 0xfe0 [0282.832] SetEvent (hEvent=0x1f8) returned 1 [0282.832] SetEvent (hEvent=0x1f4) returned 1 [0282.832] CloseHandle (hObject=0x4ac) returned 1 [0282.846] SysReAllocStringLen (in: pbstr=0x73b734*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73b734*="kernel32.dll") returned 1 [0282.846] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0282.846] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0282.849] GetProcAddress (hModule=0x75ce0000, lpProcName="GetNativeSystemInfo") returned 0x75d01e10 [0282.850] GetCurrentThreadId () returned 0xfe0 [0282.850] ResetEvent (hEvent=0x1f4) returned 1 [0282.850] GetCurrentThreadId () returned 0xfe0 [0282.850] GetCurrentThreadId () returned 0xfe0 [0282.850] GetCurrentThreadId () returned 0xfe0 [0282.850] GetCurrentThreadId () returned 0xfe0 [0282.850] ResetEvent (hEvent=0x1f4) returned 1 [0282.850] GetCurrentThreadId () returned 0xfe0 [0282.850] GetCurrentThreadId () returned 0xfe0 [0282.850] SetEvent (hEvent=0x1f8) returned 1 [0282.850] SetEvent (hEvent=0x1f4) returned 1 [0282.851] CloseHandle (hObject=0x4ac) returned 1 [0282.856] SysReAllocStringLen (in: pbstr=0x73be34*=0x0, psz="System.Xml.ni.dll", len=0x11 | out: pbstr=0x73be34*="System.Xml.ni.dll") returned 1 [0282.856] CharLowerBuffW (in: lpsz="System.Xml.ni.dll", cchLength=0x11 | out: lpsz="system.xml.ni.dll") returned 0x11 [0282.856] LoadLibraryExW (lpLibFileName="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\7a6051a5a51eaee0b23c3129fa6dc82c\\System.Xml.ni.dll", hFile=0x0, dwFlags=0x8) returned 0x6c480000 [0283.026] GetLastError () returned 0x0 [0283.026] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0283.026] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0283.027] SetLastError (dwErrCode=0x0) [0283.136] GetProcAddress (hModule=0x75ce0000, lpProcName="GetCurrentProcessW") returned 0x0 [0283.138] GetProcAddress (hModule=0x75ff0000, lpProcName="OpenProcessToken") returned 0x7600df20 [0283.139] GetProcAddress (hModule=0x75ff0000, lpProcName="OpenProcessTokenW") returned 0x0 [0283.139] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73f020 | out: TokenHandle=0x73f020*=0x4a8) returned 1 [0283.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2f [0283.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x2f, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0283.201] SysReAllocStringLen (in: pbstr=0x73e7cc*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x73e7cc*="ntdll.dll") returned 1 [0283.201] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0283.201] LoadLibraryExW (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x77d40000 [0283.202] GetLastError () returned 0x0 [0283.202] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0283.202] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0283.202] SetLastError (dwErrCode=0x0) [0283.203] GetProcAddress (hModule=0x77d40000, lpProcName="NtQuerySystemInformation") returned 0x77db1410 [0283.206] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFileAttributesEx") returned 0x0 [0283.209] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFileAttributesExW") returned 0x75d03290 [0283.209] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x73f018 | out: lpFileInformation=0x73f018*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca4fcd11, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x82a37051, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7b8c0d16, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0283.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0283.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x44, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0283.213] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x73f020 | out: lpFileInformation=0x73f020*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca4fcd11, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x82a37051, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7b8c0d16, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0283.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0283.215] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x44, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0283.218] GetProcAddress (hModule=0x75ce0000, lpProcName="SetThreadErrorMode") returned 0x75cf95c0 [0283.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x73ef58) returned 1 [0283.222] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateFile") returned 0x0 [0283.222] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4ac [0283.225] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFileType") returned 0x75d032f0 [0283.225] GetFileType (hFile=0x4ac) returned 0x1 [0283.225] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x73ef54) returned 1 [0283.225] GetFileType (hFile=0x4ac) returned 0x1 [0283.232] SysReAllocStringLen (in: pbstr=0x73dbe0*=0x0, psz="advapi32.dll", len=0xc | out: pbstr=0x73dbe0*="advapi32.dll") returned 1 [0283.232] CharLowerBuffW (in: lpsz="advapi32.dll", cchLength=0xc | out: lpsz="advapi32.dll") returned 0xc [0283.232] LoadLibraryExW (lpLibFileName="advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ff0000 [0283.232] GetLastError () returned 0x0 [0283.233] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0283.233] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0283.233] GetModuleFileNameA (in: hModule=0x75ff0000, lpFilename=0x73dac4, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0283.336] GetCurrentProcess () returned 0xffffffff [0283.336] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c28c, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x4, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x2) returned 0x0 [0283.337] GetCurrentProcess () returned 0xffffffff [0283.337] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c28c, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x2, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x4) returned 0x0 [0283.337] GetCurrentProcess () returned 0xffffffff [0283.337] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c294, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x4, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x2) returned 0x0 [0283.338] GetCurrentProcess () returned 0xffffffff [0283.338] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c294, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x2, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x4) returned 0x0 [0283.338] GetCurrentProcess () returned 0xffffffff [0283.338] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c01c, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x4, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x2) returned 0x0 [0283.338] GetCurrentProcess () returned 0xffffffff [0283.338] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c01c, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x2, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x4) returned 0x0 [0283.339] GetCurrentProcess () returned 0xffffffff [0283.339] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c020, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x4, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x2) returned 0x0 [0283.339] GetCurrentProcess () returned 0xffffffff [0283.339] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c020, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x2, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x4) returned 0x0 [0283.340] GetCurrentProcess () returned 0xffffffff [0283.340] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c02c, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x4, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x2) returned 0x0 [0283.340] GetCurrentProcess () returned 0xffffffff [0283.340] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c02c, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x2, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x4) returned 0x0 [0283.340] GetCurrentProcess () returned 0xffffffff [0283.340] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c048, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x4, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x2) returned 0x0 [0283.341] GetCurrentProcess () returned 0xffffffff [0283.341] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c048, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x2, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x4) returned 0x0 [0283.341] GetCurrentProcess () returned 0xffffffff [0283.341] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c074, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x4, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x2) returned 0x0 [0283.342] GetCurrentProcess () returned 0xffffffff [0283.342] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c074, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x2, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x4) returned 0x0 [0283.342] GetCurrentProcess () returned 0xffffffff [0283.342] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c0dc, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x4, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x2) returned 0x0 [0283.342] GetCurrentProcess () returned 0xffffffff [0283.342] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c0dc, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x2, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x4) returned 0x0 [0283.343] GetCurrentProcess () returned 0xffffffff [0283.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c0e0, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x4, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x2) returned 0x0 [0283.343] GetCurrentProcess () returned 0xffffffff [0283.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c0e0, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x2, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x4) returned 0x0 [0283.343] GetCurrentProcess () returned 0xffffffff [0283.343] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c0f8, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x4, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x2) returned 0x0 [0283.344] GetCurrentProcess () returned 0xffffffff [0283.344] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c0f8, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x2, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x4) returned 0x0 [0283.344] GetCurrentProcess () returned 0xffffffff [0283.344] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c124, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x4, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x2) returned 0x0 [0283.345] GetCurrentProcess () returned 0xffffffff [0283.345] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbc8*=0x7605c124, NumberOfBytesToProtect=0x73dbcc, NewAccessProtection=0x2, OldAccessProtection=0x73dc00 | out: BaseAddress=0x73dbc8*=0x7605c000, NumberOfBytesToProtect=0x73dbcc, OldAccessProtection=0x73dc00*=0x4) returned 0x0 [0283.345] SetLastError (dwErrCode=0x0) [0283.346] GetProcAddress (hModule=0x75ff0000, lpProcName="ConvertSidToStringSidW") returned 0x7600d9b0 [0283.347] GetCurrentThreadId () returned 0xfe0 [0283.347] ResetEvent (hEvent=0x1f4) returned 1 [0283.347] GetCurrentThreadId () returned 0xfe0 [0283.347] GetCurrentThreadId () returned 0xfe0 [0283.347] GetCurrentThreadId () returned 0xfe0 [0283.347] GetCurrentThreadId () returned 0xfe0 [0283.347] ResetEvent (hEvent=0x1f4) returned 1 [0283.347] GetCurrentThreadId () returned 0xfe0 [0283.347] GetCurrentThreadId () returned 0xfe0 [0283.347] SetEvent (hEvent=0x1f8) returned 1 [0283.347] SetEvent (hEvent=0x1f4) returned 1 [0283.347] CloseHandle (hObject=0x4b0) returned 1 [0283.347] SysReAllocStringLen (in: pbstr=0x73dc18*=0x0, psz="shell32.dll", len=0xb | out: pbstr=0x73dc18*="shell32.dll") returned 1 [0283.347] CharLowerBuffW (in: lpsz="shell32.dll", cchLength=0xb | out: lpsz="shell32.dll") returned 0xb [0283.347] LoadLibraryExW (lpLibFileName="shell32.dll", hFile=0x0, dwFlags=0x0) returned 0x76090000 [0283.348] GetLastError () returned 0x0 [0283.348] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0283.348] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0283.348] GetModuleFileNameA (in: hModule=0x76090000, lpFilename=0x73dafc, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0283.349] GetCurrentProcess () returned 0xffffffff [0283.349] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dc00*=0x765cea44, NumberOfBytesToProtect=0x73dc04, NewAccessProtection=0x4, OldAccessProtection=0x73dc38 | out: BaseAddress=0x73dc00*=0x765ce000, NumberOfBytesToProtect=0x73dc04, OldAccessProtection=0x73dc38*=0x2) returned 0x0 [0283.349] GetCurrentProcess () returned 0xffffffff [0283.349] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dc00*=0x765cea44, NumberOfBytesToProtect=0x73dc04, NewAccessProtection=0x2, OldAccessProtection=0x73dc38 | out: BaseAddress=0x73dc00*=0x765ce000, NumberOfBytesToProtect=0x73dc04, OldAccessProtection=0x73dc38*=0x4) returned 0x0 [0283.349] GetCurrentProcess () returned 0xffffffff [0283.349] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dc00*=0x765cea50, NumberOfBytesToProtect=0x73dc04, NewAccessProtection=0x4, OldAccessProtection=0x73dc38 | out: BaseAddress=0x73dc00*=0x765ce000, NumberOfBytesToProtect=0x73dc04, OldAccessProtection=0x73dc38*=0x2) returned 0x0 [0283.350] GetCurrentProcess () returned 0xffffffff [0283.350] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dc00*=0x765cea50, NumberOfBytesToProtect=0x73dc04, NewAccessProtection=0x2, OldAccessProtection=0x73dc38 | out: BaseAddress=0x73dc00*=0x765ce000, NumberOfBytesToProtect=0x73dc04, OldAccessProtection=0x73dc38*=0x4) returned 0x0 [0283.350] SetLastError (dwErrCode=0x0) [0283.351] GetProcAddress (hModule=0x76090000, lpProcName="SHGetFolderPathW") returned 0x761ebea0 [0283.457] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0283.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x44, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0283.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x44 [0283.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x44, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0283.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x73e534) returned 1 [0283.463] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFileAttributesEx") returned 0x0 [0283.466] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFileAttributesExW") returned 0x75d03290 [0283.466] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x73e7f8 | out: lpFileInformation=0x73e7f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca4fcd11, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x82a37051, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x7b8c0d16, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0283.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x73e530) returned 1 [0283.468] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4bc [0283.468] GetLastError () returned 0x0 [0283.468] SysReAllocStringLen (in: pbstr=0x73e3dc*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x73e3dc*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0283.468] GetThreadLocale () returned 0x409 [0283.468] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0283.468] GetThreadLocale () returned 0x409 [0283.468] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0283.468] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x104, lpBuffer=0x73e160, lpFilePart=0x73e15c | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x73e15c*="machine.config") returned 0x43 [0283.468] SysReAllocStringLen (in: pbstr=0x73e3dc*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x73e3dc*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0283.468] SysReAllocStringLen (in: pbstr=0x73e38c*=0x0, psz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x73e38c*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config") returned 1 [0283.468] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", cchLength=0x43 | out: lpsz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 0x43 [0283.469] SysReAllocStringLen (in: pbstr=0x73e3dc*="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", psz="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config", len=0x43 | out: pbstr=0x73e3dc*="c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config") returned 1 [0283.469] SetLastError (dwErrCode=0x0) [0283.480] GetCurrentThreadId () returned 0xfe0 [0283.480] GetCurrentThreadId () returned 0xfe0 [0283.481] GetCurrentThreadId () returned 0xfe0 [0283.481] GetCurrentThreadId () returned 0xfe0 [0283.481] GetCurrentThreadId () returned 0xfe0 [0283.481] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0283.481] GetCurrentThreadId () returned 0xfe0 [0283.481] GetCurrentThreadId () returned 0xfe0 [0283.481] GetCurrentThreadId () returned 0xfe0 [0283.481] SetEvent (hEvent=0x1f8) returned 1 [0283.481] ReadFile (in: hFile=0x4bc, lpBuffer=0x5691378, nNumberOfBytesToRead=0xfff, lpNumberOfBytesRead=0x73e3e4, lpOverlapped=0x0 | out: lpBuffer=0x5691378*, lpNumberOfBytesRead=0x73e3e4*=0xfff, lpOverlapped=0x0) returned 1 [0283.487] GetCurrentThreadId () returned 0xfe0 [0283.487] GetCurrentThreadId () returned 0xfe0 [0283.487] GetCurrentThreadId () returned 0xfe0 [0283.487] GetCurrentThreadId () returned 0xfe0 [0283.487] GetCurrentThreadId () returned 0xfe0 [0283.487] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0283.487] GetCurrentThreadId () returned 0xfe0 [0283.487] GetCurrentThreadId () returned 0xfe0 [0283.487] GetCurrentThreadId () returned 0xfe0 [0283.487] SetEvent (hEvent=0x1f8) returned 1 [0283.487] ReadFile (in: hFile=0x4bc, lpBuffer=0x56a2ea8, nNumberOfBytesToRead=0x17f7, lpNumberOfBytesRead=0x73e3cc, lpOverlapped=0x0 | out: lpBuffer=0x56a2ea8*, lpNumberOfBytesRead=0x73e3cc*=0x17f7, lpOverlapped=0x0) returned 1 [0283.796] GetCurrentThreadId () returned 0xfe0 [0283.796] GetCurrentThreadId () returned 0xfe0 [0283.796] GetCurrentThreadId () returned 0xfe0 [0283.796] GetCurrentThreadId () returned 0xfe0 [0283.796] GetCurrentThreadId () returned 0xfe0 [0283.796] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0283.825] GetCurrentThreadId () returned 0xfe0 [0283.825] GetCurrentThreadId () returned 0xfe0 [0283.825] GetCurrentThreadId () returned 0xfe0 [0283.825] SetEvent (hEvent=0x1f8) returned 1 [0283.825] ReadFile (in: hFile=0x4bc, lpBuffer=0x56a2ea8, nNumberOfBytesToRead=0x1001, lpNumberOfBytesRead=0x73e3dc, lpOverlapped=0x0 | out: lpBuffer=0x56a2ea8*, lpNumberOfBytesRead=0x73e3dc*=0x1001, lpOverlapped=0x0) returned 1 [0283.830] GetCurrentThreadId () returned 0xfe0 [0283.830] GetCurrentThreadId () returned 0xfe0 [0283.830] GetCurrentThreadId () returned 0xfe0 [0283.830] GetCurrentThreadId () returned 0xfe0 [0283.830] GetCurrentThreadId () returned 0xfe0 [0283.830] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0283.830] GetCurrentThreadId () returned 0xfe0 [0283.830] GetCurrentThreadId () returned 0xfe0 [0283.830] GetCurrentThreadId () returned 0xfe0 [0283.830] SetEvent (hEvent=0x1f8) returned 1 [0283.830] ReadFile (in: hFile=0x4bc, lpBuffer=0x56a2ea8, nNumberOfBytesToRead=0x1002, lpNumberOfBytesRead=0x73e3dc, lpOverlapped=0x0 | out: lpBuffer=0x56a2ea8*, lpNumberOfBytesRead=0x73e3dc*=0x1002, lpOverlapped=0x0) returned 1 [0283.832] GetCurrentThreadId () returned 0xfe0 [0283.832] GetCurrentThreadId () returned 0xfe0 [0283.832] GetCurrentThreadId () returned 0xfe0 [0283.832] GetCurrentThreadId () returned 0xfe0 [0283.832] GetCurrentThreadId () returned 0xfe0 [0283.832] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0283.832] GetCurrentThreadId () returned 0xfe0 [0283.832] GetCurrentThreadId () returned 0xfe0 [0283.832] GetCurrentThreadId () returned 0xfe0 [0283.833] SetEvent (hEvent=0x1f8) returned 1 [0283.833] ReadFile (in: hFile=0x4bc, lpBuffer=0x56a8eb8, nNumberOfBytesToRead=0x1f28, lpNumberOfBytesRead=0x73e3d0, lpOverlapped=0x0 | out: lpBuffer=0x56a8eb8*, lpNumberOfBytesRead=0x73e3d0*=0x1f28, lpOverlapped=0x0) returned 1 [0283.838] GetCurrentThreadId () returned 0xfe0 [0283.838] GetCurrentThreadId () returned 0xfe0 [0283.838] GetCurrentThreadId () returned 0xfe0 [0283.838] GetCurrentThreadId () returned 0xfe0 [0283.838] GetCurrentThreadId () returned 0xfe0 [0283.838] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0283.838] GetCurrentThreadId () returned 0xfe0 [0283.838] GetCurrentThreadId () returned 0xfe0 [0283.838] GetCurrentThreadId () returned 0xfe0 [0283.838] SetEvent (hEvent=0x1f8) returned 1 [0283.838] ReadFile (in: hFile=0x4bc, lpBuffer=0x56a8eb8, nNumberOfBytesToRead=0x10a7, lpNumberOfBytesRead=0x73e3dc, lpOverlapped=0x0 | out: lpBuffer=0x56a8eb8*, lpNumberOfBytesRead=0x73e3dc*=0x10a7, lpOverlapped=0x0) returned 1 [0283.943] GetCurrentThreadId () returned 0xfe0 [0283.943] GetCurrentThreadId () returned 0xfe0 [0283.943] GetCurrentThreadId () returned 0xfe0 [0283.943] GetCurrentThreadId () returned 0xfe0 [0283.943] GetCurrentThreadId () returned 0xfe0 [0283.943] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0283.943] GetCurrentThreadId () returned 0xfe0 [0283.943] GetCurrentThreadId () returned 0xfe0 [0283.943] GetCurrentThreadId () returned 0xfe0 [0283.943] SetEvent (hEvent=0x1f8) returned 1 [0283.943] ReadFile (in: hFile=0x4bc, lpBuffer=0x56a8eb8, nNumberOfBytesToRead=0x1018, lpNumberOfBytesRead=0x73e3dc, lpOverlapped=0x0 | out: lpBuffer=0x56a8eb8*, lpNumberOfBytesRead=0x73e3dc*=0x1018, lpOverlapped=0x0) returned 1 [0283.948] GetCurrentThreadId () returned 0xfe0 [0283.948] GetCurrentThreadId () returned 0xfe0 [0283.948] GetCurrentThreadId () returned 0xfe0 [0283.948] GetCurrentThreadId () returned 0xfe0 [0283.948] GetCurrentThreadId () returned 0xfe0 [0283.948] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0283.948] GetCurrentThreadId () returned 0xfe0 [0283.948] GetCurrentThreadId () returned 0xfe0 [0283.948] GetCurrentThreadId () returned 0xfe0 [0283.948] SetEvent (hEvent=0x1f8) returned 1 [0283.949] ReadFile (in: hFile=0x4bc, lpBuffer=0x56a8eb8, nNumberOfBytesToRead=0x109d, lpNumberOfBytesRead=0x73e3d0, lpOverlapped=0x0 | out: lpBuffer=0x56a8eb8*, lpNumberOfBytesRead=0x73e3d0*=0x4ae, lpOverlapped=0x0) returned 1 [0283.951] GetCurrentThreadId () returned 0xfe0 [0283.951] GetCurrentThreadId () returned 0xfe0 [0283.951] GetCurrentThreadId () returned 0xfe0 [0283.951] GetCurrentThreadId () returned 0xfe0 [0283.951] GetCurrentThreadId () returned 0xfe0 [0283.951] WaitForSingleObject (hHandle=0x1f4, dwMilliseconds=0xffffffff) returned 0x0 [0283.951] GetCurrentThreadId () returned 0xfe0 [0283.951] GetCurrentThreadId () returned 0xfe0 [0283.951] GetCurrentThreadId () returned 0xfe0 [0283.951] SetEvent (hEvent=0x1f8) returned 1 [0283.951] ReadFile (in: hFile=0x4bc, lpBuffer=0x56a2ea8, nNumberOfBytesToRead=0x1feb, lpNumberOfBytesRead=0x73e3d0, lpOverlapped=0x0 | out: lpBuffer=0x56a2ea8*, lpNumberOfBytesRead=0x73e3d0*=0x0, lpOverlapped=0x0) returned 1 [0283.952] GetCurrentThreadId () returned 0xfe0 [0283.952] ResetEvent (hEvent=0x1f4) returned 1 [0283.952] GetCurrentThreadId () returned 0xfe0 [0283.952] GetCurrentThreadId () returned 0xfe0 [0283.952] GetCurrentThreadId () returned 0xfe0 [0283.952] GetCurrentThreadId () returned 0xfe0 [0283.952] ResetEvent (hEvent=0x1f4) returned 1 [0283.952] GetCurrentThreadId () returned 0xfe0 [0283.952] GetCurrentThreadId () returned 0xfe0 [0283.952] SetEvent (hEvent=0x1f8) returned 1 [0283.952] SetEvent (hEvent=0x1f4) returned 1 [0283.952] CloseHandle (hObject=0x4bc) returned 1 [0284.027] SysReAllocStringLen (in: pbstr=0x73daac*=0x0, psz="bcrypt.dll", len=0xa | out: pbstr=0x73daac*="bcrypt.dll") returned 1 [0284.027] CharLowerBuffW (in: lpsz="bcrypt.dll", cchLength=0xa | out: lpsz="bcrypt.dll") returned 0xa [0284.028] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\bcrypt.dll", hFile=0x0, dwFlags=0x800) returned 0x0 [0284.028] GetLastError () returned 0x7e [0284.028] SetLastError (dwErrCode=0x7e) [0284.033] SysReAllocStringLen (in: pbstr=0x73daac*=0x0, psz="bcrypt.dll", len=0xa | out: pbstr=0x73daac*="bcrypt.dll") returned 1 [0284.033] CharLowerBuffW (in: lpsz="bcrypt.dll", cchLength=0xa | out: lpsz="bcrypt.dll") returned 0xa [0284.033] LoadLibraryExW (lpLibFileName="bcrypt.dll", hFile=0x0, dwFlags=0x800) returned 0x76070000 [0284.033] GetLastError () returned 0x0 [0284.033] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0284.034] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0284.034] GetModuleFileNameA (in: hModule=0x76070000, lpFilename=0x73d990, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0284.034] GetCurrentProcess () returned 0xffffffff [0284.034] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73da94*=0x76085050, NumberOfBytesToProtect=0x73da98, NewAccessProtection=0x4, OldAccessProtection=0x73dacc | out: BaseAddress=0x73da94*=0x76085000, NumberOfBytesToProtect=0x73da98, OldAccessProtection=0x73dacc*=0x2) returned 0x0 [0284.034] GetCurrentProcess () returned 0xffffffff [0284.034] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73da94*=0x76085050, NumberOfBytesToProtect=0x73da98, NewAccessProtection=0x2, OldAccessProtection=0x73dacc | out: BaseAddress=0x73da94*=0x76085000, NumberOfBytesToProtect=0x73da98, OldAccessProtection=0x73dacc*=0x4) returned 0x0 [0284.035] SetLastError (dwErrCode=0x0) [0284.035] GetProcAddress (hModule=0x76070000, lpProcName="BCryptGetFipsAlgorithmMode") returned 0x76079570 [0284.036] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x73e6c4 | out: pfEnabled=0x73e6c4) returned 0x0 [0284.066] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x73efa4 | out: phkResult=0x73efa4*=0x0) returned 0x2 [0284.066] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x73efa4 | out: phkResult=0x73efa4*=0x0) returned 0x2 [0284.068] GetFileSize (in: hFile=0x4ac, lpFileSizeHigh=0x73f014 | out: lpFileSizeHigh=0x73f014*=0x0) returned 0x8c8e [0284.070] ReadFile (in: hFile=0x4ac, lpBuffer=0x2fbf044, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x73efd0, lpOverlapped=0x0 | out: lpBuffer=0x2fbf044*, lpNumberOfBytesRead=0x73efd0*=0x1000, lpOverlapped=0x0) returned 1 [0284.084] ReadFile (in: hFile=0x4ac, lpBuffer=0x2fbf044, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x73ee80, lpOverlapped=0x0 | out: lpBuffer=0x2fbf044*, lpNumberOfBytesRead=0x73ee80*=0x1000, lpOverlapped=0x0) returned 1 [0284.086] ReadFile (in: hFile=0x4ac, lpBuffer=0x2fbf044, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x73ed34, lpOverlapped=0x0 | out: lpBuffer=0x2fbf044*, lpNumberOfBytesRead=0x73ed34*=0x1000, lpOverlapped=0x0) returned 1 [0284.087] ReadFile (in: hFile=0x4ac, lpBuffer=0x2fbf044, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x73ed34, lpOverlapped=0x0 | out: lpBuffer=0x2fbf044*, lpNumberOfBytesRead=0x73ed34*=0x1000, lpOverlapped=0x0) returned 1 [0284.087] ReadFile (in: hFile=0x4ac, lpBuffer=0x2fbf044, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x73ed34, lpOverlapped=0x0 | out: lpBuffer=0x2fbf044*, lpNumberOfBytesRead=0x73ed34*=0x1000, lpOverlapped=0x0) returned 1 [0284.087] ReadFile (in: hFile=0x4ac, lpBuffer=0x2fbf044, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x73ec6c, lpOverlapped=0x0 | out: lpBuffer=0x2fbf044*, lpNumberOfBytesRead=0x73ec6c*=0x1000, lpOverlapped=0x0) returned 1 [0284.143] ReadFile (in: hFile=0x4ac, lpBuffer=0x2fbf044, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x73edd8, lpOverlapped=0x0 | out: lpBuffer=0x2fbf044*, lpNumberOfBytesRead=0x73edd8*=0x1000, lpOverlapped=0x0) returned 1 [0284.146] ReadFile (in: hFile=0x4ac, lpBuffer=0x2fbf044, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x73eccc, lpOverlapped=0x0 | out: lpBuffer=0x2fbf044*, lpNumberOfBytesRead=0x73eccc*=0x1000, lpOverlapped=0x0) returned 1 [0284.147] ReadFile (in: hFile=0x4ac, lpBuffer=0x2fbf044, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x73eccc, lpOverlapped=0x0 | out: lpBuffer=0x2fbf044*, lpNumberOfBytesRead=0x73eccc*=0xc8e, lpOverlapped=0x0) returned 1 [0284.147] ReadFile (in: hFile=0x4ac, lpBuffer=0x2fbf044, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x73ed90, lpOverlapped=0x0 | out: lpBuffer=0x2fbf044*, lpNumberOfBytesRead=0x73ed90*=0x0, lpOverlapped=0x0) returned 1 [0284.148] CloseHandle (hObject=0x4ac) returned 1 [0284.148] CloseHandle (hObject=0x4a8) returned 1 [0284.150] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73f16c | out: TokenHandle=0x73f16c*=0x4a8) returned 1 [0284.151] CloseHandle (hObject=0x4a8) returned 1 [0284.151] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73f16c | out: TokenHandle=0x73f16c*=0x4a8) returned 1 [0284.155] CloseHandle (hObject=0x4a8) returned 1 [0284.230] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73f020 | out: TokenHandle=0x73f020*=0x4a8) returned 1 [0284.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x73f018 | out: lpFileInformation=0x73f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0284.231] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x3e [0284.232] GetFullPathNameW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", nBufferLength=0x3e, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config", lpFilePart=0x0) returned 0x3d [0284.232] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe.config" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x73f020 | out: lpFileInformation=0x73f020*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0284.232] CloseHandle (hObject=0x4a8) returned 1 [0284.233] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73f16c | out: TokenHandle=0x73f16c*=0x4a8) returned 1 [0284.233] CloseHandle (hObject=0x4a8) returned 1 [0284.234] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73f16c | out: TokenHandle=0x73f16c*=0x4a8) returned 1 [0284.235] CloseHandle (hObject=0x4a8) returned 1 [0284.254] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73ef84 | out: TokenHandle=0x73ef84*=0x4a8) returned 1 [0284.314] CloseHandle (hObject=0x4a8) returned 1 [0284.314] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73ef9c | out: TokenHandle=0x73ef9c*=0x4a8) returned 1 [0284.316] CloseHandle (hObject=0x4a8) returned 1 [0284.330] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4a8 [0284.331] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4ac [0284.336] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73ef7c | out: TokenHandle=0x73ef7c*=0x4c0) returned 1 [0284.343] CloseHandle (hObject=0x4c0) returned 1 [0284.344] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73ef94 | out: TokenHandle=0x73ef94*=0x4c0) returned 1 [0284.344] CloseHandle (hObject=0x4c0) returned 1 [0284.349] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73ef84 | out: TokenHandle=0x73ef84*=0x4c0) returned 1 [0284.355] CloseHandle (hObject=0x4c0) returned 1 [0284.356] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73ef9c | out: TokenHandle=0x73ef9c*=0x4c0) returned 1 [0284.356] CloseHandle (hObject=0x4c0) returned 1 [0284.369] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x73e46c | out: phkResult=0x73e46c*=0x4c0) returned 0x0 [0284.370] RegQueryValueExW (in: hKey=0x4c0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x73e48c, lpData=0x0, lpcbData=0x73e488*=0x0 | out: lpType=0x73e48c*=0x1, lpData=0x0, lpcbData=0x73e488*=0xe) returned 0x0 [0284.370] RegQueryValueExW (in: hKey=0x4c0, lpValueName="InstallationType", lpReserved=0x0, lpType=0x73e48c, lpData=0x2fdfb68, lpcbData=0x73e488*=0xe | out: lpType=0x73e48c*=0x1, lpData="Client", lpcbData=0x73e488*=0xe) returned 0x0 [0284.370] RegCloseKey (hKey=0x4c0) returned 0x0 [0284.385] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f238 | out: phkResult=0x73f238*=0x4c0) returned 0x0 [0284.386] RegQueryValueExW (in: hKey=0x4c0, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x73f254, lpData=0x0, lpcbData=0x73f250*=0x0 | out: lpType=0x73f254*=0x0, lpData=0x0, lpcbData=0x73f250*=0x0) returned 0x2 [0284.386] RegCloseKey (hKey=0x4c0) returned 0x0 [0284.427] GetProcAddress (hModule=0x75ce0000, lpProcName="OpenProcess") returned 0x75d00590 [0284.430] GetProcAddress (hModule=0x75ce0000, lpProcName="OpenProcessW") returned 0x0 [0284.430] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1428) returned 0x4c0 [0284.431] SysReAllocStringLen (in: pbstr=0x73e5b4*=0x0, psz="psapi.dll", len=0x9 | out: pbstr=0x73e5b4*="psapi.dll") returned 1 [0284.496] CharLowerBuffW (in: lpsz="psapi.dll", cchLength=0x9 | out: lpsz="psapi.dll") returned 0x9 [0284.496] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\psapi.dll", hFile=0x0, dwFlags=0x800) returned 0x0 [0284.497] GetLastError () returned 0x7e [0284.497] SetLastError (dwErrCode=0x7e) [0284.502] SysReAllocStringLen (in: pbstr=0x73e5b4*=0x0, psz="psapi.dll", len=0x9 | out: pbstr=0x73e5b4*="psapi.dll") returned 1 [0284.502] CharLowerBuffW (in: lpsz="psapi.dll", cchLength=0x9 | out: lpsz="psapi.dll") returned 0x9 [0284.502] LoadLibraryExW (lpLibFileName="psapi.dll", hFile=0x0, dwFlags=0x800) returned 0x75f50000 [0284.506] GetLastError () returned 0x0 [0284.507] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0284.507] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0284.507] GetModuleFileNameA (in: hModule=0x75f50000, lpFilename=0x73e498, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0284.507] GetCurrentProcess () returned 0xffffffff [0284.524] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e59c*=0x75f53008, NumberOfBytesToProtect=0x73e5a0, NewAccessProtection=0x4, OldAccessProtection=0x73e5d4 | out: BaseAddress=0x73e59c*=0x75f53000, NumberOfBytesToProtect=0x73e5a0, OldAccessProtection=0x73e5d4*=0x2) returned 0x0 [0284.524] GetCurrentProcess () returned 0xffffffff [0284.524] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e59c*=0x75f53008, NumberOfBytesToProtect=0x73e5a0, NewAccessProtection=0x2, OldAccessProtection=0x73e5d4 | out: BaseAddress=0x73e59c*=0x75f53000, NumberOfBytesToProtect=0x73e5a0, OldAccessProtection=0x73e5d4*=0x4) returned 0x0 [0284.525] SetLastError (dwErrCode=0x0) [0284.525] GetProcAddress (hModule=0x75f50000, lpProcName="EnumProcessModules") returned 0x75f513a0 [0284.526] GetProcAddress (hModule=0x75f50000, lpProcName="EnumProcessModulesW") returned 0x0 [0284.526] EnumProcessModules (in: hProcess=0x4c0, lphModule=0x2fe0410, cb=0x100, lpcbNeeded=0x73f244 | out: lphModule=0x2fe0410, lpcbNeeded=0x73f244) returned 1 [0284.529] GetProcAddress (hModule=0x75f50000, lpProcName="GetModuleInformation") returned 0x75f51440 [0284.529] GetProcAddress (hModule=0x75f50000, lpProcName="GetModuleInformationW") returned 0x0 [0284.529] GetModuleInformation (in: hProcess=0x4c0, hModule=0x20000, lpmodinfo=0x2fe0550, cb=0xc | out: lpmodinfo=0x2fe0550*(lpBaseOfDll=0x20000, SizeOfImage=0x388000, EntryPoint=0x2873f)) returned 1 [0284.530] GetProcAddress (hModule=0x75f50000, lpProcName="GetModuleBaseName") returned 0x0 [0284.531] GetProcAddress (hModule=0x75f50000, lpProcName="GetModuleBaseNameW") returned 0x75f51400 [0284.531] GetProcAddress (hModule=0x77290000, lpProcName="CoTaskMemAlloc") returned 0x778e1e30 [0284.531] CoTaskMemAlloc (cb=0x804) returned 0x56a4008 [0284.531] GetModuleBaseNameW (in: hProcess=0x4c0, hModule=0x20000, lpBaseName=0x56a4008, nSize=0x800 | out: lpBaseName="gesf.exe") returned 0x8 [0284.532] GetProcAddress (hModule=0x77290000, lpProcName="CoTaskMemFree") returned 0x778e1fb0 [0284.532] CoTaskMemFree (pv=0x56a4008) [0284.533] GetProcAddress (hModule=0x75f50000, lpProcName="GetModuleFileNameEx") returned 0x0 [0284.533] GetProcAddress (hModule=0x75f50000, lpProcName="GetModuleFileNameExW") returned 0x75f51420 [0284.533] CoTaskMemAlloc (cb=0x804) returned 0x56a4008 [0284.533] GetModuleFileNameExW (in: hProcess=0x4c0, hModule=0x20000, lpFilename=0x56a4008, nSize=0x800 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0284.534] CoTaskMemFree (pv=0x56a4008) [0284.534] CloseHandle (hObject=0x4c0) returned 1 [0284.536] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x36 [0284.536] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x36, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x0) returned 0x35 [0284.575] LocalAlloc (uFlags=0x0, uBytes=0x6c) returned 0x98b2a0 [0284.581] GetProcAddress (hModule=0x75ce0000, lpProcName="GetLongPathNameW") returned 0x75cfe1c0 [0284.581] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x36 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\esf.exe") returned 0x37 [0284.586] GetProcAddress (hModule=0x75ce0000, lpProcName="LocalReAlloc") returned 0x75cf8aa0 [0284.587] LocalReAlloc (hMem=0x994528, uBytes=0x6e, uFlags=0x2) returned 0x994528 [0284.587] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x37 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 0x36 [0284.592] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x0) returned 0x2 [0284.593] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x4c0) returned 0x0 [0284.593] RegQueryValueExW (in: hKey=0x4c0, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x73f258, lpData=0x0, lpcbData=0x73f254*=0x0 | out: lpType=0x73f258*=0x0, lpData=0x0, lpcbData=0x73f254*=0x0) returned 0x2 [0284.593] RegCloseKey (hKey=0x4c0) returned 0x0 [0284.594] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1428) returned 0x4c0 [0284.594] EnumProcessModules (in: hProcess=0x4c0, lphModule=0x2fe3044, cb=0x100, lpcbNeeded=0x73f244 | out: lphModule=0x2fe3044, lpcbNeeded=0x73f244) returned 1 [0284.596] GetModuleInformation (in: hProcess=0x4c0, hModule=0x20000, lpmodinfo=0x2fe3184, cb=0xc | out: lpmodinfo=0x2fe3184*(lpBaseOfDll=0x20000, SizeOfImage=0x388000, EntryPoint=0x2873f)) returned 1 [0284.596] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.596] GetModuleBaseNameW (in: hProcess=0x4c0, hModule=0x20000, lpBaseName=0x56a45a0, nSize=0x800 | out: lpBaseName="gesf.exe") returned 0x8 [0284.596] CoTaskMemFree (pv=0x56a45a0) [0284.596] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.596] GetModuleFileNameExW (in: hProcess=0x4c0, hModule=0x20000, lpFilename=0x56a45a0, nSize=0x800 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0284.597] CoTaskMemFree (pv=0x56a45a0) [0284.597] CloseHandle (hObject=0x4c0) returned 1 [0284.597] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x36 [0284.597] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x36, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x0) returned 0x35 [0284.597] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x36 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\esf.exe") returned 0x37 [0284.598] LocalReAlloc (hMem=0x994528, uBytes=0x6e, uFlags=0x2) returned 0x994528 [0284.600] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x37 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 0x36 [0284.601] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x0) returned 0x2 [0284.602] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x4c0) returned 0x0 [0284.602] RegQueryValueExW (in: hKey=0x4c0, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x73f258, lpData=0x0, lpcbData=0x73f254*=0x0 | out: lpType=0x73f258*=0x0, lpData=0x0, lpcbData=0x73f254*=0x0) returned 0x2 [0284.602] RegCloseKey (hKey=0x4c0) returned 0x0 [0284.602] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1428) returned 0x4c0 [0284.603] EnumProcessModules (in: hProcess=0x4c0, lphModule=0x2fe5b18, cb=0x100, lpcbNeeded=0x73f244 | out: lphModule=0x2fe5b18, lpcbNeeded=0x73f244) returned 1 [0284.604] GetModuleInformation (in: hProcess=0x4c0, hModule=0x20000, lpmodinfo=0x2fe5c58, cb=0xc | out: lpmodinfo=0x2fe5c58*(lpBaseOfDll=0x20000, SizeOfImage=0x388000, EntryPoint=0x2873f)) returned 1 [0284.604] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.604] GetModuleBaseNameW (in: hProcess=0x4c0, hModule=0x20000, lpBaseName=0x56a45a0, nSize=0x800 | out: lpBaseName="gesf.exe") returned 0x8 [0284.605] CoTaskMemFree (pv=0x56a45a0) [0284.605] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.605] GetModuleFileNameExW (in: hProcess=0x4c0, hModule=0x20000, lpFilename=0x56a45a0, nSize=0x800 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0284.606] CoTaskMemFree (pv=0x56a45a0) [0284.606] CloseHandle (hObject=0x4c0) returned 1 [0284.606] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x36 [0284.606] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x36, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x0) returned 0x35 [0284.606] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x36 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\esf.exe") returned 0x37 [0284.607] LocalReAlloc (hMem=0x994528, uBytes=0x6e, uFlags=0x2) returned 0x994528 [0284.607] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x37 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 0x36 [0284.609] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x0) returned 0x2 [0284.609] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x4c0) returned 0x0 [0284.610] RegQueryValueExW (in: hKey=0x4c0, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x73f258, lpData=0x0, lpcbData=0x73f254*=0x0 | out: lpType=0x73f258*=0x0, lpData=0x0, lpcbData=0x73f254*=0x0) returned 0x2 [0284.610] RegCloseKey (hKey=0x4c0) returned 0x0 [0284.610] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1428) returned 0x4c0 [0284.610] EnumProcessModules (in: hProcess=0x4c0, lphModule=0x2fe85d8, cb=0x100, lpcbNeeded=0x73f244 | out: lphModule=0x2fe85d8, lpcbNeeded=0x73f244) returned 1 [0284.612] GetModuleInformation (in: hProcess=0x4c0, hModule=0x20000, lpmodinfo=0x2fe8718, cb=0xc | out: lpmodinfo=0x2fe8718*(lpBaseOfDll=0x20000, SizeOfImage=0x388000, EntryPoint=0x2873f)) returned 1 [0284.612] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.612] GetModuleBaseNameW (in: hProcess=0x4c0, hModule=0x20000, lpBaseName=0x56a45a0, nSize=0x800 | out: lpBaseName="gesf.exe") returned 0x8 [0284.612] CoTaskMemFree (pv=0x56a45a0) [0284.612] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.612] GetModuleFileNameExW (in: hProcess=0x4c0, hModule=0x20000, lpFilename=0x56a45a0, nSize=0x800 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0284.613] CoTaskMemFree (pv=0x56a45a0) [0284.613] CloseHandle (hObject=0x4c0) returned 1 [0284.613] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x36 [0284.613] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x36, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x0) returned 0x35 [0284.613] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x36 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\esf.exe") returned 0x37 [0284.614] LocalReAlloc (hMem=0x994528, uBytes=0x6e, uFlags=0x2) returned 0x994528 [0284.614] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x37 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 0x36 [0284.616] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x0) returned 0x2 [0284.616] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x4c0) returned 0x0 [0284.617] RegQueryValueExW (in: hKey=0x4c0, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x73f258, lpData=0x0, lpcbData=0x73f254*=0x0 | out: lpType=0x73f258*=0x0, lpData=0x0, lpcbData=0x73f254*=0x0) returned 0x2 [0284.617] RegCloseKey (hKey=0x4c0) returned 0x0 [0284.617] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1428) returned 0x4c0 [0284.617] EnumProcessModules (in: hProcess=0x4c0, lphModule=0x2feb00c, cb=0x100, lpcbNeeded=0x73f244 | out: lphModule=0x2feb00c, lpcbNeeded=0x73f244) returned 1 [0284.619] GetModuleInformation (in: hProcess=0x4c0, hModule=0x20000, lpmodinfo=0x2feb14c, cb=0xc | out: lpmodinfo=0x2feb14c*(lpBaseOfDll=0x20000, SizeOfImage=0x388000, EntryPoint=0x2873f)) returned 1 [0284.619] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.619] GetModuleBaseNameW (in: hProcess=0x4c0, hModule=0x20000, lpBaseName=0x56a45a0, nSize=0x800 | out: lpBaseName="gesf.exe") returned 0x8 [0284.619] CoTaskMemFree (pv=0x56a45a0) [0284.619] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.619] GetModuleFileNameExW (in: hProcess=0x4c0, hModule=0x20000, lpFilename=0x56a45a0, nSize=0x800 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0284.620] CoTaskMemFree (pv=0x56a45a0) [0284.620] CloseHandle (hObject=0x4c0) returned 1 [0284.620] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x36 [0284.620] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x36, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x0) returned 0x35 [0284.620] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x36 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\esf.exe") returned 0x37 [0284.673] LocalReAlloc (hMem=0x994528, uBytes=0x6e, uFlags=0x2) returned 0x994528 [0284.673] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x37 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 0x36 [0284.675] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x0) returned 0x2 [0284.675] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x4c0) returned 0x0 [0284.676] RegQueryValueExW (in: hKey=0x4c0, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x73f258, lpData=0x0, lpcbData=0x73f254*=0x0 | out: lpType=0x73f258*=0x0, lpData=0x0, lpcbData=0x73f254*=0x0) returned 0x2 [0284.676] RegCloseKey (hKey=0x4c0) returned 0x0 [0284.677] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1428) returned 0x4c0 [0284.677] EnumProcessModules (in: hProcess=0x4c0, lphModule=0x2feda24, cb=0x100, lpcbNeeded=0x73f244 | out: lphModule=0x2feda24, lpcbNeeded=0x73f244) returned 1 [0284.678] GetModuleInformation (in: hProcess=0x4c0, hModule=0x20000, lpmodinfo=0x2fedb64, cb=0xc | out: lpmodinfo=0x2fedb64*(lpBaseOfDll=0x20000, SizeOfImage=0x388000, EntryPoint=0x2873f)) returned 1 [0284.679] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.679] GetModuleBaseNameW (in: hProcess=0x4c0, hModule=0x20000, lpBaseName=0x56a45a0, nSize=0x800 | out: lpBaseName="gesf.exe") returned 0x8 [0284.679] CoTaskMemFree (pv=0x56a45a0) [0284.679] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.679] GetModuleFileNameExW (in: hProcess=0x4c0, hModule=0x20000, lpFilename=0x56a45a0, nSize=0x800 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0284.680] CoTaskMemFree (pv=0x56a45a0) [0284.680] CloseHandle (hObject=0x4c0) returned 1 [0284.680] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x36 [0284.680] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x36, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x0) returned 0x35 [0284.680] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x36 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\esf.exe") returned 0x37 [0284.682] LocalReAlloc (hMem=0x994528, uBytes=0x6e, uFlags=0x2) returned 0x994528 [0284.682] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x37 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 0x36 [0284.685] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x0) returned 0x2 [0284.686] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x4c0) returned 0x0 [0284.687] RegQueryValueExW (in: hKey=0x4c0, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x73f258, lpData=0x0, lpcbData=0x73f254*=0x0 | out: lpType=0x73f258*=0x0, lpData=0x0, lpcbData=0x73f254*=0x0) returned 0x2 [0284.687] RegCloseKey (hKey=0x4c0) returned 0x0 [0284.696] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x4c0) returned 0x0 [0284.697] RegQueryValueExW (in: hKey=0x4c0, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x73f258, lpData=0x0, lpcbData=0x73f254*=0x0 | out: lpType=0x73f258*=0x4, lpData=0x0, lpcbData=0x73f254*=0x4) returned 0x0 [0284.697] GetProcAddress (hModule=0x75ff0000, lpProcName="RegQueryValueEx") returned 0x0 [0284.698] GetProcAddress (hModule=0x75ff0000, lpProcName="RegQueryValueExW") returned 0x7600ddd0 [0284.698] RegQueryValueExW (in: hKey=0x4c0, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x73f258, lpData=0x73f244, lpcbData=0x73f254*=0x4 | out: lpType=0x73f258*=0x4, lpData=0x73f244*=0x1, lpcbData=0x73f254*=0x4) returned 0x0 [0284.701] RegQueryValueExW (in: hKey=0x4c0, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x73f290, lpData=0x0, lpcbData=0x73f28c*=0x0 | out: lpType=0x73f290*=0x4, lpData=0x0, lpcbData=0x73f28c*=0x4) returned 0x0 [0284.704] RegCloseKey (hKey=0x4c0) returned 0x0 [0284.705] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1428) returned 0x4c0 [0284.705] EnumProcessModules (in: hProcess=0x4c0, lphModule=0x2ff14e8, cb=0x100, lpcbNeeded=0x73f240 | out: lphModule=0x2ff14e8, lpcbNeeded=0x73f240) returned 1 [0284.707] GetModuleInformation (in: hProcess=0x4c0, hModule=0x20000, lpmodinfo=0x2ff1628, cb=0xc | out: lpmodinfo=0x2ff1628*(lpBaseOfDll=0x20000, SizeOfImage=0x388000, EntryPoint=0x2873f)) returned 1 [0284.707] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.707] GetModuleBaseNameW (in: hProcess=0x4c0, hModule=0x20000, lpBaseName=0x56a45a0, nSize=0x800 | out: lpBaseName="gesf.exe") returned 0x8 [0284.708] CoTaskMemFree (pv=0x56a45a0) [0284.709] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.709] GetModuleFileNameExW (in: hProcess=0x4c0, hModule=0x20000, lpFilename=0x56a45a0, nSize=0x800 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0284.709] CoTaskMemFree (pv=0x56a45a0) [0284.709] CloseHandle (hObject=0x4c0) returned 1 [0284.709] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x36 [0284.709] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x36, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x0) returned 0x35 [0284.709] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x36 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\esf.exe") returned 0x37 [0284.711] LocalReAlloc (hMem=0x994528, uBytes=0x6e, uFlags=0x2) returned 0x994528 [0284.711] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x37 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 0x36 [0284.713] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f238 | out: phkResult=0x73f238*=0x0) returned 0x2 [0284.713] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f238 | out: phkResult=0x73f238*=0x4c0) returned 0x0 [0284.714] RegQueryValueExW (in: hKey=0x4c0, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x73f254, lpData=0x0, lpcbData=0x73f250*=0x0 | out: lpType=0x73f254*=0x0, lpData=0x0, lpcbData=0x73f250*=0x0) returned 0x2 [0284.714] RegCloseKey (hKey=0x4c0) returned 0x0 [0284.762] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x4c0) returned 0x0 [0284.762] RegQueryValueExW (in: hKey=0x4c0, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x73f258, lpData=0x0, lpcbData=0x73f254*=0x0 | out: lpType=0x73f258*=0x4, lpData=0x0, lpcbData=0x73f254*=0x4) returned 0x0 [0284.762] RegQueryValueExW (in: hKey=0x4c0, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x73f258, lpData=0x73f244, lpcbData=0x73f254*=0x4 | out: lpType=0x73f258*=0x4, lpData=0x73f244*=0x1, lpcbData=0x73f254*=0x4) returned 0x0 [0284.762] RegQueryValueExW (in: hKey=0x4c0, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x73f290, lpData=0x0, lpcbData=0x73f28c*=0x0 | out: lpType=0x73f290*=0x4, lpData=0x0, lpcbData=0x73f28c*=0x4) returned 0x0 [0284.763] RegCloseKey (hKey=0x4c0) returned 0x0 [0284.763] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1428) returned 0x4c0 [0284.763] EnumProcessModules (in: hProcess=0x4c0, lphModule=0x2ff41d4, cb=0x100, lpcbNeeded=0x73f244 | out: lphModule=0x2ff41d4, lpcbNeeded=0x73f244) returned 1 [0284.765] GetModuleInformation (in: hProcess=0x4c0, hModule=0x20000, lpmodinfo=0x2ff4314, cb=0xc | out: lpmodinfo=0x2ff4314*(lpBaseOfDll=0x20000, SizeOfImage=0x388000, EntryPoint=0x2873f)) returned 1 [0284.765] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.765] GetModuleBaseNameW (in: hProcess=0x4c0, hModule=0x20000, lpBaseName=0x56a45a0, nSize=0x800 | out: lpBaseName="gesf.exe") returned 0x8 [0284.765] CoTaskMemFree (pv=0x56a45a0) [0284.765] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.765] GetModuleFileNameExW (in: hProcess=0x4c0, hModule=0x20000, lpFilename=0x56a45a0, nSize=0x800 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0284.766] CoTaskMemFree (pv=0x56a45a0) [0284.766] CloseHandle (hObject=0x4c0) returned 1 [0284.766] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x36 [0284.766] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x36, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x0) returned 0x35 [0284.766] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x36 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\esf.exe") returned 0x37 [0284.768] LocalReAlloc (hMem=0x994528, uBytes=0x6e, uFlags=0x2) returned 0x994528 [0284.768] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x37 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 0x36 [0284.769] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SystemDefaultTlsVersions", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f23c | out: phkResult=0x73f23c*=0x0) returned 0x2 [0284.770] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1428) returned 0x4c0 [0284.770] EnumProcessModules (in: hProcess=0x4c0, lphModule=0x2ff6a6c, cb=0x100, lpcbNeeded=0x73f240 | out: lphModule=0x2ff6a6c, lpcbNeeded=0x73f240) returned 1 [0284.772] GetModuleInformation (in: hProcess=0x4c0, hModule=0x20000, lpmodinfo=0x2ff6bac, cb=0xc | out: lpmodinfo=0x2ff6bac*(lpBaseOfDll=0x20000, SizeOfImage=0x388000, EntryPoint=0x2873f)) returned 1 [0284.772] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.772] GetModuleBaseNameW (in: hProcess=0x4c0, hModule=0x20000, lpBaseName=0x56a45a0, nSize=0x800 | out: lpBaseName="gesf.exe") returned 0x8 [0284.772] CoTaskMemFree (pv=0x56a45a0) [0284.772] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.772] GetModuleFileNameExW (in: hProcess=0x4c0, hModule=0x20000, lpFilename=0x56a45a0, nSize=0x800 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0284.773] CoTaskMemFree (pv=0x56a45a0) [0284.773] CloseHandle (hObject=0x4c0) returned 1 [0284.773] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x36 [0284.773] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x36, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x0) returned 0x35 [0284.773] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x36 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\esf.exe") returned 0x37 [0284.774] LocalReAlloc (hMem=0x994528, uBytes=0x6e, uFlags=0x2) returned 0x994528 [0284.774] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x37 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 0x36 [0284.776] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f238 | out: phkResult=0x73f238*=0x0) returned 0x2 [0284.776] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f238 | out: phkResult=0x73f238*=0x4c0) returned 0x0 [0284.777] RegQueryValueExW (in: hKey=0x4c0, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x73f254, lpData=0x0, lpcbData=0x73f250*=0x0 | out: lpType=0x73f254*=0x0, lpData=0x0, lpcbData=0x73f250*=0x0) returned 0x2 [0284.777] RegCloseKey (hKey=0x4c0) returned 0x0 [0284.779] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1428) returned 0x4c0 [0284.779] EnumProcessModules (in: hProcess=0x4c0, lphModule=0x2ff9498, cb=0x100, lpcbNeeded=0x73f240 | out: lphModule=0x2ff9498, lpcbNeeded=0x73f240) returned 1 [0284.780] GetModuleInformation (in: hProcess=0x4c0, hModule=0x20000, lpmodinfo=0x2ff95d8, cb=0xc | out: lpmodinfo=0x2ff95d8*(lpBaseOfDll=0x20000, SizeOfImage=0x388000, EntryPoint=0x2873f)) returned 1 [0284.780] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.781] GetModuleBaseNameW (in: hProcess=0x4c0, hModule=0x20000, lpBaseName=0x56a45a0, nSize=0x800 | out: lpBaseName="gesf.exe") returned 0x8 [0284.781] CoTaskMemFree (pv=0x56a45a0) [0284.781] CoTaskMemAlloc (cb=0x804) returned 0x56a45a0 [0284.781] GetModuleFileNameExW (in: hProcess=0x4c0, hModule=0x20000, lpFilename=0x56a45a0, nSize=0x800 | out: lpFilename="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe")) returned 0x35 [0284.781] CoTaskMemFree (pv=0x56a45a0) [0284.781] CloseHandle (hObject=0x4c0) returned 1 [0284.782] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x36 [0284.782] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x36, lpBuffer=0x994528, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x0) returned 0x35 [0284.782] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x36 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\esf.exe") returned 0x37 [0284.783] LocalReAlloc (hMem=0x994528, uBytes=0x6e, uFlags=0x2) returned 0x994528 [0284.783] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x994528, cchBuffer=0x37 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 0x36 [0284.785] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SecurityProtocol", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f238 | out: phkResult=0x73f238*=0x0) returned 0x2 [0284.860] GetProcAddress (hModule=0x75ce0000, lpProcName="QueryPerformanceFrequency") returned 0x75d01640 [0284.861] QueryPerformanceFrequency (in: lpFrequency=0x24869c0 | out: lpFrequency=0x24869c0*=100000000) returned 1 [0284.864] GetProcAddress (hModule=0x75ce0000, lpProcName="QueryPerformanceCounter") returned 0x75cfdea0 [0284.864] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2725261699991) returned 1 [0284.871] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73ef58 | out: TokenHandle=0x73ef58*=0x4c0) returned 1 [0284.874] CloseHandle (hObject=0x4c0) returned 1 [0284.874] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73ef70 | out: TokenHandle=0x73ef70*=0x4c0) returned 1 [0284.875] CloseHandle (hObject=0x4c0) returned 1 [0284.879] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73f228 | out: TokenHandle=0x73f228*=0x4c0) returned 1 [0284.882] SysReAllocStringLen (in: pbstr=0x73e5ec*=0x0, psz="rasapi32.dll", len=0xc | out: pbstr=0x73e5ec*="rasapi32.dll") returned 1 [0284.919] CharLowerBuffW (in: lpsz="rasapi32.dll", cchLength=0xc | out: lpsz="rasapi32.dll") returned 0xc [0284.919] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\rasapi32.dll", hFile=0x0, dwFlags=0x800) returned 0x0 [0284.920] GetLastError () returned 0x7e [0284.920] SetLastError (dwErrCode=0x7e) [0284.925] SysReAllocStringLen (in: pbstr=0x73e5ec*=0x0, psz="rasapi32.dll", len=0xc | out: pbstr=0x73e5ec*="rasapi32.dll") returned 1 [0284.925] CharLowerBuffW (in: lpsz="rasapi32.dll", cchLength=0xc | out: lpsz="rasapi32.dll") returned 0xc [0284.925] LoadLibraryExW (lpLibFileName="rasapi32.dll", hFile=0x0, dwFlags=0x800) returned 0x6c3a0000 [0284.951] GetLastError () returned 0x0 [0284.951] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0284.952] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0284.952] GetModuleFileNameA (in: hModule=0x6c3a0000, lpFilename=0x73e4d0, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0284.952] GetCurrentProcess () returned 0xffffffff [0284.952] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e5d4*=0x6c46811c, NumberOfBytesToProtect=0x73e5d8, NewAccessProtection=0x4, OldAccessProtection=0x73e60c | out: BaseAddress=0x73e5d4*=0x6c468000, NumberOfBytesToProtect=0x73e5d8, OldAccessProtection=0x73e60c*=0x2) returned 0x0 [0284.952] GetCurrentProcess () returned 0xffffffff [0284.952] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e5d4*=0x6c46811c, NumberOfBytesToProtect=0x73e5d8, NewAccessProtection=0x2, OldAccessProtection=0x73e60c | out: BaseAddress=0x73e5d4*=0x6c468000, NumberOfBytesToProtect=0x73e5d8, OldAccessProtection=0x73e60c*=0x4) returned 0x0 [0284.953] GetCurrentProcess () returned 0xffffffff [0284.953] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e5d4*=0x6c468144, NumberOfBytesToProtect=0x73e5d8, NewAccessProtection=0x4, OldAccessProtection=0x73e60c | out: BaseAddress=0x73e5d4*=0x6c468000, NumberOfBytesToProtect=0x73e5d8, OldAccessProtection=0x73e60c*=0x2) returned 0x0 [0284.953] GetCurrentProcess () returned 0xffffffff [0284.953] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e5d4*=0x6c468144, NumberOfBytesToProtect=0x73e5d8, NewAccessProtection=0x2, OldAccessProtection=0x73e60c | out: BaseAddress=0x73e5d4*=0x6c468000, NumberOfBytesToProtect=0x73e5d8, OldAccessProtection=0x73e60c*=0x4) returned 0x0 [0284.953] SetLastError (dwErrCode=0x0) [0284.954] GetProcAddress (hModule=0x6c3a0000, lpProcName="RasEnumConnections") returned 0x0 [0284.954] GetProcAddress (hModule=0x6c3a0000, lpProcName="RasEnumConnectionsW") returned 0x6c3c29f0 [0284.955] CoTaskMemAlloc (cb=0xcc0) returned 0x56a45a0 [0284.955] RasEnumConnectionsW (in: param_1=0x56a45a0, param_2=0x73f238, param_3=0x73f23c | out: param_1=0x56a45a0, param_2=0x73f238, param_3=0x73f23c) returned 0x0 [0285.101] CoTaskMemFree (pv=0x56a45a0) [0285.104] SysReAllocStringLen (in: pbstr=0x73e5c4*=0x0, psz="ws2_32.dll", len=0xa | out: pbstr=0x73e5c4*="ws2_32.dll") returned 1 [0285.104] CharLowerBuffW (in: lpsz="ws2_32.dll", cchLength=0xa | out: lpsz="ws2_32.dll") returned 0xa [0285.104] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\ws2_32.dll", hFile=0x0, dwFlags=0x800) returned 0x0 [0285.104] GetLastError () returned 0x7e [0285.104] SetLastError (dwErrCode=0x7e) [0285.113] SysReAllocStringLen (in: pbstr=0x73e5c4*=0x0, psz="ws2_32.dll", len=0xa | out: pbstr=0x73e5c4*="ws2_32.dll") returned 1 [0285.113] CharLowerBuffW (in: lpsz="ws2_32.dll", cchLength=0xa | out: lpsz="ws2_32.dll") returned 0xa [0285.113] LoadLibraryExW (lpLibFileName="ws2_32.dll", hFile=0x0, dwFlags=0x800) returned 0x766d0000 [0285.114] GetLastError () returned 0x0 [0285.114] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0285.114] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0285.114] GetModuleFileNameA (in: hModule=0x766d0000, lpFilename=0x73e4a8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0285.114] GetCurrentProcess () returned 0xffffffff [0285.114] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e5ac*=0x767191b8, NumberOfBytesToProtect=0x73e5b0, NewAccessProtection=0x4, OldAccessProtection=0x73e5e4 | out: BaseAddress=0x73e5ac*=0x76719000, NumberOfBytesToProtect=0x73e5b0, OldAccessProtection=0x73e5e4*=0x2) returned 0x0 [0285.115] GetCurrentProcess () returned 0xffffffff [0285.115] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e5ac*=0x767191b8, NumberOfBytesToProtect=0x73e5b0, NewAccessProtection=0x2, OldAccessProtection=0x73e5e4 | out: BaseAddress=0x73e5ac*=0x76719000, NumberOfBytesToProtect=0x73e5b0, OldAccessProtection=0x73e5e4*=0x4) returned 0x0 [0285.115] GetCurrentProcess () returned 0xffffffff [0285.115] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e5ac*=0x767191d0, NumberOfBytesToProtect=0x73e5b0, NewAccessProtection=0x4, OldAccessProtection=0x73e5e4 | out: BaseAddress=0x73e5ac*=0x76719000, NumberOfBytesToProtect=0x73e5b0, OldAccessProtection=0x73e5e4*=0x2) returned 0x0 [0285.116] GetCurrentProcess () returned 0xffffffff [0285.116] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e5ac*=0x767191d0, NumberOfBytesToProtect=0x73e5b0, NewAccessProtection=0x2, OldAccessProtection=0x73e5e4 | out: BaseAddress=0x73e5ac*=0x76719000, NumberOfBytesToProtect=0x73e5b0, OldAccessProtection=0x73e5e4*=0x4) returned 0x0 [0285.116] SetLastError (dwErrCode=0x0) [0285.117] GetProcAddress (hModule=0x766d0000, lpProcName="WSAStartup") returned 0x766d9cc0 [0285.117] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x73f020 | out: lpWSAData=0x73f020) returned 0 [0285.463] GetProcAddress (hModule=0x766d0000, lpProcName="WSASocket") returned 0x0 [0285.467] GetProcAddress (hModule=0x766d0000, lpProcName="WSASocketW") returned 0x766dcbc0 [0285.469] GetProcAddress (hModule=0x766d0000, lpProcName="setsockopt") returned 0x766df070 [0285.470] GetProcAddress (hModule=0x766d0000, lpProcName="WSAEventSelect") returned 0x766dc860 [0285.470] GetProcAddress (hModule=0x766d0000, lpProcName="ioctlsocket") returned 0x766e2520 [0285.470] GetProcAddress (hModule=0x766d0000, lpProcName="closesocket") returned 0x766dea60 [0285.471] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x518 [0286.460] setsockopt (s=0x518, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0286.460] closesocket (s=0x518) returned 0 [0286.461] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x518 [0286.465] setsockopt (s=0x518, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0286.465] closesocket (s=0x518) returned 0 [0286.466] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x518 [0286.488] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x51c [0286.490] GetProcAddress (hModule=0x766d0000, lpProcName="ioctlsocket") returned 0x766e2520 [0286.614] ioctlsocket (in: s=0x518, cmd=-2147195266, argp=0x73f240 | out: argp=0x73f240) returned 0 [0286.615] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x520 [0286.616] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x524 [0286.616] ioctlsocket (in: s=0x520, cmd=-2147195266, argp=0x73f240 | out: argp=0x73f240) returned 0 [0286.618] GetProcAddress (hModule=0x766d0000, lpProcName="WSAIoctl") returned 0x766df3b0 [0286.618] WSAIoctl (in: s=0x518, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x73f228, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x73f228, lpOverlapped=0x0) returned -1 [0286.623] GetProcAddress (hModule=0x75ce0000, lpProcName="FormatMessage") returned 0x0 [0286.634] GetProcAddress (hModule=0x75ce0000, lpProcName="FormatMessageW") returned 0x75d01b20 [0286.634] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x73ef58, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0286.645] GetProcAddress (hModule=0x766d0000, lpProcName="WSAEventSelect") returned 0x766dc860 [0286.645] WSAEventSelect (s=0x518, hEventObject=0x51c, lNetworkEvents=512) returned 0 [0286.645] WSAIoctl (in: s=0x520, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x73f228, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x73f228, lpOverlapped=0x0) returned -1 [0286.646] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x73ef58, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0286.646] WSAEventSelect (s=0x520, hEventObject=0x524, lNetworkEvents=512) returned 0 [0286.646] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x52c [0286.647] GetProcAddress (hModule=0x6c3a0000, lpProcName="RasConnectionNotification") returned 0x0 [0286.648] GetProcAddress (hModule=0x6c3a0000, lpProcName="RasConnectionNotificationW") returned 0x6c3c0930 [0286.648] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x52c, param_3=0x3) returned 0x0 [0286.669] GetProcAddress (hModule=0x75ff0000, lpProcName="RegOpenCurrentUser") returned 0x7600f6f0 [0286.669] GetProcAddress (hModule=0x75ff0000, lpProcName="RegCloseKey") returned 0x7600e010 [0286.669] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x73f254 | out: phkResult=0x73f254*=0x544) returned 0x0 [0286.670] GetProcAddress (hModule=0x75ff0000, lpProcName="RegOpenKeyEx") returned 0x0 [0286.676] GetProcAddress (hModule=0x75ff0000, lpProcName="RegOpenKeyExW") returned 0x7600dea0 [0286.676] RegOpenKeyExW (in: hKey=0x544, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f208 | out: phkResult=0x73f208*=0x548) returned 0x0 [0286.676] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x54c [0286.677] GetProcAddress (hModule=0x75ff0000, lpProcName="RegNotifyChangeKeyValue") returned 0x7600f2c0 [0286.677] RegNotifyChangeKeyValue (hKey=0x548, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x54c, fAsynchronous=1) returned 0x0 [0286.678] GetProcAddress (hModule=0x75ff0000, lpProcName="RegOpenKeyEx") returned 0x0 [0286.678] GetProcAddress (hModule=0x75ff0000, lpProcName="RegOpenKeyExW") returned 0x7600dea0 [0286.679] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f20c | out: phkResult=0x73f20c*=0x550) returned 0x0 [0286.679] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x554 [0286.679] RegNotifyChangeKeyValue (hKey=0x550, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x554, fAsynchronous=1) returned 0x0 [0286.680] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x73f20c | out: phkResult=0x73f20c*=0x558) returned 0x0 [0286.680] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x55c [0286.680] RegNotifyChangeKeyValue (hKey=0x558, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x55c, fAsynchronous=1) returned 0x0 [0286.681] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73f1fc | out: TokenHandle=0x73f1fc*=0x560) returned 1 [0286.686] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x73eb00 | out: phkResult=0x73eb00*=0x570) returned 0x0 [0286.805] RegQueryValueExW (in: hKey=0x570, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x73eb1c, lpData=0x0, lpcbData=0x73eb18*=0x0 | out: lpType=0x73eb1c*=0x0, lpData=0x0, lpcbData=0x73eb18*=0x0) returned 0x2 [0286.805] RegCloseKey (hKey=0x570) returned 0x0 [0286.915] SysReAllocStringLen (in: pbstr=0x73e62c*=0x0, psz="winhttp.dll", len=0xb | out: pbstr=0x73e62c*="winhttp.dll") returned 1 [0286.916] CharLowerBuffW (in: lpsz="winhttp.dll", cchLength=0xb | out: lpsz="winhttp.dll") returned 0xb [0286.916] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\winhttp.dll", hFile=0x0, dwFlags=0x800) returned 0x0 [0286.916] GetLastError () returned 0x7e [0286.917] SetLastError (dwErrCode=0x7e) [0286.927] SysReAllocStringLen (in: pbstr=0x73e62c*=0x0, psz="winhttp.dll", len=0xb | out: pbstr=0x73e62c*="winhttp.dll") returned 1 [0286.927] CharLowerBuffW (in: lpsz="winhttp.dll", cchLength=0xb | out: lpsz="winhttp.dll") returned 0xb [0286.927] LoadLibraryExW (lpLibFileName="winhttp.dll", hFile=0x0, dwFlags=0x800) returned 0x751b0000 [0286.944] GetLastError () returned 0x0 [0286.992] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0286.992] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0286.992] GetModuleFileNameA (in: hModule=0x751b0000, lpFilename=0x73e510, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0286.993] GetCurrentProcess () returned 0xffffffff [0286.993] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e614*=0x7525f164, NumberOfBytesToProtect=0x73e618, NewAccessProtection=0x4, OldAccessProtection=0x73e64c | out: BaseAddress=0x73e614*=0x7525f000, NumberOfBytesToProtect=0x73e618, OldAccessProtection=0x73e64c*=0x2) returned 0x0 [0286.993] GetCurrentProcess () returned 0xffffffff [0286.993] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e614*=0x7525f164, NumberOfBytesToProtect=0x73e618, NewAccessProtection=0x2, OldAccessProtection=0x73e64c | out: BaseAddress=0x73e614*=0x7525f000, NumberOfBytesToProtect=0x73e618, OldAccessProtection=0x73e64c*=0x4) returned 0x0 [0286.994] GetCurrentProcess () returned 0xffffffff [0286.994] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e614*=0x7525f180, NumberOfBytesToProtect=0x73e618, NewAccessProtection=0x4, OldAccessProtection=0x73e64c | out: BaseAddress=0x73e614*=0x7525f000, NumberOfBytesToProtect=0x73e618, OldAccessProtection=0x73e64c*=0x2) returned 0x0 [0286.994] GetCurrentProcess () returned 0xffffffff [0286.994] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e614*=0x7525f180, NumberOfBytesToProtect=0x73e618, NewAccessProtection=0x2, OldAccessProtection=0x73e64c | out: BaseAddress=0x73e614*=0x7525f000, NumberOfBytesToProtect=0x73e618, OldAccessProtection=0x73e64c*=0x4) returned 0x0 [0286.995] SetLastError (dwErrCode=0x0) [0286.996] GetProcAddress (hModule=0x751b0000, lpProcName="WinHttpOpen") returned 0x751d1c50 [0286.996] GetProcAddress (hModule=0x751b0000, lpProcName="WinHttpOpenW") returned 0x0 [0286.997] GetProcAddress (hModule=0x751b0000, lpProcName="WinHttpCloseHandle") returned 0x751d5500 [0286.997] GetProcAddress (hModule=0x751b0000, lpProcName="WinHttpCloseHandleW") returned 0x0 [0286.998] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x56b2bf0 [0287.029] GetProcAddress (hModule=0x751b0000, lpProcName="WinHttpSetTimeouts") returned 0x751ec4b0 [0287.029] GetProcAddress (hModule=0x751b0000, lpProcName="WinHttpSetTimeoutsW") returned 0x0 [0287.029] WinHttpSetTimeouts (hInternet=0x56b2bf0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0287.038] GetProcAddress (hModule=0x751b0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x751ddde0 [0287.039] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x73f208 | out: pProxyConfig=0x73f208) returned 1 [0287.194] CloseHandle (hObject=0x4c0) returned 1 [0287.211] GetProcAddress (hModule=0x75ce0000, lpProcName="GetEnvironmentVariable") returned 0x0 [0287.215] GetProcAddress (hModule=0x75ce0000, lpProcName="GetEnvironmentVariableW") returned 0x75d007c0 [0287.215] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x73ea58, nSize=0x90 | out: lpBuffer="") returned 0x0 [0287.215] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x73ea58, nSize=0x90 | out: lpBuffer="") returned 0x0 [0287.229] GetProcAddress (hModule=0x75ff0000, lpProcName="EventRegister") returned 0x77d8d530 [0287.231] EtwEventRegister (in: ProviderId=0x3000564, EnableCallback=0x51e0726, CallbackContext=0x0, RegHandle=0x3000540 | out: RegHandle=0x3000540) returned 0x0 [0287.239] GetProcAddress (hModule=0x75ff0000, lpProcName="EventSetInformation") returned 0x77d902e0 [0287.239] EtwEventSetInformation (RegHandle=0x9f85b8, InformationClass=0x77, EventInformation=0x2, InformationLength=0x3000500) returned 0x0 [0287.243] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73ef20 | out: TokenHandle=0x73ef20*=0x5b4) returned 1 [0287.245] CloseHandle (hObject=0x5b4) returned 1 [0287.246] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73ef38 | out: TokenHandle=0x73ef38*=0x5b4) returned 1 [0287.246] CloseHandle (hObject=0x5b4) returned 1 [0287.256] EtwEventRegister (in: ProviderId=0x3001b34, EnableCallback=0x51e074e, CallbackContext=0x0, RegHandle=0x3001b10 | out: RegHandle=0x3001b10) returned 0x0 [0287.257] EtwEventSetInformation (RegHandle=0x9f7c70, InformationClass=0x78, EventInformation=0x2, InformationLength=0x3001ad4) returned 0x0 [0287.262] GetProcAddress (hModule=0x75ce0000, lpProcName="SetEvent") returned 0x75d02fe0 [0287.263] SetEvent (hEvent=0x4a8) returned 1 [0287.445] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73ee7c | out: TokenHandle=0x73ee7c*=0x5c8) returned 1 [0287.446] CloseHandle (hObject=0x5c8) returned 1 [0287.446] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73ee94 | out: TokenHandle=0x73ee94*=0x5c8) returned 1 [0287.447] CloseHandle (hObject=0x5c8) returned 1 [0287.452] GetProcAddress (hModule=0x75ce0000, lpProcName="GetTimeZoneInformation") returned 0x75d01c20 [0287.457] GetTimeZoneInformation (in: lpTimeZoneInformation=0x73f044 | out: lpTimeZoneInformation=0x73f044) returned 0x2 [0287.461] GetProcAddress (hModule=0x75ce0000, lpProcName="GetDynamicTimeZoneInformation") returned 0x75d13520 [0287.461] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x73eea0 | out: pTimeZoneInformation=0x73eea0) returned 0x2 [0287.463] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Central European Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x73ef84 | out: phkResult=0x73ef84*=0x5c8) returned 0x0 [0287.464] RegQueryValueExW (in: hKey=0x5c8, lpValueName="TZI", lpReserved=0x0, lpType=0x73efa0, lpData=0x0, lpcbData=0x73ef9c*=0x0 | out: lpType=0x73efa0*=0x3, lpData=0x0, lpcbData=0x73ef9c*=0x2c) returned 0x0 [0287.464] RegQueryValueExW (in: hKey=0x5c8, lpValueName="TZI", lpReserved=0x0, lpType=0x73efa0, lpData=0x3003600, lpcbData=0x73ef9c*=0x2c | out: lpType=0x73efa0*=0x3, lpData=0x3003600*, lpcbData=0x73ef9c*=0x2c) returned 0x0 [0287.465] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Central European Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x73edd8 | out: phkResult=0x73edd8*=0x0) returned 0x2 [0287.466] RegQueryValueExW (in: hKey=0x5c8, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x73ef78, lpData=0x0, lpcbData=0x73ef74*=0x0 | out: lpType=0x73ef78*=0x1, lpData=0x0, lpcbData=0x73ef74*=0x20) returned 0x0 [0287.466] RegQueryValueExW (in: hKey=0x5c8, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x73ef78, lpData=0x3003a50, lpcbData=0x73ef74*=0x20 | out: lpType=0x73ef78*=0x1, lpData="@tzres.dll,-290", lpcbData=0x73ef74*=0x20) returned 0x0 [0287.466] RegQueryValueExW (in: hKey=0x5c8, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x73ef78, lpData=0x0, lpcbData=0x73ef74*=0x0 | out: lpType=0x73ef78*=0x1, lpData=0x0, lpcbData=0x73ef74*=0x20) returned 0x0 [0287.466] RegQueryValueExW (in: hKey=0x5c8, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x73ef78, lpData=0x3003aa8, lpcbData=0x73ef74*=0x20 | out: lpType=0x73ef78*=0x1, lpData="@tzres.dll,-292", lpcbData=0x73ef74*=0x20) returned 0x0 [0287.466] RegQueryValueExW (in: hKey=0x5c8, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x73ef78, lpData=0x0, lpcbData=0x73ef74*=0x0 | out: lpType=0x73ef78*=0x1, lpData=0x0, lpcbData=0x73ef74*=0x20) returned 0x0 [0287.466] RegQueryValueExW (in: hKey=0x5c8, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x73ef78, lpData=0x3003b00, lpcbData=0x73ef74*=0x20 | out: lpType=0x73ef78*=0x1, lpData="@tzres.dll,-291", lpcbData=0x73ef74*=0x20) returned 0x0 [0287.546] SysReAllocStringLen (in: pbstr=0x73e334*=0x0, psz="shell32.dll", len=0xb | out: pbstr=0x73e334*="shell32.dll") returned 1 [0287.546] CharLowerBuffW (in: lpsz="shell32.dll", cchLength=0xb | out: lpsz="shell32.dll") returned 0xb [0287.547] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_32\\mscorlib\\v4.0_4.0.0.0__b77a5c561934e089\\shell32.dll", hFile=0x0, dwFlags=0x800) returned 0x0 [0287.548] GetLastError () returned 0x7e [0287.548] SetLastError (dwErrCode=0x7e) [0287.552] SysReAllocStringLen (in: pbstr=0x73e334*=0x0, psz="shell32.dll", len=0xb | out: pbstr=0x73e334*="shell32.dll") returned 1 [0287.552] CharLowerBuffW (in: lpsz="shell32.dll", cchLength=0xb | out: lpsz="shell32.dll") returned 0xb [0287.552] LoadLibraryExW (lpLibFileName="shell32.dll", hFile=0x0, dwFlags=0x800) returned 0x76090000 [0287.553] GetLastError () returned 0x0 [0287.553] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0287.553] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0287.553] GetModuleFileNameA (in: hModule=0x76090000, lpFilename=0x73e218, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0287.554] GetCurrentProcess () returned 0xffffffff [0287.554] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e31c*=0x765cea44, NumberOfBytesToProtect=0x73e320, NewAccessProtection=0x4, OldAccessProtection=0x73e354 | out: BaseAddress=0x73e31c*=0x765ce000, NumberOfBytesToProtect=0x73e320, OldAccessProtection=0x73e354*=0x2) returned 0x0 [0287.554] GetCurrentProcess () returned 0xffffffff [0287.554] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e31c*=0x765cea44, NumberOfBytesToProtect=0x73e320, NewAccessProtection=0x2, OldAccessProtection=0x73e354 | out: BaseAddress=0x73e31c*=0x765ce000, NumberOfBytesToProtect=0x73e320, OldAccessProtection=0x73e354*=0x4) returned 0x0 [0287.555] GetCurrentProcess () returned 0xffffffff [0287.555] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e31c*=0x765cea50, NumberOfBytesToProtect=0x73e320, NewAccessProtection=0x4, OldAccessProtection=0x73e354 | out: BaseAddress=0x73e31c*=0x765ce000, NumberOfBytesToProtect=0x73e320, OldAccessProtection=0x73e354*=0x2) returned 0x0 [0287.555] GetCurrentProcess () returned 0xffffffff [0287.555] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e31c*=0x765cea50, NumberOfBytesToProtect=0x73e320, NewAccessProtection=0x2, OldAccessProtection=0x73e354 | out: BaseAddress=0x73e31c*=0x765ce000, NumberOfBytesToProtect=0x73e320, OldAccessProtection=0x73e354*=0x4) returned 0x0 [0287.556] SetLastError (dwErrCode=0x0) [0287.556] GetProcAddress (hModule=0x76090000, lpProcName="SHGetFolderPath") returned 0x0 [0287.557] GetProcAddress (hModule=0x76090000, lpProcName="SHGetFolderPathW") returned 0x761ebea0 [0287.557] CoTaskMemAlloc (cb=0x20c) returned 0x9322a8 [0287.557] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x9322a8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0287.563] CoTaskMemFree (pv=0x9322a8) [0287.566] GetProcAddress (hModule=0x75ce0000, lpProcName="GetFileMUIPath") returned 0x75d135b0 [0287.566] CoTaskMemAlloc (cb=0x20c) returned 0x9322a8 [0287.566] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x73ef94, pwszFileMUIPath=0x9322a8, pcchFileMUIPath=0x73ef98, pululEnumerator=0x73ef8c | out: pwszLanguage=0x0, pcchLanguage=0x73ef94, pwszFileMUIPath="", pcchFileMUIPath=0x73ef98, pululEnumerator=0x73ef8c) returned 0 [0287.570] CoTaskMemFree (pv=0x0) [0287.571] CoTaskMemFree (pv=0x9322a8) [0287.571] CoTaskMemAlloc (cb=0x20c) returned 0x932920 [0287.571] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x932920 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0287.571] CoTaskMemFree (pv=0x932920) [0287.571] CoTaskMemAlloc (cb=0x20c) returned 0x932b48 [0287.571] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x73ef94, pwszFileMUIPath=0x932b48, pcchFileMUIPath=0x73ef98, pululEnumerator=0x73ef8c | out: pwszLanguage=0x0, pcchLanguage=0x73ef94, pwszFileMUIPath="", pcchFileMUIPath=0x73ef98, pululEnumerator=0x73ef8c) returned 0 [0287.572] CoTaskMemFree (pv=0x0) [0287.572] CoTaskMemFree (pv=0x932b48) [0287.572] CoTaskMemAlloc (cb=0x20c) returned 0x931390 [0287.572] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x931390 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0287.572] CoTaskMemFree (pv=0x931390) [0287.572] CoTaskMemAlloc (cb=0x20c) returned 0x9322a8 [0287.573] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x73ef94, pwszFileMUIPath=0x9322a8, pcchFileMUIPath=0x73ef98, pululEnumerator=0x73ef8c | out: pwszLanguage=0x0, pcchLanguage=0x73ef94, pwszFileMUIPath="", pcchFileMUIPath=0x73ef98, pululEnumerator=0x73ef8c) returned 0 [0287.574] CoTaskMemFree (pv=0x0) [0287.574] CoTaskMemFree (pv=0x9322a8) [0287.574] RegQueryValueExW (in: hKey=0x5c8, lpValueName="Display", lpReserved=0x0, lpType=0x73ef78, lpData=0x0, lpcbData=0x73ef74*=0x0 | out: lpType=0x73ef78*=0x1, lpData=0x0, lpcbData=0x73ef74*=0x5a) returned 0x0 [0287.574] RegQueryValueExW (in: hKey=0x5c8, lpValueName="Display", lpReserved=0x0, lpType=0x73ef78, lpData=0x3005498, lpcbData=0x73ef74*=0x5a | out: lpType=0x73ef78*=0x1, lpData="(UTC+01:00) Sarajevo, Skopje, Warsaw, Zagreb", lpcbData=0x73ef74*=0x5a) returned 0x0 [0287.574] RegQueryValueExW (in: hKey=0x5c8, lpValueName="Std", lpReserved=0x0, lpType=0x73ef78, lpData=0x0, lpcbData=0x73ef74*=0x0 | out: lpType=0x73ef78*=0x1, lpData=0x0, lpcbData=0x73ef74*=0x3e) returned 0x0 [0287.574] RegQueryValueExW (in: hKey=0x5c8, lpValueName="Std", lpReserved=0x0, lpType=0x73ef78, lpData=0x3005568, lpcbData=0x73ef74*=0x3e | out: lpType=0x73ef78*=0x1, lpData="Central European Standard Time", lpcbData=0x73ef74*=0x3e) returned 0x0 [0287.575] RegQueryValueExW (in: hKey=0x5c8, lpValueName="Dlt", lpReserved=0x0, lpType=0x73ef78, lpData=0x0, lpcbData=0x73ef74*=0x0 | out: lpType=0x73ef78*=0x1, lpData=0x0, lpcbData=0x73ef74*=0x3e) returned 0x0 [0287.575] RegQueryValueExW (in: hKey=0x5c8, lpValueName="Dlt", lpReserved=0x0, lpType=0x73ef78, lpData=0x3005600, lpcbData=0x73ef74*=0x3e | out: lpType=0x73ef78*=0x1, lpData="Central European Daylight Time", lpcbData=0x73ef74*=0x3e) returned 0x0 [0287.575] RegCloseKey (hKey=0x5c8) returned 0x0 [0287.576] SetEvent (hEvent=0x4a8) returned 1 [0287.584] GetProcAddress (hModule=0x75ce0000, lpProcName="LocalFree") returned 0x75cff490 [0287.585] SysReAllocStringLen (in: pbstr=0x73e4ec*=0x0, psz="iphlpapi.dll", len=0xc | out: pbstr=0x73e4ec*="iphlpapi.dll") returned 1 [0287.586] CharLowerBuffW (in: lpsz="iphlpapi.dll", cchLength=0xc | out: lpsz="iphlpapi.dll") returned 0xc [0287.586] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\iphlpapi.dll", hFile=0x0, dwFlags=0x800) returned 0x0 [0287.586] GetLastError () returned 0x7e [0287.586] SetLastError (dwErrCode=0x7e) [0287.590] SysReAllocStringLen (in: pbstr=0x73e4ec*=0x0, psz="iphlpapi.dll", len=0xc | out: pbstr=0x73e4ec*="iphlpapi.dll") returned 1 [0287.590] CharLowerBuffW (in: lpsz="iphlpapi.dll", cchLength=0xc | out: lpsz="iphlpapi.dll") returned 0xc [0287.591] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x800) returned 0x72e50000 [0287.591] GetLastError () returned 0x0 [0287.591] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0287.591] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0287.592] GetModuleFileNameA (in: hModule=0x72e50000, lpFilename=0x73e3d0, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0287.592] GetCurrentProcess () returned 0xffffffff [0287.592] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e4d4*=0x72e7c0c8, NumberOfBytesToProtect=0x73e4d8, NewAccessProtection=0x4, OldAccessProtection=0x73e50c | out: BaseAddress=0x73e4d4*=0x72e7c000, NumberOfBytesToProtect=0x73e4d8, OldAccessProtection=0x73e50c*=0x2) returned 0x0 [0287.601] GetCurrentProcess () returned 0xffffffff [0287.601] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e4d4*=0x72e7c0c8, NumberOfBytesToProtect=0x73e4d8, NewAccessProtection=0x2, OldAccessProtection=0x73e50c | out: BaseAddress=0x73e4d4*=0x72e7c000, NumberOfBytesToProtect=0x73e4d8, OldAccessProtection=0x73e50c*=0x4) returned 0x0 [0287.602] GetCurrentProcess () returned 0xffffffff [0287.602] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e4d4*=0x72e7c0dc, NumberOfBytesToProtect=0x73e4d8, NewAccessProtection=0x4, OldAccessProtection=0x73e50c | out: BaseAddress=0x73e4d4*=0x72e7c000, NumberOfBytesToProtect=0x73e4d8, OldAccessProtection=0x73e50c*=0x2) returned 0x0 [0287.602] GetCurrentProcess () returned 0xffffffff [0287.602] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e4d4*=0x72e7c0dc, NumberOfBytesToProtect=0x73e4d8, NewAccessProtection=0x2, OldAccessProtection=0x73e50c | out: BaseAddress=0x73e4d4*=0x72e7c000, NumberOfBytesToProtect=0x73e4d8, OldAccessProtection=0x73e50c*=0x4) returned 0x0 [0287.603] SetLastError (dwErrCode=0x0) [0287.603] GetProcAddress (hModule=0x72e50000, lpProcName="GetNetworkParams") returned 0x72e6b980 [0287.604] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x73f1a0 | out: pFixedInfo=0x0, pOutBufLen=0x73f1a0) returned 0x6f [0288.565] GetProcAddress (hModule=0x75ce0000, lpProcName="LocalAlloc") returned 0x75d003c0 [0288.565] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x56c0bf8 [0288.565] GetNetworkParams (in: pFixedInfo=0x56c0bf8, pOutBufLen=0x73f1a0 | out: pFixedInfo=0x56c0bf8, pOutBufLen=0x73f1a0) returned 0x0 [0288.606] LocalFree (hMem=0x56c0bf8) returned 0x0 [0288.615] CoTaskMemAlloc (cb=0x20c) returned 0x932920 [0288.615] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x932920, nSize=0x104 | out: lpBuffer="") returned 0x0 [0288.615] CoTaskMemFree (pv=0x932920) [0288.615] CoTaskMemAlloc (cb=0x20c) returned 0x9317e0 [0288.615] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x9317e0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0288.615] CoTaskMemFree (pv=0x9317e0) [0288.622] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x61c [0288.623] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5ec [0288.628] GetProcAddress (hModule=0x766d0000, lpProcName="GetAddrInfoW") returned 0x766e26b0 [0288.629] GetProcAddress (hModule=0x766d0000, lpProcName="freeaddrinfo") returned 0x766d7580 [0288.629] GetAddrInfoW (in: pNodeName="pastebin.com", pServiceName=0x0, pHints=0x73f07c*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x73f024 | out: ppResult=0x73f024*=0x56acca0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="pastebin.com", ai_addr=0x9f44a0*(sa_family=2, sin_port=0x0, sin_addr="104.20.67.143"), ai_next=0x56acb60*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f41b8*(sa_family=2, sin_port=0x0, sin_addr="104.20.68.143"), ai_next=0x56accf0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f43b0*(sa_family=2, sin_port=0x0, sin_addr="172.67.34.170"), ai_next=0x0)))) returned 0 [0288.708] FreeAddrInfoW (pAddrInfo=0x56acca0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="pastebin.com", ai_addr=0x9f44a0*(sa_family=2, sin_port=0x0, sin_addr="104.20.67.143"), ai_next=0x56acb60*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f41b8*(sa_family=2, sin_port=0x0, sin_addr="104.20.68.143"), ai_next=0x56accf0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x9f43b0*(sa_family=2, sin_port=0x0, sin_addr="172.67.34.170"), ai_next=0x0)))) [0288.709] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5ac [0288.710] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x638 [0288.710] ioctlsocket (in: s=0x5ac, cmd=-2147195266, argp=0x73f054 | out: argp=0x73f054) returned 0 [0288.710] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x63c [0288.710] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x640 [0288.710] ioctlsocket (in: s=0x63c, cmd=-2147195266, argp=0x73f054 | out: argp=0x73f054) returned 0 [0288.710] WSAIoctl (in: s=0x5ac, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x73f03c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x73f03c, lpOverlapped=0x0) returned -1 [0288.711] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x73ed6c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0288.711] WSAEventSelect (s=0x5ac, hEventObject=0x638, lNetworkEvents=512) returned 0 [0288.711] WSAIoctl (in: s=0x63c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x73f03c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x73f03c, lpOverlapped=0x0) returned -1 [0288.711] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x73ed6c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0288.711] WSAEventSelect (s=0x63c, hEventObject=0x640, lNetworkEvents=512) returned 0 [0288.712] GetProcAddress (hModule=0x72e50000, lpProcName="GetAdaptersAddresses") returned 0x72e58990 [0288.712] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x73f038*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x73f038*=0x3fff) returned 0x6f [0288.731] LocalAlloc (uFlags=0x0, uBytes=0x3fff) returned 0x56c9f40 [0288.735] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x56c9f40, SizePointer=0x73f038*=0x3fff | out: AdapterAddresses=0x56c9f40*(Alignment=0x500000178, Length=0x178, IfIndex=0x5, Next=0x56ca1e8, AdapterName="{4CF1065B-D84E-418E-BA85-C567B0CB4A2F}", FirstUnicastAddress=0x56ca15c, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection", FriendlyName="Ethernet", PhysicalAddress=([0]=0x0, [1]=0x30, [2]=0x24, [3]=0x44, [4]=0x85, [5]=0x2e, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x5, ZoneIndices=([0]=0x5, [1]=0x5, [2]=0x5, [3]=0x5, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0x19, Ipv6Metric=0x19, Luid.Value=0x6008001000000, Luid.Info.Reserved=0x6008001000000, Luid.Info.NetLuidIndex=0x6008001000000, Luid.Info.IfType=0x6008001000000, Dhcpv4Server.lpSockaddr=0x56ca0b8*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11edae4e88edbb0c, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x2b, [5]=0x80, [6]=0x6f, [7]=0x77, [8]=0x0, [9]=0x19, [10]=0x8b, [11]=0x9e, [12]=0xe5, [13]=0x6c, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x600198b, FirstDnsSuffix=0x0), SizePointer=0x73f038*=0x3fff) returned 0x0 [0288.794] LocalFree (hMem=0x56c9f40) returned 0x0 [0288.803] GetProcAddress (hModule=0x766d0000, lpProcName="WSAConnect") returned 0x76706c80 [0288.804] WSAConnect (in: s=0x61c, name=0x300d9e4*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0288.817] closesocket (s=0x5ec) returned 0 [0288.836] SysReAllocStringLen (in: pbstr=0x73e344*=0x0, psz="secur32.dll", len=0xb | out: pbstr=0x73e344*="secur32.dll") returned 1 [0288.836] CharLowerBuffW (in: lpsz="secur32.dll", cchLength=0xb | out: lpsz="secur32.dll") returned 0xb [0288.836] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\secur32.dll", hFile=0x0, dwFlags=0x800) returned 0x0 [0288.836] GetLastError () returned 0x7e [0288.836] SetLastError (dwErrCode=0x7e) [0288.848] SysReAllocStringLen (in: pbstr=0x73e344*=0x0, psz="secur32.dll", len=0xb | out: pbstr=0x73e344*="secur32.dll") returned 1 [0288.848] CharLowerBuffW (in: lpsz="secur32.dll", cchLength=0xb | out: lpsz="secur32.dll") returned 0xb [0288.848] LoadLibraryExW (lpLibFileName="secur32.dll", hFile=0x0, dwFlags=0x800) returned 0x70910000 [0288.855] GetLastError () returned 0x0 [0288.856] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0288.856] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0288.856] GetModuleFileNameA (in: hModule=0x70910000, lpFilename=0x73e228, nSize=0x105 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0288.856] GetCurrentProcess () returned 0xffffffff [0288.856] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e32c*=0x70916040, NumberOfBytesToProtect=0x73e330, NewAccessProtection=0x4, OldAccessProtection=0x73e364 | out: BaseAddress=0x73e32c*=0x70916000, NumberOfBytesToProtect=0x73e330, OldAccessProtection=0x73e364*=0x2) returned 0x0 [0288.857] GetCurrentProcess () returned 0xffffffff [0288.857] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e32c*=0x70916040, NumberOfBytesToProtect=0x73e330, NewAccessProtection=0x2, OldAccessProtection=0x73e364 | out: BaseAddress=0x73e32c*=0x70916000, NumberOfBytesToProtect=0x73e330, OldAccessProtection=0x73e364*=0x4) returned 0x0 [0288.858] GetCurrentProcess () returned 0xffffffff [0288.858] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e32c*=0x70916048, NumberOfBytesToProtect=0x73e330, NewAccessProtection=0x4, OldAccessProtection=0x73e364 | out: BaseAddress=0x73e32c*=0x70916000, NumberOfBytesToProtect=0x73e330, OldAccessProtection=0x73e364*=0x2) returned 0x0 [0288.865] GetCurrentProcess () returned 0xffffffff [0288.865] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e32c*=0x70916048, NumberOfBytesToProtect=0x73e330, NewAccessProtection=0x2, OldAccessProtection=0x73e364 | out: BaseAddress=0x73e32c*=0x70916000, NumberOfBytesToProtect=0x73e330, OldAccessProtection=0x73e364*=0x4) returned 0x0 [0288.866] SetLastError (dwErrCode=0x0) [0288.867] GetProcAddress (hModule=0x70910000, lpProcName="EnumerateSecurityPackagesW") returned 0x73c15040 [0288.868] GetProcAddress (hModule=0x70910000, lpProcName="FreeContextBuffer") returned 0x73c0c7e0 [0288.868] EnumerateSecurityPackagesW (in: pcPackages=0x73efa8, ppPackageInfo=0x73ef3c | out: pcPackages=0x73efa8, ppPackageInfo=0x73ef3c) returned 0x0 [0288.899] FreeContextBuffer (in: pvContextBuffer=0x5703008 | out: pvContextBuffer=0x5703008) returned 0x0 [0288.913] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x73ed64 | out: TokenHandle=0x73ed64*=0x634) returned 1 [0288.915] GetProcAddress (hModule=0x70910000, lpProcName="FreeCredentialsHandle") returned 0x73c147c0 [0288.916] GetProcAddress (hModule=0x70910000, lpProcName="AcquireCredentialsHandleW") returned 0x73c143c0 [0288.917] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x300eaf8, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x73edb8, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x3010214, ptsExpiry=0x73ed3c | out: phCredential=0x3010214, ptsExpiry=0x73ed3c) returned 0x0 [0288.933] CloseHandle (hObject=0x634) returned 1 [0288.935] GetProcAddress (hModule=0x70910000, lpProcName="DeleteSecurityContext") returned 0x73c14f50 [0288.936] GetProcAddress (hModule=0x70910000, lpProcName="InitializeSecurityContextW") returned 0x73c14810 [0288.941] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x300dad4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3010418, pOutput=0x30103b0, pfContextAttr=0x300eacc, ptsExpiry=0x73ed80 | out: phNewContext=0x3010418, pOutput=0x30103b0, pfContextAttr=0x300eacc, ptsExpiry=0x73ed80) returned 0x90312 [0288.943] FreeContextBuffer (in: pvContextBuffer=0x9899b8 | out: pvContextBuffer=0x9899b8) returned 0x0 [0288.952] GetProcAddress (hModule=0x75ce0000, lpProcName="GetModuleHandle") returned 0x0 [0289.150] SysReAllocStringLen (in: pbstr=0x73eddc*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73eddc*="kernel32.dll") returned 1 [0289.150] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0289.151] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x75ce0000 [0289.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="AppPolicyGetClrCompat", cchWideChar=21, lpMultiByteStr=0x73edc8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppPolicyGetClrCompat\x8b«m\x93:q\x18\x84þ…o\x1cös", lpUsedDefaultChar=0x0) returned 21 [0289.163] GetProcAddress (hModule=0x75ce0000, lpProcName="AppPolicyGetClrCompat") returned 0x7767ba00 [0289.167] GetProcAddress (hModule=0x75ce0000, lpProcName="AppPolicyGetClrCompat") returned 0x7767ba00 [0289.169] AppPolicyGetClrCompat () returned 0x0 [0289.176] GetProcAddress (hModule=0x766d0000, lpProcName="send") returned 0x766e58a0 [0289.177] send (s=0x61c, buf=0x301042c*, len=174, flags=0) returned 174 [0289.179] GetProcAddress (hModule=0x766d0000, lpProcName="recv") returned 0x766e23a0 [0289.179] recv (in: s=0x61c, buf=0x301042c, len=5, flags=0 | out: buf=0x301042c*) returned 5 [0289.189] recv (in: s=0x61c, buf=0x3010431, len=67, flags=0 | out: buf=0x3010431*) returned 67 [0289.190] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x300dad4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3010838, Reserved2=0x0, phNewContext=0x3010418, pOutput=0x301084c, pfContextAttr=0x300eacc, ptsExpiry=0x73ecdc | out: phNewContext=0x3010418, pOutput=0x301084c, pfContextAttr=0x300eacc, ptsExpiry=0x73ecdc) returned 0x90312 [0289.191] recv (in: s=0x61c, buf=0x30108dc, len=5, flags=0 | out: buf=0x30108dc*) returned 5 [0289.192] recv (in: s=0x61c, buf=0x30108f5, len=2329, flags=0 | out: buf=0x30108f5*) returned 2329 [0289.192] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x300dad4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3011280, Reserved2=0x0, phNewContext=0x3010418, pOutput=0x3011294, pfContextAttr=0x300eacc, ptsExpiry=0x73ec3c | out: phNewContext=0x3010418, pOutput=0x3011294, pfContextAttr=0x300eacc, ptsExpiry=0x73ec3c) returned 0x90312 [0289.195] recv (in: s=0x61c, buf=0x3011324, len=5, flags=0 | out: buf=0x3011324*) returned 5 [0289.195] recv (in: s=0x61c, buf=0x301133d, len=115, flags=0 | out: buf=0x301133d*) returned 115 [0289.195] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x300dad4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3011420, Reserved2=0x0, phNewContext=0x3010418, pOutput=0x3011434, pfContextAttr=0x300eacc, ptsExpiry=0x73eb9c | out: phNewContext=0x3010418, pOutput=0x3011434, pfContextAttr=0x300eacc, ptsExpiry=0x73eb9c) returned 0x90312 [0289.201] recv (in: s=0x61c, buf=0x30114c4, len=5, flags=0 | out: buf=0x30114c4*) returned 5 [0289.201] recv (in: s=0x61c, buf=0x30114dd, len=4, flags=0 | out: buf=0x30114dd*) returned 4 [0289.203] InitializeSecurityContextW (in: phCredential=0x73eb04, phContext=0x73eaf4, pTargetName=0x300dad4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3011554, Reserved2=0x0, phNewContext=0x3010418, pOutput=0x3011568, pfContextAttr=0x300eacc, ptsExpiry=0x73eafc | out: phNewContext=0x3010418, pOutput=0x3011568, pfContextAttr=0x300eacc, ptsExpiry=0x73eafc) returned 0x90312 [0289.269] FreeContextBuffer (in: pvContextBuffer=0x98ac10 | out: pvContextBuffer=0x98ac10) returned 0x0 [0289.269] send (s=0x61c, buf=0x30115e4*, len=93, flags=0) returned 93 [0289.270] recv (in: s=0x61c, buf=0x30115e4, len=5, flags=0 | out: buf=0x30115e4*) returned 5 [0289.277] recv (in: s=0x61c, buf=0x3011669, len=202, flags=0 | out: buf=0x3011669*) returned 202 [0289.278] InitializeSecurityContextW (in: phCredential=0x73ea64, phContext=0x73ea54, pTargetName=0x300dad4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30117a4, Reserved2=0x0, phNewContext=0x3010418, pOutput=0x30117b8, pfContextAttr=0x300eacc, ptsExpiry=0x73ea5c | out: phNewContext=0x3010418, pOutput=0x30117b8, pfContextAttr=0x300eacc, ptsExpiry=0x73ea5c) returned 0x90312 [0289.278] recv (in: s=0x61c, buf=0x3011848, len=5, flags=0 | out: buf=0x3011848*) returned 5 [0289.278] recv (in: s=0x61c, buf=0x3011861, len=1, flags=0 | out: buf=0x3011861*) returned 1 [0289.279] InitializeSecurityContextW (in: phCredential=0x73e9c4, phContext=0x73e9b4, pTargetName=0x300dad4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30118d4, Reserved2=0x0, phNewContext=0x3010418, pOutput=0x30118e8, pfContextAttr=0x300eacc, ptsExpiry=0x73e9bc | out: phNewContext=0x3010418, pOutput=0x30118e8, pfContextAttr=0x300eacc, ptsExpiry=0x73e9bc) returned 0x90312 [0289.286] recv (in: s=0x61c, buf=0x3011978, len=5, flags=0 | out: buf=0x3011978*) returned 5 [0289.286] recv (in: s=0x61c, buf=0x3011991, len=40, flags=0 | out: buf=0x3011991*) returned 40 [0289.287] InitializeSecurityContextW (in: phCredential=0x73e924, phContext=0x73e914, pTargetName=0x300dad4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3011a2c, Reserved2=0x0, phNewContext=0x3010418, pOutput=0x3011a40, pfContextAttr=0x300eacc, ptsExpiry=0x73e91c | out: phNewContext=0x3010418, pOutput=0x3011a40, pfContextAttr=0x300eacc, ptsExpiry=0x73e91c) returned 0x0 [0289.459] GetProcAddress (hModule=0x70910000, lpProcName="QueryContextAttributesW") returned 0x73c15310 [0289.459] QueryContextAttributesW (in: phContext=0x3010418, ulAttribute=0x4, pBuffer=0x3011aec | out: pBuffer=0x3011aec) returned 0x0 [0289.460] QueryContextAttributesW (in: phContext=0x3010418, ulAttribute=0x5a, pBuffer=0x3011b44 | out: pBuffer=0x3011b44) returned 0x0 [0289.462] SysReAllocStringLen (in: pbstr=0x73dbe4*=0x0, psz="crypt32.dll", len=0xb | out: pbstr=0x73dbe4*="crypt32.dll") returned 1 [0289.462] CharLowerBuffW (in: lpsz="crypt32.dll", cchLength=0xb | out: lpsz="crypt32.dll") returned 0xb [0289.462] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\crypt32.dll", hFile=0x0, dwFlags=0x800) returned 0x0 [0289.463] GetLastError () returned 0x7e [0289.463] SetLastError (dwErrCode=0x7e) [0289.474] SysReAllocStringLen (in: pbstr=0x73dbe4*=0x0, psz="crypt32.dll", len=0xb | out: pbstr=0x73dbe4*="crypt32.dll") returned 1 [0289.474] CharLowerBuffW (in: lpsz="crypt32.dll", cchLength=0xb | out: lpsz="crypt32.dll") returned 0xb [0289.475] LoadLibraryExW (lpLibFileName="crypt32.dll", hFile=0x0, dwFlags=0x800) returned 0x77b90000 [0289.666] GetLastError () returned 0x0 [0289.667] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0289.667] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0289.667] GetModuleFileNameA (in: hModule=0x77b90000, lpFilename=0x73dac8, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0289.667] GetCurrentProcess () returned 0xffffffff [0289.667] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbcc*=0x77c80198, NumberOfBytesToProtect=0x73dbd0, NewAccessProtection=0x4, OldAccessProtection=0x73dc04 | out: BaseAddress=0x73dbcc*=0x77c80000, NumberOfBytesToProtect=0x73dbd0, OldAccessProtection=0x73dc04*=0x2) returned 0x0 [0289.668] GetCurrentProcess () returned 0xffffffff [0289.668] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbcc*=0x77c80198, NumberOfBytesToProtect=0x73dbd0, NewAccessProtection=0x2, OldAccessProtection=0x73dc04 | out: BaseAddress=0x73dbcc*=0x77c80000, NumberOfBytesToProtect=0x73dbd0, OldAccessProtection=0x73dc04*=0x4) returned 0x0 [0289.669] GetCurrentProcess () returned 0xffffffff [0289.669] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbcc*=0x77c801b4, NumberOfBytesToProtect=0x73dbd0, NewAccessProtection=0x4, OldAccessProtection=0x73dc04 | out: BaseAddress=0x73dbcc*=0x77c80000, NumberOfBytesToProtect=0x73dbd0, OldAccessProtection=0x73dc04*=0x2) returned 0x0 [0289.669] GetCurrentProcess () returned 0xffffffff [0289.669] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbcc*=0x77c801b4, NumberOfBytesToProtect=0x73dbd0, NewAccessProtection=0x2, OldAccessProtection=0x73dc04 | out: BaseAddress=0x73dbcc*=0x77c80000, NumberOfBytesToProtect=0x73dbd0, OldAccessProtection=0x73dc04*=0x4) returned 0x0 [0289.670] GetCurrentProcess () returned 0xffffffff [0289.670] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbcc*=0x77c800e8, NumberOfBytesToProtect=0x73dbd0, NewAccessProtection=0x4, OldAccessProtection=0x73dc04 | out: BaseAddress=0x73dbcc*=0x77c80000, NumberOfBytesToProtect=0x73dbd0, OldAccessProtection=0x73dc04*=0x2) returned 0x0 [0289.677] GetCurrentProcess () returned 0xffffffff [0289.678] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73dbcc*=0x77c800e8, NumberOfBytesToProtect=0x73dbd0, NewAccessProtection=0x2, OldAccessProtection=0x73dc04 | out: BaseAddress=0x73dbcc*=0x77c80000, NumberOfBytesToProtect=0x73dbd0, OldAccessProtection=0x73dc04*=0x4) returned 0x0 [0289.678] SetLastError (dwErrCode=0x0) [0289.679] GetProcAddress (hModule=0x77b90000, lpProcName="CertFreeCertificateContext") returned 0x77bc3aa0 [0289.680] QueryContextAttributesW (in: phContext=0x3010418, ulAttribute=0x53, pBuffer=0x3011bf0 | out: pBuffer=0x3011bf0) returned 0x0 [0289.701] GetProcAddress (hModule=0x77b90000, lpProcName="CertFreeCertificateContext") returned 0x77bc3aa0 [0289.712] SysReAllocStringLen (in: pbstr=0x73e3b4*=0x0, psz="CRYPT32.dll", len=0xb | out: pbstr=0x73e3b4*="CRYPT32.dll") returned 1 [0289.712] CharLowerBuffW (in: lpsz="CRYPT32.dll", cchLength=0xb | out: lpsz="crypt32.dll") returned 0xb [0289.712] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\CRYPT32.dll", hFile=0x0, dwFlags=0x8) returned 0x0 [0289.712] GetLastError () returned 0x7e [0289.712] SetLastError (dwErrCode=0x7e) [0289.713] SysReAllocStringLen (in: pbstr=0x73e3b4*=0x0, psz="CRYPT32.dll", len=0xb | out: pbstr=0x73e3b4*="CRYPT32.dll") returned 1 [0289.713] CharLowerBuffW (in: lpsz="CRYPT32.dll", cchLength=0xb | out: lpsz="crypt32.dll") returned 0xb [0289.713] LoadLibraryExW (lpLibFileName="CRYPT32.dll", hFile=0x0, dwFlags=0x800) returned 0x77b90000 [0289.713] GetLastError () returned 0x0 [0289.714] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0289.714] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0289.714] GetModuleFileNameA (in: hModule=0x77b90000, lpFilename=0x73e298, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0289.714] GetCurrentProcess () returned 0xffffffff [0289.714] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e39c*=0x77c80198, NumberOfBytesToProtect=0x73e3a0, NewAccessProtection=0x4, OldAccessProtection=0x73e3d4 | out: BaseAddress=0x73e39c*=0x77c80000, NumberOfBytesToProtect=0x73e3a0, OldAccessProtection=0x73e3d4*=0x2) returned 0x0 [0289.715] GetCurrentProcess () returned 0xffffffff [0289.715] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e39c*=0x77c80198, NumberOfBytesToProtect=0x73e3a0, NewAccessProtection=0x2, OldAccessProtection=0x73e3d4 | out: BaseAddress=0x73e39c*=0x77c80000, NumberOfBytesToProtect=0x73e3a0, OldAccessProtection=0x73e3d4*=0x4) returned 0x0 [0289.715] GetCurrentProcess () returned 0xffffffff [0289.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e39c*=0x77c801b4, NumberOfBytesToProtect=0x73e3a0, NewAccessProtection=0x4, OldAccessProtection=0x73e3d4 | out: BaseAddress=0x73e39c*=0x77c80000, NumberOfBytesToProtect=0x73e3a0, OldAccessProtection=0x73e3d4*=0x2) returned 0x0 [0289.716] GetCurrentProcess () returned 0xffffffff [0289.716] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e39c*=0x77c801b4, NumberOfBytesToProtect=0x73e3a0, NewAccessProtection=0x2, OldAccessProtection=0x73e3d4 | out: BaseAddress=0x73e39c*=0x77c80000, NumberOfBytesToProtect=0x73e3a0, OldAccessProtection=0x73e3d4*=0x4) returned 0x0 [0289.717] SetLastError (dwErrCode=0x0) [0289.833] GetProcAddress (hModule=0x77b90000, lpProcName="CertDuplicateCertificateContext") returned 0x77bc0b90 [0289.835] GetProcAddress (hModule=0x77b90000, lpProcName="CertGetCertificateContextProperty") returned 0x77bc5c70 [0289.837] GetProcAddress (hModule=0x77b90000, lpProcName="CertDuplicateCertificateContext") returned 0x77bc0b90 [0289.837] GetProcAddress (hModule=0x77b90000, lpProcName="CertDuplicateCertificateContextW") returned 0x0 [0289.838] CertDuplicateCertificateContext (pCertContext=0x9fd068) returned 0x9fd068 [0289.838] GetProcAddress (hModule=0x77b90000, lpProcName="CertCloseStore") returned 0x77bc4660 [0289.839] GetProcAddress (hModule=0x77b90000, lpProcName="CertDuplicateStore") returned 0x77be2970 [0289.840] GetProcAddress (hModule=0x77b90000, lpProcName="CertDuplicateStoreW") returned 0x0 [0289.840] CertDuplicateStore (hCertStore=0x98af58) returned 0x98af58 [0289.841] GetProcAddress (hModule=0x77b90000, lpProcName="CertEnumCertificatesInStore") returned 0x77bbf650 [0289.841] GetProcAddress (hModule=0x77b90000, lpProcName="CertEnumCertificatesInStoreW") returned 0x0 [0289.842] CertEnumCertificatesInStore (hCertStore=0x98af58, pPrevCertContext=0x0) returned 0x9fd018 [0289.847] CertDuplicateCertificateContext (pCertContext=0x9fd018) returned 0x9fd018 [0289.848] CertEnumCertificatesInStore (hCertStore=0x98af58, pPrevCertContext=0x9fd018) returned 0x9fd068 [0289.848] CertDuplicateCertificateContext (pCertContext=0x9fd068) returned 0x9fd068 [0289.848] CertEnumCertificatesInStore (hCertStore=0x98af58, pPrevCertContext=0x9fd068) returned 0x0 [0289.849] CertCloseStore (hCertStore=0x98af58, dwFlags=0x0) returned 1 [0289.849] CertFreeCRLContext (pCrlContext=0x9fd068) returned 1 [0289.850] GetProcAddress (hModule=0x77b90000, lpProcName="CertFreeCertificateChain") returned 0x77bb5c70 [0289.872] GetProcAddress (hModule=0x77b90000, lpProcName="CertOpenStore") returned 0x77bca5e0 [0289.873] GetProcAddress (hModule=0x77b90000, lpProcName="CertOpenStoreW") returned 0x0 [0289.873] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x98adf0 [0289.879] GetProcAddress (hModule=0x77b90000, lpProcName="CertAddCertificateLinkToStore") returned 0x77c0e3b0 [0289.880] GetProcAddress (hModule=0x77b90000, lpProcName="CertAddCertificateLinkToStoreW") returned 0x0 [0289.880] CertAddCRLLinkToStore (in: hCertStore=0x98adf0, pCrlContext=0x9fd018, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0289.880] CertAddCRLLinkToStore (in: hCertStore=0x98adf0, pCrlContext=0x9fd068, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0289.884] GetProcAddress (hModule=0x75ce0000, lpProcName="LocalFree") returned 0x75cff490 [0289.888] GetProcAddress (hModule=0x75ce0000, lpProcName="LocalAlloc") returned 0x75d003c0 [0289.972] GetProcAddress (hModule=0x75ce0000, lpProcName="LocalAllocW") returned 0x0 [0289.973] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x56ada50 [0289.976] GetProcAddress (hModule=0x77b90000, lpProcName="CertGetCertificateChain") returned 0x77bb8e10 [0289.977] GetProcAddress (hModule=0x77b90000, lpProcName="CertGetCertificateChainW") returned 0x0 [0289.979] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9fd068, pTime=0x73e930, hAdditionalStore=0x98adf0, pChainPara=0x73e870, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73e864 | out: ppChainContext=0x73e864) returned 1 [0290.181] LocalFree (hMem=0x56ada50) returned 0x0 [0290.181] GetProcAddress (hModule=0x77b90000, lpProcName="CertDuplicateCertificateChain") returned 0x77be29d0 [0290.181] GetProcAddress (hModule=0x77b90000, lpProcName="CertDuplicateCertificateChainW") returned 0x0 [0290.182] CertDuplicateCertificateChain (pChainContext=0x5704358) returned 0x5704358 [0290.183] CertDuplicateCertificateContext (pCertContext=0x9fd068) returned 0x9fd068 [0290.183] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0290.184] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0290.184] CertFreeCertificateChain (pChainContext=0x5704358) [0290.185] GetProcAddress (hModule=0x77b90000, lpProcName="CertVerifyCertificateChainPolicy") returned 0x77bce0f0 [0290.185] GetProcAddress (hModule=0x77b90000, lpProcName="CertVerifyCertificateChainPolicyW") returned 0x0 [0290.185] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5704358, pPolicyPara=0x73ea10, pPolicyStatus=0x73e9fc | out: pPolicyStatus=0x73e9fc) returned 1 [0290.196] GetProcAddress (hModule=0x75ce0000, lpProcName="SetLastError") returned 0x75cfdf00 [0290.196] SetLastError (dwErrCode=0x0) [0290.207] GetProcAddress (hModule=0x77b90000, lpProcName="CertFreeCertificateChain") returned 0x77bb5c70 [0290.214] GetProcAddress (hModule=0x77b90000, lpProcName="CertVerifyCertificateChainPolicy") returned 0x77bce0f0 [0290.214] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5704358, pPolicyPara=0x73ea70, pPolicyStatus=0x73ea24 | out: pPolicyStatus=0x73ea24) returned 1 [0290.221] CertFreeCertificateChain (pChainContext=0x5704358) [0290.221] CertFreeCRLContext (pCrlContext=0x9fd068) returned 1 [0290.227] GetProcAddress (hModule=0x77b90000, lpProcName="CertFreeCertificateContext") returned 0x77bc3aa0 [0290.231] CoTaskMemAlloc (cb=0x20c) returned 0x932b48 [0290.231] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x932b48, nSize=0x104 | out: lpBuffer="") returned 0x0 [0290.231] CoTaskMemFree (pv=0x932b48) [0290.231] CoTaskMemAlloc (cb=0x20c) returned 0x932920 [0290.231] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x932920, nSize=0x104 | out: lpBuffer="") returned 0x0 [0290.231] CoTaskMemFree (pv=0x932920) [0290.231] CoTaskMemAlloc (cb=0x20c) returned 0x932920 [0290.232] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x932920, nSize=0x104 | out: lpBuffer="") returned 0x0 [0290.232] CoTaskMemFree (pv=0x932920) [0290.232] CoTaskMemAlloc (cb=0x20c) returned 0x932920 [0290.232] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x932920, nSize=0x104 | out: lpBuffer="") returned 0x0 [0290.232] CoTaskMemFree (pv=0x932920) [0290.234] GetProcAddress (hModule=0x70910000, lpProcName="EncryptMessage") returned 0x73c158f0 [0290.234] EncryptMessage (in: phContext=0x3010418, fQOP=0x0, pMessage=0x3019fd4, MessageSeqNo=0x0 | out: pMessage=0x3019fd4) returned 0x0 [0290.234] send (s=0x61c, buf=0x3018aac*, len=103, flags=0) returned 103 [0290.276] GetProcAddress (hModule=0x766d0000, lpProcName="setsockopt") returned 0x766df070 [0290.277] setsockopt (s=0x61c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0290.280] recv (in: s=0x61c, buf=0x3026320, len=5, flags=0 | out: buf=0x3026320*) returned 5 [0290.280] recv (in: s=0x61c, buf=0x3026325, len=1393, flags=0 | out: buf=0x3026325*) returned 1393 [0290.281] GetProcAddress (hModule=0x70910000, lpProcName="DecryptMessage") returned 0x73c15950 [0290.281] DecryptMessage (in: phContext=0x3010418, pMessage=0x302a3e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302a3e0, pfQOP=0x0) returned 0x0 [0290.443] setsockopt (s=0x61c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0290.444] recv (in: s=0x61c, buf=0x3026320, len=5, flags=0 | out: buf=0x3026320*) returned 5 [0290.444] recv (in: s=0x61c, buf=0x3026325, len=1393, flags=0 | out: buf=0x3026325*) returned 1393 [0290.445] DecryptMessage (in: phContext=0x3010418, pMessage=0x302f9f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x302f9f8, pfQOP=0x0) returned 0x0 [0290.445] recv (in: s=0x61c, buf=0x3026320, len=5, flags=0 | out: buf=0x3026320*) returned 5 [0290.445] recv (in: s=0x61c, buf=0x3026325, len=1393, flags=0 | out: buf=0x3026325*) returned 1393 [0290.445] DecryptMessage (in: phContext=0x3010418, pMessage=0x3030808, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3030808, pfQOP=0x0) returned 0x0 [0290.445] recv (in: s=0x61c, buf=0x3026320, len=5, flags=0 | out: buf=0x3026320*) returned 5 [0290.446] recv (in: s=0x61c, buf=0x3026325, len=1393, flags=0 | out: buf=0x3026325*) returned 1393 [0290.446] DecryptMessage (in: phContext=0x3010418, pMessage=0x3031a44, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3031a44, pfQOP=0x0) returned 0x0 [0290.446] recv (in: s=0x61c, buf=0x3026320, len=5, flags=0 | out: buf=0x3026320*) returned 5 [0290.446] recv (in: s=0x61c, buf=0x3026325, len=1393, flags=0 | out: buf=0x3026325*) returned 1393 [0290.446] DecryptMessage (in: phContext=0x3010418, pMessage=0x3031b58, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3031b58, pfQOP=0x0) returned 0x0 [0290.447] recv (in: s=0x61c, buf=0x3026320, len=5, flags=0 | out: buf=0x3026320*) returned 5 [0290.448] recv (in: s=0x61c, buf=0x3026325, len=1393, flags=0 | out: buf=0x3026325*) returned 1393 [0290.448] DecryptMessage (in: phContext=0x3010418, pMessage=0x3033ebc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3033ebc, pfQOP=0x0) returned 0x0 [0290.448] recv (in: s=0x61c, buf=0x3026320, len=5, flags=0 | out: buf=0x3026320*) returned 5 [0290.448] recv (in: s=0x61c, buf=0x3026325, len=1393, flags=0 | out: buf=0x3026325*) returned 1393 [0290.448] DecryptMessage (in: phContext=0x3010418, pMessage=0x3033fd0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3033fd0, pfQOP=0x0) returned 0x0 [0290.448] recv (in: s=0x61c, buf=0x3026320, len=5, flags=0 | out: buf=0x3026320*) returned 5 [0290.448] recv (in: s=0x61c, buf=0x3026325, len=1393, flags=0 | out: buf=0x3026325*) returned 1393 [0290.449] DecryptMessage (in: phContext=0x3010418, pMessage=0x30340e4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30340e4, pfQOP=0x0) returned 0x0 [0290.449] recv (in: s=0x61c, buf=0x3026320, len=5, flags=0 | out: buf=0x3026320*) returned 5 [0290.449] recv (in: s=0x61c, buf=0x3026325, len=1393, flags=0 | out: buf=0x3026325*) returned 1393 [0290.450] DecryptMessage (in: phContext=0x3010418, pMessage=0x3038680, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3038680, pfQOP=0x0) returned 0x0 [0290.450] recv (in: s=0x61c, buf=0x3026320, len=5, flags=0 | out: buf=0x3026320*) returned 5 [0290.450] recv (in: s=0x61c, buf=0x3026325, len=1393, flags=0 | out: buf=0x3026325*) returned 1393 [0290.450] DecryptMessage (in: phContext=0x3010418, pMessage=0x30387a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30387a0, pfQOP=0x0) returned 0x0 [0290.450] recv (in: s=0x61c, buf=0x3026320, len=5, flags=0 | out: buf=0x3026320*) returned 5 [0290.450] recv (in: s=0x61c, buf=0x3026325, len=1393, flags=0 | out: buf=0x3026325*) returned 1393 [0290.451] DecryptMessage (in: phContext=0x3010418, pMessage=0x30388b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30388b4, pfQOP=0x0) returned 0x0 [0290.451] recv (in: s=0x61c, buf=0x3026320, len=5, flags=0 | out: buf=0x3026320*) returned 5 [0290.451] recv (in: s=0x61c, buf=0x3026325, len=1142, flags=0 | out: buf=0x3026325*) returned 1142 [0290.451] DecryptMessage (in: phContext=0x3010418, pMessage=0x30389c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30389c8, pfQOP=0x0) returned 0x0 [0290.468] SetEvent (hEvent=0x4a8) returned 1 [0290.471] QueryContextAttributesW (in: phContext=0x3010418, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0290.596] DeleteSecurityContext (phContext=0x3010418) returned 0x0 [0290.597] GetProcAddress (hModule=0x766d0000, lpProcName="shutdown") returned 0x766e32b0 [0290.599] shutdown (s=0x61c, how=2) returned 0 [0290.602] closesocket (s=0x61c) returned 0 [0290.611] SysReAllocStringLen (in: pbstr=0x73da6c*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x73da6c*="ntdll.dll") returned 1 [0290.611] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0290.611] GetModuleHandleW (lpModuleName="ntdll.dll") returned 0x77d40000 [0290.858] SysReAllocStringLen (in: pbstr=0x73e8e4*=0x0, psz="diasymreader.dll", len=0x10 | out: pbstr=0x73e8e4*="diasymreader.dll") returned 1 [0290.858] CharLowerBuffW (in: lpsz="diasymreader.dll", cchLength=0x10 | out: lpsz="diasymreader.dll") returned 0x10 [0290.858] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\diasymreader.dll", hFile=0x0, dwFlags=0x8) returned 0x6c200000 [0291.471] SysReAllocStringLen (in: pbstr=0x73e484*=0x0, psz="api-ms-win-core-synch-l1-2-0.dll", len=0x20 | out: pbstr=0x73e484*="api-ms-win-core-synch-l1-2-0.dll") returned 1 [0291.471] CharLowerBuffW (in: lpsz="api-ms-win-core-synch-l1-2-0.dll", cchLength=0x20 | out: lpsz="api-ms-win-core-synch-l1-2-0.dll") returned 0x20 [0291.472] GetModuleHandleW (lpModuleName="api-ms-win-core-synch-l1-2-0.dll") returned 0x77580000 [0291.474] GetProcAddress (hModule=0x77580000, lpProcName="InitializeConditionVariable") returned 0x77da50b0 [0291.475] GetProcAddress (hModule=0x77580000, lpProcName="SleepConditionVariableCS") returned 0x777325e0 [0291.475] GetProcAddress (hModule=0x77580000, lpProcName="WakeAllConditionVariable") returned 0x77da9190 [0291.495] GetLastError () returned 0x0 [0291.495] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0291.496] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0291.496] GetModuleFileNameA (in: hModule=0x6c200000, lpFilename=0x73e7c8, nSize=0x105 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\diasymreader.dll")) returned 0x3e [0291.496] GetCurrentProcess () returned 0xffffffff [0291.496] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2020, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.497] GetCurrentProcess () returned 0xffffffff [0291.497] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2020, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.497] GetCurrentProcess () returned 0xffffffff [0291.497] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2028, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.498] GetCurrentProcess () returned 0xffffffff [0291.498] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2028, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.499] GetCurrentProcess () returned 0xffffffff [0291.499] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2040, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.499] GetCurrentProcess () returned 0xffffffff [0291.499] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2040, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.500] GetCurrentProcess () returned 0xffffffff [0291.500] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2050, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.501] GetCurrentProcess () returned 0xffffffff [0291.501] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2050, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.501] GetCurrentProcess () returned 0xffffffff [0291.501] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2054, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.502] GetCurrentProcess () returned 0xffffffff [0291.502] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2054, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.578] GetCurrentProcess () returned 0xffffffff [0291.578] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2074, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.579] GetCurrentProcess () returned 0xffffffff [0291.579] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2074, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.579] GetCurrentProcess () returned 0xffffffff [0291.579] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2094, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.580] GetCurrentProcess () returned 0xffffffff [0291.580] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2094, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.580] GetCurrentProcess () returned 0xffffffff [0291.581] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2098, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.633] GetCurrentProcess () returned 0xffffffff [0291.633] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2098, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.634] GetCurrentProcess () returned 0xffffffff [0291.634] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f209c, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.634] GetCurrentProcess () returned 0xffffffff [0291.634] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f209c, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.635] GetCurrentProcess () returned 0xffffffff [0291.635] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20a0, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.635] GetCurrentProcess () returned 0xffffffff [0291.636] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20a0, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.636] GetCurrentProcess () returned 0xffffffff [0291.636] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20a4, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.637] GetCurrentProcess () returned 0xffffffff [0291.637] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20a4, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.637] GetCurrentProcess () returned 0xffffffff [0291.637] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20a8, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.638] GetCurrentProcess () returned 0xffffffff [0291.638] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20a8, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.638] GetCurrentProcess () returned 0xffffffff [0291.638] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20b0, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.639] GetCurrentProcess () returned 0xffffffff [0291.639] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20b0, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.639] GetCurrentProcess () returned 0xffffffff [0291.639] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20d8, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.639] GetCurrentProcess () returned 0xffffffff [0291.640] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20d8, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.640] GetCurrentProcess () returned 0xffffffff [0291.640] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20f4, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.640] GetCurrentProcess () returned 0xffffffff [0291.640] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20f4, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.641] GetCurrentProcess () returned 0xffffffff [0291.641] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20f8, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.641] GetCurrentProcess () returned 0xffffffff [0291.641] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20f8, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.642] GetCurrentProcess () returned 0xffffffff [0291.642] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2128, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.642] GetCurrentProcess () returned 0xffffffff [0291.642] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2128, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.643] SetLastError (dwErrCode=0x0) [0291.643] GetProcAddress (hModule=0x6c200000, lpProcName="DllGetClassObject") returned 0x6c2291b0 [0291.745] CreateFileW (lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system\\v4.0_4.0.0.0__b77a5c561934e089\\system.pdb"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x73c9d0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0xffffffff [0291.745] GetLastError () returned 0x2 [0291.745] SysReAllocStringLen (in: pbstr=0x73c968*=0x0, psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", len=0x5b | out: pbstr=0x73c968*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb") returned 1 [0291.764] GetThreadLocale () returned 0x409 [0291.823] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0291.823] GetThreadLocale () returned 0x409 [0291.823] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0291.823] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", nBufferLength=0x104, lpBuffer=0x73c6ec, lpFilePart=0x73c6e8 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", lpFilePart=0x73c6e8*="System.pdb") returned 0x5b [0291.823] SysReAllocStringLen (in: pbstr=0x73c968*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", len=0x5b | out: pbstr=0x73c968*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb") returned 1 [0291.823] SysReAllocStringLen (in: pbstr=0x73c918*=0x0, psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", len=0x5b | out: pbstr=0x73c918*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb") returned 1 [0291.823] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", cchLength=0x5b | out: lpsz="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system\\v4.0_4.0.0.0__b77a5c561934e089\\system.pdb") returned 0x5b [0291.823] SysReAllocStringLen (in: pbstr=0x73c968*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", psz="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system\\v4.0_4.0.0.0__b77a5c561934e089\\system.pdb", len=0x5b | out: pbstr=0x73c968*="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system\\v4.0_4.0.0.0__b77a5c561934e089\\system.pdb") returned 1 [0291.824] SetLastError (dwErrCode=0x2) [0291.824] CreateFileW (lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system\\v4.0_4.0.0.0__b77a5c561934e089\\system.pdb"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0xffffffff [0291.824] GetLastError () returned 0x2 [0291.824] SysReAllocStringLen (in: pbstr=0x73c974*=0x0, psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", len=0x5b | out: pbstr=0x73c974*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb") returned 1 [0291.824] GetThreadLocale () returned 0x409 [0291.824] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0291.824] GetThreadLocale () returned 0x409 [0291.824] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0291.824] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", nBufferLength=0x104, lpBuffer=0x73c6f8, lpFilePart=0x73c6f4 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", lpFilePart=0x73c6f4*="System.pdb") returned 0x5b [0291.824] SysReAllocStringLen (in: pbstr=0x73c974*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", len=0x5b | out: pbstr=0x73c974*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb") returned 1 [0291.824] SysReAllocStringLen (in: pbstr=0x73c924*=0x0, psz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", len=0x5b | out: pbstr=0x73c924*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb") returned 1 [0291.824] CharLowerBuffW (in: lpsz="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", cchLength=0x5b | out: lpsz="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system\\v4.0_4.0.0.0__b77a5c561934e089\\system.pdb") returned 0x5b [0291.825] SysReAllocStringLen (in: pbstr=0x73c974*="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.pdb", psz="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system\\v4.0_4.0.0.0__b77a5c561934e089\\system.pdb", len=0x5b | out: pbstr=0x73c974*="c:\\windows\\microsoft.net\\assembly\\gac_msil\\system\\v4.0_4.0.0.0__b77a5c561934e089\\system.pdb") returned 1 [0291.825] SetLastError (dwErrCode=0x2) [0291.826] CreateFileW (lpFileName="C:\\Windows\\symbols\\dll\\System.pdb" (normalized: "c:\\windows\\symbols\\dll\\system.pdb"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x73cb98, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0xffffffff [0291.826] GetLastError () returned 0x3 [0291.827] SysReAllocStringLen (in: pbstr=0x73cb30*=0x0, psz="C:\\Windows\\symbols\\dll\\System.pdb", len=0x21 | out: pbstr=0x73cb30*="C:\\Windows\\symbols\\dll\\System.pdb") returned 1 [0291.827] GetThreadLocale () returned 0x409 [0291.827] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\symbols\\dll\\System.pdb", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0291.827] GetThreadLocale () returned 0x409 [0291.827] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\symbols\\dll\\System.pdb", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0291.827] GetFullPathNameW (in: lpFileName="C:\\Windows\\symbols\\dll\\System.pdb", nBufferLength=0x104, lpBuffer=0x73c8b4, lpFilePart=0x73c8b0 | out: lpBuffer="C:\\Windows\\symbols\\dll\\System.pdb", lpFilePart=0x73c8b0*="System.pdb") returned 0x21 [0291.827] SysReAllocStringLen (in: pbstr=0x73cb30*="C:\\Windows\\symbols\\dll\\System.pdb", psz="C:\\Windows\\symbols\\dll\\System.pdb", len=0x21 | out: pbstr=0x73cb30*="C:\\Windows\\symbols\\dll\\System.pdb") returned 1 [0291.827] SysReAllocStringLen (in: pbstr=0x73cae0*=0x0, psz="C:\\Windows\\symbols\\dll\\System.pdb", len=0x21 | out: pbstr=0x73cae0*="C:\\Windows\\symbols\\dll\\System.pdb") returned 1 [0291.827] CharLowerBuffW (in: lpsz="C:\\Windows\\symbols\\dll\\System.pdb", cchLength=0x21 | out: lpsz="c:\\windows\\symbols\\dll\\system.pdb") returned 0x21 [0291.827] SysReAllocStringLen (in: pbstr=0x73cb30*="C:\\Windows\\symbols\\dll\\System.pdb", psz="c:\\windows\\symbols\\dll\\system.pdb", len=0x21 | out: pbstr=0x73cb30*="c:\\windows\\symbols\\dll\\system.pdb") returned 1 [0291.827] SetLastError (dwErrCode=0x3) [0291.827] CreateFileW (lpFileName="C:\\Windows\\symbols\\dll\\System.pdb" (normalized: "c:\\windows\\symbols\\dll\\system.pdb"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0xffffffff [0291.827] GetLastError () returned 0x3 [0291.828] SysReAllocStringLen (in: pbstr=0x73cb3c*=0x0, psz="C:\\Windows\\symbols\\dll\\System.pdb", len=0x21 | out: pbstr=0x73cb3c*="C:\\Windows\\symbols\\dll\\System.pdb") returned 1 [0291.828] GetThreadLocale () returned 0x409 [0291.828] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\symbols\\dll\\System.pdb", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0291.828] GetThreadLocale () returned 0x409 [0291.828] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\symbols\\dll\\System.pdb", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0291.828] GetFullPathNameW (in: lpFileName="C:\\Windows\\symbols\\dll\\System.pdb", nBufferLength=0x104, lpBuffer=0x73c8c0, lpFilePart=0x73c8bc | out: lpBuffer="C:\\Windows\\symbols\\dll\\System.pdb", lpFilePart=0x73c8bc*="System.pdb") returned 0x21 [0291.828] SysReAllocStringLen (in: pbstr=0x73cb3c*="C:\\Windows\\symbols\\dll\\System.pdb", psz="C:\\Windows\\symbols\\dll\\System.pdb", len=0x21 | out: pbstr=0x73cb3c*="C:\\Windows\\symbols\\dll\\System.pdb") returned 1 [0291.828] SysReAllocStringLen (in: pbstr=0x73caec*=0x0, psz="C:\\Windows\\symbols\\dll\\System.pdb", len=0x21 | out: pbstr=0x73caec*="C:\\Windows\\symbols\\dll\\System.pdb") returned 1 [0291.828] CharLowerBuffW (in: lpsz="C:\\Windows\\symbols\\dll\\System.pdb", cchLength=0x21 | out: lpsz="c:\\windows\\symbols\\dll\\system.pdb") returned 0x21 [0291.828] SysReAllocStringLen (in: pbstr=0x73cb3c*="C:\\Windows\\symbols\\dll\\System.pdb", psz="c:\\windows\\symbols\\dll\\system.pdb", len=0x21 | out: pbstr=0x73cb3c*="c:\\windows\\symbols\\dll\\system.pdb") returned 1 [0291.828] SetLastError (dwErrCode=0x3) [0291.828] CreateFileW (lpFileName="C:\\Windows\\dll\\System.pdb" (normalized: "c:\\windows\\dll\\system.pdb"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x73cb98, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0xffffffff [0291.829] GetLastError () returned 0x3 [0291.829] SysReAllocStringLen (in: pbstr=0x73cb30*=0x0, psz="C:\\Windows\\dll\\System.pdb", len=0x19 | out: pbstr=0x73cb30*="C:\\Windows\\dll\\System.pdb") returned 1 [0291.829] GetThreadLocale () returned 0x409 [0291.829] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\dll\\System.pdb", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0291.829] GetThreadLocale () returned 0x409 [0291.829] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\dll\\System.pdb", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0291.829] GetFullPathNameW (in: lpFileName="C:\\Windows\\dll\\System.pdb", nBufferLength=0x104, lpBuffer=0x73c8b4, lpFilePart=0x73c8b0 | out: lpBuffer="C:\\Windows\\dll\\System.pdb", lpFilePart=0x73c8b0*="System.pdb") returned 0x19 [0291.829] SysReAllocStringLen (in: pbstr=0x73cb30*="C:\\Windows\\dll\\System.pdb", psz="C:\\Windows\\dll\\System.pdb", len=0x19 | out: pbstr=0x73cb30*="C:\\Windows\\dll\\System.pdb") returned 1 [0291.829] SysReAllocStringLen (in: pbstr=0x73cae0*=0x0, psz="C:\\Windows\\dll\\System.pdb", len=0x19 | out: pbstr=0x73cae0*="C:\\Windows\\dll\\System.pdb") returned 1 [0291.829] CharLowerBuffW (in: lpsz="C:\\Windows\\dll\\System.pdb", cchLength=0x19 | out: lpsz="c:\\windows\\dll\\system.pdb") returned 0x19 [0291.829] SysReAllocStringLen (in: pbstr=0x73cb30*="C:\\Windows\\dll\\System.pdb", psz="c:\\windows\\dll\\system.pdb", len=0x19 | out: pbstr=0x73cb30*="c:\\windows\\dll\\system.pdb") returned 1 [0291.829] SetLastError (dwErrCode=0x3) [0291.829] CreateFileW (lpFileName="C:\\Windows\\dll\\System.pdb" (normalized: "c:\\windows\\dll\\system.pdb"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0xffffffff [0291.830] GetLastError () returned 0x3 [0291.830] SysReAllocStringLen (in: pbstr=0x73cb3c*=0x0, psz="C:\\Windows\\dll\\System.pdb", len=0x19 | out: pbstr=0x73cb3c*="C:\\Windows\\dll\\System.pdb") returned 1 [0291.830] GetThreadLocale () returned 0x409 [0291.830] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\dll\\System.pdb", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0291.830] GetThreadLocale () returned 0x409 [0291.830] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\dll\\System.pdb", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0291.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\dll\\System.pdb", nBufferLength=0x104, lpBuffer=0x73c8c0, lpFilePart=0x73c8bc | out: lpBuffer="C:\\Windows\\dll\\System.pdb", lpFilePart=0x73c8bc*="System.pdb") returned 0x19 [0291.830] SysReAllocStringLen (in: pbstr=0x73cb3c*="C:\\Windows\\dll\\System.pdb", psz="C:\\Windows\\dll\\System.pdb", len=0x19 | out: pbstr=0x73cb3c*="C:\\Windows\\dll\\System.pdb") returned 1 [0291.830] SysReAllocStringLen (in: pbstr=0x73caec*=0x0, psz="C:\\Windows\\dll\\System.pdb", len=0x19 | out: pbstr=0x73caec*="C:\\Windows\\dll\\System.pdb") returned 1 [0291.830] CharLowerBuffW (in: lpsz="C:\\Windows\\dll\\System.pdb", cchLength=0x19 | out: lpsz="c:\\windows\\dll\\system.pdb") returned 0x19 [0291.830] SysReAllocStringLen (in: pbstr=0x73cb3c*="C:\\Windows\\dll\\System.pdb", psz="c:\\windows\\dll\\system.pdb", len=0x19 | out: pbstr=0x73cb3c*="c:\\windows\\dll\\system.pdb") returned 1 [0291.830] SetLastError (dwErrCode=0x3) [0291.831] CreateFileW (lpFileName="C:\\Windows\\System.pdb" (normalized: "c:\\windows\\system.pdb"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x73cb98, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0xffffffff [0291.831] GetLastError () returned 0x2 [0291.831] SysReAllocStringLen (in: pbstr=0x73cb30*=0x0, psz="C:\\Windows\\System.pdb", len=0x15 | out: pbstr=0x73cb30*="C:\\Windows\\System.pdb") returned 1 [0291.831] GetThreadLocale () returned 0x409 [0291.832] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\System.pdb", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0291.832] GetThreadLocale () returned 0x409 [0291.832] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\System.pdb", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0291.832] GetFullPathNameW (in: lpFileName="C:\\Windows\\System.pdb", nBufferLength=0x104, lpBuffer=0x73c8b4, lpFilePart=0x73c8b0 | out: lpBuffer="C:\\Windows\\System.pdb", lpFilePart=0x73c8b0*="System.pdb") returned 0x15 [0291.832] SysReAllocStringLen (in: pbstr=0x73cb30*="C:\\Windows\\System.pdb", psz="C:\\Windows\\System.pdb", len=0x15 | out: pbstr=0x73cb30*="C:\\Windows\\System.pdb") returned 1 [0291.832] SysReAllocStringLen (in: pbstr=0x73cae0*=0x0, psz="C:\\Windows\\System.pdb", len=0x15 | out: pbstr=0x73cae0*="C:\\Windows\\System.pdb") returned 1 [0291.832] CharLowerBuffW (in: lpsz="C:\\Windows\\System.pdb", cchLength=0x15 | out: lpsz="c:\\windows\\system.pdb") returned 0x15 [0291.832] SysReAllocStringLen (in: pbstr=0x73cb30*="C:\\Windows\\System.pdb", psz="c:\\windows\\system.pdb", len=0x15 | out: pbstr=0x73cb30*="c:\\windows\\system.pdb") returned 1 [0291.832] SetLastError (dwErrCode=0x2) [0291.832] CreateFileW (lpFileName="C:\\Windows\\System.pdb" (normalized: "c:\\windows\\system.pdb"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0xffffffff [0291.833] GetLastError () returned 0x2 [0291.834] SysReAllocStringLen (in: pbstr=0x73cb3c*=0x0, psz="C:\\Windows\\System.pdb", len=0x15 | out: pbstr=0x73cb3c*="C:\\Windows\\System.pdb") returned 1 [0291.834] GetThreadLocale () returned 0x409 [0291.834] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\System.pdb", cchCount1=4, lpString2="\\\\?\\", cchCount2=4) returned 3 [0291.834] GetThreadLocale () returned 0x409 [0291.834] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="C:\\Windows\\System.pdb", cchCount1=4, lpString2="\\??\\", cchCount2=4) returned 3 [0291.834] GetFullPathNameW (in: lpFileName="C:\\Windows\\System.pdb", nBufferLength=0x104, lpBuffer=0x73c8c0, lpFilePart=0x73c8bc | out: lpBuffer="C:\\Windows\\System.pdb", lpFilePart=0x73c8bc*="System.pdb") returned 0x15 [0291.834] SysReAllocStringLen (in: pbstr=0x73cb3c*="C:\\Windows\\System.pdb", psz="C:\\Windows\\System.pdb", len=0x15 | out: pbstr=0x73cb3c*="C:\\Windows\\System.pdb") returned 1 [0291.834] SysReAllocStringLen (in: pbstr=0x73caec*=0x0, psz="C:\\Windows\\System.pdb", len=0x15 | out: pbstr=0x73caec*="C:\\Windows\\System.pdb") returned 1 [0291.834] CharLowerBuffW (in: lpsz="C:\\Windows\\System.pdb", cchLength=0x15 | out: lpsz="c:\\windows\\system.pdb") returned 0x15 [0291.834] SysReAllocStringLen (in: pbstr=0x73cb3c*="C:\\Windows\\System.pdb", psz="c:\\windows\\system.pdb", len=0x15 | out: pbstr=0x73cb3c*="c:\\windows\\system.pdb") returned 1 [0291.834] SetLastError (dwErrCode=0x2) [0291.841] SysReAllocStringLen (in: pbstr=0x73e8e4*=0x0, psz="diasymreader.dll", len=0x10 | out: pbstr=0x73e8e4*="diasymreader.dll") returned 1 [0291.841] CharLowerBuffW (in: lpsz="diasymreader.dll", cchLength=0x10 | out: lpsz="diasymreader.dll") returned 0x10 [0291.841] LoadLibraryExW (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\diasymreader.dll", hFile=0x0, dwFlags=0x8) returned 0x6c200000 [0291.842] GetLastError () returned 0x0 [0291.842] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0291.842] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0291.842] GetModuleFileNameA (in: hModule=0x6c200000, lpFilename=0x73e7c8, nSize=0x105 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\diasymreader.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\diasymreader.dll")) returned 0x3e [0291.842] GetCurrentProcess () returned 0xffffffff [0291.842] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2020, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.843] GetCurrentProcess () returned 0xffffffff [0291.843] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2020, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.843] GetCurrentProcess () returned 0xffffffff [0291.843] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2028, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.844] GetCurrentProcess () returned 0xffffffff [0291.844] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2028, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.844] GetCurrentProcess () returned 0xffffffff [0291.844] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2040, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.845] GetCurrentProcess () returned 0xffffffff [0291.845] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2040, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.845] GetCurrentProcess () returned 0xffffffff [0291.845] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20b0, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.846] GetCurrentProcess () returned 0xffffffff [0291.846] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20b0, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.846] GetCurrentProcess () returned 0xffffffff [0291.846] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20d8, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.846] GetCurrentProcess () returned 0xffffffff [0291.846] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20d8, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.850] GetCurrentProcess () returned 0xffffffff [0291.850] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20f4, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.850] GetCurrentProcess () returned 0xffffffff [0291.850] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20f4, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.851] GetCurrentProcess () returned 0xffffffff [0291.851] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20f8, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.851] GetCurrentProcess () returned 0xffffffff [0291.851] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f20f8, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.851] GetCurrentProcess () returned 0xffffffff [0291.851] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2128, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x4, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x2) returned 0x0 [0291.852] GetCurrentProcess () returned 0xffffffff [0291.852] NtProtectVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x73e8cc*=0x6c2f2128, NumberOfBytesToProtect=0x73e8d0, NewAccessProtection=0x2, OldAccessProtection=0x73e904 | out: BaseAddress=0x73e8cc*=0x6c2f2000, NumberOfBytesToProtect=0x73e8d0, OldAccessProtection=0x73e904*=0x4) returned 0x0 [0291.852] SetLastError (dwErrCode=0x0) [0291.853] GetProcAddress (hModule=0x6c200000, lpProcName="DllGetClassObject") returned 0x6c2291b0 [0292.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0292.632] LocalReAlloc (hMem=0x994528, uBytes=0xb8, uFlags=0x2) returned 0x970ad8 [0292.632] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x5c, lpBuffer=0x970ad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x5b [0292.632] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x73ed78) returned 1 [0292.633] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system\\v4.0_4.0.0.0__b77a5c561934e089\\system.dll"), fInfoLevelId=0x0, lpFileInformation=0x73f03c | out: lpFileInformation=0x73f03c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fb7551b, ftCreationTime.dwHighDateTime=0x1d5acde, ftLastAccessTime.dwLowDateTime=0x91a8073d, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0x2fb99314, ftLastWriteTime.dwHighDateTime=0x1d5acde, nFileSizeHigh=0x0, nFileSizeLow=0x365630)) returned 1 [0292.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x73ed74) returned 1 [0292.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x5c [0292.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x5c, lpBuffer=0x970ad8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x5b [0292.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x73ef94) returned 1 [0292.633] CreateFileW (lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System\\v4.0_4.0.0.0__b77a5c561934e089\\System.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system\\v4.0_4.0.0.0__b77a5c561934e089\\system.dll"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x73c [0292.634] GetFileType (hFile=0x73c) returned 0x1 [0292.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x73ef90) returned 1 [0292.634] GetFileType (hFile=0x73c) returned 0x1 [0292.640] GetFileSize (in: hFile=0x73c, lpFileSizeHigh=0x73f038 | out: lpFileSizeHigh=0x73f038*=0x0) returned 0x365630 [0292.647] SetFilePointer (in: hFile=0x73c, lDistanceToMove=0, lpDistanceToMoveHigh=0x73ef40*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x73ef40*=0) returned 0x0 [0292.648] GetFileSize (in: hFile=0x73c, lpFileSizeHigh=0x73ef40 | out: lpFileSizeHigh=0x73ef40*=0x0) returned 0x365630 [0292.648] ReadFile (in: hFile=0x73c, lpBuffer=0x303d34c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x73eec8, lpOverlapped=0x0 | out: lpBuffer=0x303d34c*, lpNumberOfBytesRead=0x73eec8*=0x1000, lpOverlapped=0x0) returned 1 [0292.649] SetFilePointer (in: hFile=0x73c, lDistanceToMove=60, lpDistanceToMoveHigh=0x73eee4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x73eee4*=0) returned 0x3c [0292.649] SetFilePointer (in: hFile=0x73c, lDistanceToMove=4036, lpDistanceToMoveHigh=0x73eee4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x73eee4*=0) returned 0x1000 [0292.649] SetFilePointer (in: hFile=0x73c, lDistanceToMove=128, lpDistanceToMoveHigh=0x73eee4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x73eee4*=0) returned 0x80 [0292.649] SetFilePointer (in: hFile=0x73c, lDistanceToMove=3968, lpDistanceToMoveHigh=0x73eee4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x73eee4*=0) returned 0x1000 [0292.663] SetFilePointer (in: hFile=0x73c, lDistanceToMove=520, lpDistanceToMoveHigh=0x73ef04*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x73ef04*=0) returned 0x208 [0292.663] SetFilePointer (in: hFile=0x73c, lDistanceToMove=3576, lpDistanceToMoveHigh=0x73ef04*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x73ef04*=0) returned 0x1000 [0292.724] GetProcAddress (hModule=0x75ce0000, lpProcName="LocalAlloc") returned 0x75d003c0 [0292.724] LocalAlloc (uFlags=0x0, uBytes=0x1c) returned 0x5715960 [0292.724] SetFilePointer (in: hFile=0x73c, lDistanceToMove=3297608, lpDistanceToMoveHigh=0x73eef0*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x73eef0*=0) returned 0x325148 [0292.726] ReadFile (in: hFile=0x73c, lpBuffer=0x303d34c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x73eed0, lpOverlapped=0x0 | out: lpBuffer=0x303d34c*, lpNumberOfBytesRead=0x73eed0*=0x1000, lpOverlapped=0x0) returned 1 [0292.733] LocalFree (hMem=0x5715960) returned 0x0 [0292.736] CloseHandle (hObject=0x73c) returned 1 [0292.737] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x36 [0292.737] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x36, lpBuffer=0x970ad8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x0) returned 0x35 [0292.737] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x970ad8, cchBuffer=0x36 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\esf.exe") returned 0x37 [0292.739] LocalReAlloc (hMem=0x970ad8, uBytes=0x6e, uFlags=0x2) returned 0x970ad8 [0292.739] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x970ad8, cchBuffer=0x37 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 0x36 [0292.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x73ed78) returned 1 [0292.741] GetFileAttributesExW (in: lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe"), fInfoLevelId=0x0, lpFileInformation=0x73f03c | out: lpFileInformation=0x73f03c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6d7469be, ftCreationTime.dwHighDateTime=0x1da8806, ftLastAccessTime.dwLowDateTime=0x91b8b773, ftLastAccessTime.dwHighDateTime=0x1da8806, ftLastWriteTime.dwLowDateTime=0xe5e7750c, ftLastWriteTime.dwHighDateTime=0x1da8528, nFileSizeHigh=0x0, nFileSizeLow=0x11bc00)) returned 1 [0292.741] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x73ed74) returned 1 [0292.741] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x36 [0292.741] GetFullPathNameW (in: lpFileName="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", nBufferLength=0x36, lpBuffer=0x970ad8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpFilePart=0x0) returned 0x35 [0292.741] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x970ad8, cchBuffer=0x36 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\esf.exe") returned 0x37 [0292.742] LocalReAlloc (hMem=0x970ad8, uBytes=0x6e, uFlags=0x2) returned 0x970ad8 [0292.742] GetLongPathNameW (in: lpszShortPath="C:\\Users\\OQXZRA~1\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe", lpszLongPath=0x970ad8, cchBuffer=0x37 | out: lpszLongPath="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe") returned 0x36 [0292.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x73ef94) returned 1 [0292.744] CreateFileW (lpFileName="C:\\Users\\OqXZRaykm\\AppData\\Local\\Temp\\RarSFX1\\gesf.exe" (normalized: "c:\\users\\oqxzraykm\\appdata\\local\\temp\\rarsfx1\\gesf.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x73c [0292.744] GetFileType (hFile=0x73c) returned 0x1 [0292.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x73ef90) returned 1 [0292.744] GetFileType (hFile=0x73c) returned 0x1 [0292.744] GetFileSize (in: hFile=0x73c, lpFileSizeHigh=0x73f038 | out: lpFileSizeHigh=0x73f038*=0x0) returned 0x11bc00 [0292.744] SetFilePointer (in: hFile=0x73c, lDistanceToMove=0, lpDistanceToMoveHigh=0x73ef40*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x73ef40*=0) returned 0x0 [0292.744] GetFileSize (in: hFile=0x73c, lpFileSizeHigh=0x73ef40 | out: lpFileSizeHigh=0x73ef40*=0x0) returned 0x11bc00 [0292.744] ReadFile (in: hFile=0x73c, lpBuffer=0x303ea1c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x73eec8, lpOverlapped=0x0 | out: lpBuffer=0x303ea1c*, lpNumberOfBytesRead=0x73eec8*=0x1000, lpOverlapped=0x0) returned 1 [0292.744] SetFilePointer (in: hFile=0x73c, lDistanceToMove=60, lpDistanceToMoveHigh=0x73eee4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x73eee4*=0) returned 0x3c [0292.745] SetFilePointer (in: hFile=0x73c, lDistanceToMove=4036, lpDistanceToMoveHigh=0x73eee4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x73eee4*=0) returned 0x1000 [0292.745] SetFilePointer (in: hFile=0x73c, lDistanceToMove=128, lpDistanceToMoveHigh=0x73eee4*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x73eee4*=0) returned 0x80 [0292.745] SetFilePointer (in: hFile=0x73c, lDistanceToMove=3968, lpDistanceToMoveHigh=0x73eee4*=0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x73eee4*=0) returned 0x1000 [0292.750] CloseHandle (hObject=0x73c) returned 1 [0292.827] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743057980911) returned 1 [0292.829] SetEvent (hEvent=0x4a8) returned 1 [0292.838] GetProcAddress (hModule=0x75ce0000, lpProcName="QueryUnbiasedInterruptTime") returned 0x75d02080 [0292.838] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x73f168 | out: UnbiasedTime=0x73f168) returned 1 [0292.840] SysReAllocStringLen (in: pbstr=0x73ef24*=0x0, psz="ntdll.dll", len=0x9 | out: pbstr=0x73ef24*="ntdll.dll") returned 1 [0292.840] CharLowerBuffW (in: lpsz="ntdll.dll", cchLength=0x9 | out: lpsz="ntdll.dll") returned 0x9 [0292.840] LoadLibraryExW (lpLibFileName="ntdll.dll", hFile=0x0, dwFlags=0x0) returned 0x77d40000 [0292.841] GetLastError () returned 0x0 [0292.841] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0292.842] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0292.842] SetLastError (dwErrCode=0x0) [0292.842] SysReAllocStringLen (in: pbstr=0x73ef24*=0x0, psz="kernel32.dll", len=0xc | out: pbstr=0x73ef24*="kernel32.dll") returned 1 [0292.842] CharLowerBuffW (in: lpsz="kernel32.dll", cchLength=0xc | out: lpsz="kernel32.dll") returned 0xc [0292.842] LoadLibraryExW (lpLibFileName="kernel32.dll", hFile=0x0, dwFlags=0x0) returned 0x75ce0000 [0292.843] GetLastError () returned 0x0 [0292.843] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x75ce0000 [0292.844] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77d40000 [0292.844] GetModuleFileNameA (in: hModule=0x75ce0000, lpFilename=0x73ee08, nSize=0x105 | out: lpFilename="C:\\Windows\\System32\\KERNEL32.DLL" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0292.844] SetLastError (dwErrCode=0x0) [0292.845] GetProcAddress (hModule=0x77d40000, lpProcName="NtQueryInformationThread") returned 0x77db1300 [0292.845] GetProcAddress (hModule=0x77d40000, lpProcName="NtQuerySystemInformation") returned 0x77db1410 [0292.853] GetProcAddress (hModule=0x75ce0000, lpProcName="CreateWaitableTimerExW") returned 0x75d02f30 [0292.856] GetProcAddress (hModule=0x75ce0000, lpProcName="SetWaitableTimerEx") returned 0x7769d450 [0293.178] GetCurrentThreadId () returned 0xfe0 [0293.178] ResetEvent (hEvent=0x1f4) returned 1 [0293.178] GetCurrentThreadId () returned 0xfe0 [0293.178] GetCurrentThreadId () returned 0xfe0 [0293.178] GetCurrentThreadId () returned 0xfe0 [0293.178] GetCurrentThreadId () returned 0xfe0 [0293.179] ResetEvent (hEvent=0x1f4) returned 1 [0293.179] GetCurrentThreadId () returned 0xfe0 [0293.179] GetCurrentThreadId () returned 0xfe0 [0293.179] SetEvent (hEvent=0x1f8) returned 1 [0293.179] SetEvent (hEvent=0x1f4) returned 1 [0293.179] CloseHandle (hObject=0x74c) returned 1 [0293.179] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x73f158 | out: UnbiasedTime=0x73f158) returned 1 [0293.183] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0293.183] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0293.184] WSAConnect (in: s=0x74c, name=0x3053318*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0293.194] closesocket (s=0x768) returned 0 [0293.195] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3053364, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3053844, pOutput=0x30537dc, pfContextAttr=0x30536f4, ptsExpiry=0x73ed80 | out: phNewContext=0x3053844, pOutput=0x30537dc, pfContextAttr=0x30536f4, ptsExpiry=0x73ed80) returned 0x90312 [0293.195] FreeContextBuffer (in: pvContextBuffer=0x57222e8 | out: pvContextBuffer=0x57222e8) returned 0x0 [0293.195] send (s=0x74c, buf=0x3053858*, len=366, flags=0) returned 366 [0293.196] recv (in: s=0x74c, buf=0x3053858, len=5, flags=0 | out: buf=0x3053858*) returned 5 [0293.209] recv (in: s=0x74c, buf=0x305385d, len=59, flags=0 | out: buf=0x305385d*) returned 59 [0293.210] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3053364, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3053a4c, Reserved2=0x0, phNewContext=0x3053844, pOutput=0x3053a60, pfContextAttr=0x30536f4, ptsExpiry=0x73ecdc | out: phNewContext=0x3053844, pOutput=0x3053a60, pfContextAttr=0x30536f4, ptsExpiry=0x73ecdc) returned 0x90312 [0293.210] recv (in: s=0x74c, buf=0x3053af0, len=5, flags=0 | out: buf=0x3053af0*) returned 5 [0293.211] recv (in: s=0x74c, buf=0x3053b09, len=1, flags=0 | out: buf=0x3053b09*) returned 1 [0293.211] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3053364, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3053b7c, Reserved2=0x0, phNewContext=0x3053844, pOutput=0x3053b90, pfContextAttr=0x30536f4, ptsExpiry=0x73ec3c | out: phNewContext=0x3053844, pOutput=0x3053b90, pfContextAttr=0x30536f4, ptsExpiry=0x73ec3c) returned 0x90312 [0293.212] recv (in: s=0x74c, buf=0x3053c20, len=5, flags=0 | out: buf=0x3053c20*) returned 5 [0293.212] recv (in: s=0x74c, buf=0x3053c39, len=40, flags=0 | out: buf=0x3053c39*) returned 40 [0293.212] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3053364, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3053cd4, Reserved2=0x0, phNewContext=0x3053844, pOutput=0x3053ce8, pfContextAttr=0x30536f4, ptsExpiry=0x73eb9c | out: phNewContext=0x3053844, pOutput=0x3053ce8, pfContextAttr=0x30536f4, ptsExpiry=0x73eb9c) returned 0x0 [0293.215] FreeContextBuffer (in: pvContextBuffer=0x571e868 | out: pvContextBuffer=0x571e868) returned 0x0 [0293.216] QueryContextAttributesW (in: phContext=0x3053844, ulAttribute=0x4, pBuffer=0x3053dd4 | out: pBuffer=0x3053dd4) returned 0x0 [0293.216] QueryContextAttributesW (in: phContext=0x3053844, ulAttribute=0x5a, pBuffer=0x3053e10 | out: pBuffer=0x3053e10) returned 0x0 [0293.216] QueryContextAttributesW (in: phContext=0x3053844, ulAttribute=0x53, pBuffer=0x3053e5c | out: pBuffer=0x3053e5c) returned 0x0 [0293.217] CertDuplicateCertificateContext (pCertContext=0x571e438) returned 0x571e438 [0293.218] CertDuplicateStore (hCertStore=0x570d698) returned 0x570d698 [0293.218] CertEnumCertificatesInStore (hCertStore=0x570d698, pPrevCertContext=0x0) returned 0x571e898 [0293.225] CertDuplicateCertificateContext (pCertContext=0x571e898) returned 0x571e898 [0293.225] CertEnumCertificatesInStore (hCertStore=0x570d698, pPrevCertContext=0x571e898) returned 0x571e438 [0293.226] CertDuplicateCertificateContext (pCertContext=0x571e438) returned 0x571e438 [0293.226] CertEnumCertificatesInStore (hCertStore=0x570d698, pPrevCertContext=0x571e438) returned 0x0 [0293.226] CertCloseStore (hCertStore=0x570d698, dwFlags=0x0) returned 1 [0293.226] CertFreeCRLContext (pCrlContext=0x571e438) returned 1 [0293.227] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d8f0 [0293.227] CertAddCRLLinkToStore (in: hCertStore=0x570d8f0, pCrlContext=0x571e898, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0293.227] CertAddCRLLinkToStore (in: hCertStore=0x570d8f0, pCrlContext=0x571e438, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0293.228] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x571b380 [0293.229] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e438, pTime=0x73ebb0, hAdditionalStore=0x570d8f0, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0293.229] LocalFree (hMem=0x571b380) returned 0x0 [0293.229] CertDuplicateCertificateChain (pChainContext=0x5727620) returned 0x5727620 [0293.230] CertDuplicateCertificateContext (pCertContext=0x571e438) returned 0x571e438 [0293.230] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0293.231] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0293.231] CertFreeCertificateChain (pChainContext=0x5727620) [0293.231] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5727620, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0293.231] SetLastError (dwErrCode=0x0) [0293.231] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5727620, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0293.231] CertFreeCertificateChain (pChainContext=0x5727620) [0293.232] CertFreeCRLContext (pCrlContext=0x571e438) returned 1 [0293.233] EncryptMessage (in: phContext=0x3053844, fQOP=0x0, pMessage=0x305558c, MessageSeqNo=0x0 | out: pMessage=0x305558c) returned 0x0 [0293.237] GetProcAddress (hModule=0x766d0000, lpProcName="WSASend") returned 0x766ddff0 [0293.237] CoTaskMemAlloc (cb=0x10) returned 0x9f3180 [0293.237] WSASend (in: s=0x74c, lpBuffers=0x9f3180*=((len=0x33, buf=0x3053d64*), (len=0x4f, buf=0x30554a8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0293.238] CoTaskMemFree (pv=0x9f3180) [0293.238] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0293.246] recv (in: s=0x74c, buf=0x30222dc, len=5, flags=0 | out: buf=0x30222dc*) returned 5 [0293.319] recv (in: s=0x74c, buf=0x30222e1, len=1393, flags=0 | out: buf=0x30222e1*) returned 1393 [0293.319] DecryptMessage (in: phContext=0x3053844, pMessage=0x3095bec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3095bec, pfQOP=0x0) returned 0x0 [0293.326] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0293.326] recv (in: s=0x74c, buf=0x30222dc, len=5, flags=0 | out: buf=0x30222dc*) returned 5 [0293.326] recv (in: s=0x74c, buf=0x30222e1, len=1393, flags=0 | out: buf=0x30222e1*) returned 1393 [0293.326] DecryptMessage (in: phContext=0x3053844, pMessage=0x3097680, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3097680, pfQOP=0x0) returned 0x0 [0293.327] recv (in: s=0x74c, buf=0x30222dc, len=5, flags=0 | out: buf=0x30222dc*) returned 5 [0293.327] recv (in: s=0x74c, buf=0x30222e1, len=1393, flags=0 | out: buf=0x30222e1*) returned 1393 [0293.327] DecryptMessage (in: phContext=0x3053844, pMessage=0x3098490, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3098490, pfQOP=0x0) returned 0x0 [0293.327] recv (in: s=0x74c, buf=0x30222dc, len=5, flags=0 | out: buf=0x30222dc*) returned 5 [0293.327] recv (in: s=0x74c, buf=0x30222e1, len=1393, flags=0 | out: buf=0x30222e1*) returned 1393 [0293.327] DecryptMessage (in: phContext=0x3053844, pMessage=0x30996cc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30996cc, pfQOP=0x0) returned 0x0 [0293.328] recv (in: s=0x74c, buf=0x30222dc, len=5, flags=0 | out: buf=0x30222dc*) returned 5 [0293.328] recv (in: s=0x74c, buf=0x30222e1, len=1393, flags=0 | out: buf=0x30222e1*) returned 1393 [0293.328] DecryptMessage (in: phContext=0x3053844, pMessage=0x30997e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30997e0, pfQOP=0x0) returned 0x0 [0293.328] recv (in: s=0x74c, buf=0x30222dc, len=5, flags=0 | out: buf=0x30222dc*) returned 5 [0293.328] recv (in: s=0x74c, buf=0x30222e1, len=1393, flags=0 | out: buf=0x30222e1*) returned 1393 [0293.329] DecryptMessage (in: phContext=0x3053844, pMessage=0x309bb44, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x309bb44, pfQOP=0x0) returned 0x0 [0293.329] recv (in: s=0x74c, buf=0x30222dc, len=5, flags=0 | out: buf=0x30222dc*) returned 5 [0293.329] recv (in: s=0x74c, buf=0x30222e1, len=1393, flags=0 | out: buf=0x30222e1*) returned 1393 [0293.329] DecryptMessage (in: phContext=0x3053844, pMessage=0x309bc58, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x309bc58, pfQOP=0x0) returned 0x0 [0293.329] recv (in: s=0x74c, buf=0x30222dc, len=5, flags=0 | out: buf=0x30222dc*) returned 5 [0293.329] recv (in: s=0x74c, buf=0x30222e1, len=1393, flags=0 | out: buf=0x30222e1*) returned 1393 [0293.329] DecryptMessage (in: phContext=0x3053844, pMessage=0x309bd6c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x309bd6c, pfQOP=0x0) returned 0x0 [0293.330] recv (in: s=0x74c, buf=0x30222dc, len=5, flags=0 | out: buf=0x30222dc*) returned 5 [0293.330] recv (in: s=0x74c, buf=0x30222e1, len=1393, flags=0 | out: buf=0x30222e1*) returned 1393 [0293.330] DecryptMessage (in: phContext=0x3053844, pMessage=0x30a0308, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a0308, pfQOP=0x0) returned 0x0 [0293.330] recv (in: s=0x74c, buf=0x30222dc, len=5, flags=0 | out: buf=0x30222dc*) returned 5 [0293.331] recv (in: s=0x74c, buf=0x30222e1, len=1393, flags=0 | out: buf=0x30222e1*) returned 1393 [0293.331] DecryptMessage (in: phContext=0x3053844, pMessage=0x30a041c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a041c, pfQOP=0x0) returned 0x0 [0293.334] recv (in: s=0x74c, buf=0x30222dc, len=5, flags=0 | out: buf=0x30222dc*) returned 5 [0293.334] recv (in: s=0x74c, buf=0x30222e1, len=1393, flags=0 | out: buf=0x30222e1*) returned 1393 [0293.335] DecryptMessage (in: phContext=0x3053844, pMessage=0x30a0530, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a0530, pfQOP=0x0) returned 0x0 [0293.335] recv (in: s=0x74c, buf=0x30222dc, len=5, flags=0 | out: buf=0x30222dc*) returned 5 [0293.335] recv (in: s=0x74c, buf=0x30222e1, len=1393, flags=0 | out: buf=0x30222e1*) returned 1393 [0293.335] DecryptMessage (in: phContext=0x3053844, pMessage=0x30a0644, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a0644, pfQOP=0x0) returned 0x0 [0293.335] recv (in: s=0x74c, buf=0x30222dc, len=5, flags=0 | out: buf=0x30222dc*) returned 5 [0293.335] recv (in: s=0x74c, buf=0x30222e1, len=51, flags=0 | out: buf=0x30222e1*) returned 51 [0293.336] DecryptMessage (in: phContext=0x3053844, pMessage=0x30a0758, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a0758, pfQOP=0x0) returned 0x0 [0293.336] SetEvent (hEvent=0x4a8) returned 1 [0293.336] QueryContextAttributesW (in: phContext=0x3053844, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0293.337] DeleteSecurityContext (phContext=0x3053844) returned 0x0 [0293.337] shutdown (s=0x74c, how=2) returned 0 [0293.338] closesocket (s=0x74c) returned 0 [0293.345] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743109783034) returned 1 [0293.345] SetEvent (hEvent=0x4a8) returned 1 [0293.349] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0293.349] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0293.350] WSAConnect (in: s=0x74c, name=0x30a3b3c*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0293.360] closesocket (s=0x768) returned 0 [0293.361] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x30a3b9c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x30a4088, pOutput=0x30a4020, pfContextAttr=0x30a3f2c, ptsExpiry=0x73ed80 | out: phNewContext=0x30a4088, pOutput=0x30a4020, pfContextAttr=0x30a3f2c, ptsExpiry=0x73ed80) returned 0x90312 [0293.361] FreeContextBuffer (in: pvContextBuffer=0x57262c0 | out: pvContextBuffer=0x57262c0) returned 0x0 [0293.361] send (s=0x74c, buf=0x30a409c*, len=366, flags=0) returned 366 [0293.362] recv (in: s=0x74c, buf=0x30a409c, len=5, flags=0 | out: buf=0x30a409c*) returned 5 [0293.372] recv (in: s=0x74c, buf=0x30a40a1, len=59, flags=0 | out: buf=0x30a40a1*) returned 59 [0293.372] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x30a3b9c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30a4290, Reserved2=0x0, phNewContext=0x30a4088, pOutput=0x30a42a4, pfContextAttr=0x30a3f2c, ptsExpiry=0x73ecdc | out: phNewContext=0x30a4088, pOutput=0x30a42a4, pfContextAttr=0x30a3f2c, ptsExpiry=0x73ecdc) returned 0x90312 [0293.374] recv (in: s=0x74c, buf=0x30a4334, len=5, flags=0 | out: buf=0x30a4334*) returned 5 [0293.374] recv (in: s=0x74c, buf=0x30a434d, len=1, flags=0 | out: buf=0x30a434d*) returned 1 [0293.375] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x30a3b9c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30a43c0, Reserved2=0x0, phNewContext=0x30a4088, pOutput=0x30a43d4, pfContextAttr=0x30a3f2c, ptsExpiry=0x73ec3c | out: phNewContext=0x30a4088, pOutput=0x30a43d4, pfContextAttr=0x30a3f2c, ptsExpiry=0x73ec3c) returned 0x90312 [0293.375] recv (in: s=0x74c, buf=0x30a4464, len=5, flags=0 | out: buf=0x30a4464*) returned 5 [0293.375] recv (in: s=0x74c, buf=0x30a447d, len=40, flags=0 | out: buf=0x30a447d*) returned 40 [0293.375] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x30a3b9c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30a4518, Reserved2=0x0, phNewContext=0x30a4088, pOutput=0x30a452c, pfContextAttr=0x30a3f2c, ptsExpiry=0x73eb9c | out: phNewContext=0x30a4088, pOutput=0x30a452c, pfContextAttr=0x30a3f2c, ptsExpiry=0x73eb9c) returned 0x0 [0293.377] FreeContextBuffer (in: pvContextBuffer=0x571e688 | out: pvContextBuffer=0x571e688) returned 0x0 [0293.377] QueryContextAttributesW (in: phContext=0x30a4088, ulAttribute=0x4, pBuffer=0x30a45fc | out: pBuffer=0x30a45fc) returned 0x0 [0293.377] QueryContextAttributesW (in: phContext=0x30a4088, ulAttribute=0x5a, pBuffer=0x30a4638 | out: pBuffer=0x30a4638) returned 0x0 [0293.378] QueryContextAttributesW (in: phContext=0x30a4088, ulAttribute=0x53, pBuffer=0x30a4684 | out: pBuffer=0x30a4684) returned 0x0 [0293.379] CertDuplicateCertificateContext (pCertContext=0x571e848) returned 0x571e848 [0293.379] CertDuplicateStore (hCertStore=0x570de90) returned 0x570de90 [0293.379] CertEnumCertificatesInStore (hCertStore=0x570de90, pPrevCertContext=0x0) returned 0x571e6b8 [0293.380] CertDuplicateCertificateContext (pCertContext=0x571e6b8) returned 0x571e6b8 [0293.380] CertEnumCertificatesInStore (hCertStore=0x570de90, pPrevCertContext=0x571e6b8) returned 0x571e848 [0293.380] CertDuplicateCertificateContext (pCertContext=0x571e848) returned 0x571e848 [0293.380] CertEnumCertificatesInStore (hCertStore=0x570de90, pPrevCertContext=0x571e848) returned 0x0 [0293.380] CertCloseStore (hCertStore=0x570de90, dwFlags=0x0) returned 1 [0293.380] CertFreeCRLContext (pCrlContext=0x571e848) returned 1 [0293.382] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d968 [0293.382] CertAddCRLLinkToStore (in: hCertStore=0x570d968, pCrlContext=0x571e6b8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0293.382] CertAddCRLLinkToStore (in: hCertStore=0x570d968, pCrlContext=0x571e848, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0293.383] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x57296e0 [0293.383] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e848, pTime=0x73ebb0, hAdditionalStore=0x570d968, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0293.383] LocalFree (hMem=0x57296e0) returned 0x0 [0293.384] CertDuplicateCertificateChain (pChainContext=0x57230f0) returned 0x57230f0 [0293.384] CertDuplicateCertificateContext (pCertContext=0x571e848) returned 0x571e848 [0293.385] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0293.385] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0293.385] CertFreeCertificateChain (pChainContext=0x57230f0) [0293.386] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x57230f0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0293.386] SetLastError (dwErrCode=0x0) [0293.386] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x57230f0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0293.386] CertFreeCertificateChain (pChainContext=0x57230f0) [0293.386] CertFreeCRLContext (pCrlContext=0x571e848) returned 1 [0293.387] EncryptMessage (in: phContext=0x30a4088, fQOP=0x0, pMessage=0x30a5da8, MessageSeqNo=0x0 | out: pMessage=0x30a5da8) returned 0x0 [0293.387] CoTaskMemAlloc (cb=0x10) returned 0x9f3120 [0293.387] WSASend (in: s=0x74c, lpBuffers=0x9f3120*=((len=0x33, buf=0x30a45a8*), (len=0x4f, buf=0x30a5cc4*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0293.392] CoTaskMemFree (pv=0x9f3120) [0293.392] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0293.392] recv (in: s=0x74c, buf=0x3091b2c, len=5, flags=0 | out: buf=0x3091b2c*) returned 5 [0293.439] recv (in: s=0x74c, buf=0x3091b31, len=1393, flags=0 | out: buf=0x3091b31*) returned 1393 [0293.439] DecryptMessage (in: phContext=0x30a4088, pMessage=0x30a5f14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a5f14, pfQOP=0x0) returned 0x0 [0293.440] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0293.440] recv (in: s=0x74c, buf=0x3091b2c, len=5, flags=0 | out: buf=0x3091b2c*) returned 5 [0293.440] recv (in: s=0x74c, buf=0x3091b31, len=1393, flags=0 | out: buf=0x3091b31*) returned 1393 [0293.443] DecryptMessage (in: phContext=0x30a4088, pMessage=0x30a79a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a79a8, pfQOP=0x0) returned 0x0 [0293.444] recv (in: s=0x74c, buf=0x3091b2c, len=5, flags=0 | out: buf=0x3091b2c*) returned 5 [0293.444] recv (in: s=0x74c, buf=0x3091b31, len=1393, flags=0 | out: buf=0x3091b31*) returned 1393 [0293.444] DecryptMessage (in: phContext=0x30a4088, pMessage=0x30a87b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a87b8, pfQOP=0x0) returned 0x0 [0293.444] recv (in: s=0x74c, buf=0x3091b2c, len=5, flags=0 | out: buf=0x3091b2c*) returned 5 [0293.445] recv (in: s=0x74c, buf=0x3091b31, len=1393, flags=0 | out: buf=0x3091b31*) returned 1393 [0293.445] DecryptMessage (in: phContext=0x30a4088, pMessage=0x30a99f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a99f4, pfQOP=0x0) returned 0x0 [0293.445] recv (in: s=0x74c, buf=0x3091b2c, len=5, flags=0 | out: buf=0x3091b2c*) returned 5 [0293.445] recv (in: s=0x74c, buf=0x3091b31, len=1393, flags=0 | out: buf=0x3091b31*) returned 1393 [0293.445] DecryptMessage (in: phContext=0x30a4088, pMessage=0x30a9b08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a9b08, pfQOP=0x0) returned 0x0 [0293.446] recv (in: s=0x74c, buf=0x3091b2c, len=5, flags=0 | out: buf=0x3091b2c*) returned 5 [0293.446] recv (in: s=0x74c, buf=0x3091b31, len=1393, flags=0 | out: buf=0x3091b31*) returned 1393 [0293.446] DecryptMessage (in: phContext=0x30a4088, pMessage=0x30abe6c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30abe6c, pfQOP=0x0) returned 0x0 [0293.446] recv (in: s=0x74c, buf=0x3091b2c, len=5, flags=0 | out: buf=0x3091b2c*) returned 5 [0293.447] recv (in: s=0x74c, buf=0x3091b31, len=1393, flags=0 | out: buf=0x3091b31*) returned 1393 [0293.447] DecryptMessage (in: phContext=0x30a4088, pMessage=0x30abf80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30abf80, pfQOP=0x0) returned 0x0 [0293.447] recv (in: s=0x74c, buf=0x3091b2c, len=5, flags=0 | out: buf=0x3091b2c*) returned 5 [0293.447] recv (in: s=0x74c, buf=0x3091b31, len=1393, flags=0 | out: buf=0x3091b31*) returned 1393 [0293.447] DecryptMessage (in: phContext=0x30a4088, pMessage=0x30ac094, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30ac094, pfQOP=0x0) returned 0x0 [0293.448] recv (in: s=0x74c, buf=0x3091b2c, len=5, flags=0 | out: buf=0x3091b2c*) returned 5 [0293.448] recv (in: s=0x74c, buf=0x3091b31, len=1393, flags=0 | out: buf=0x3091b31*) returned 1393 [0293.448] DecryptMessage (in: phContext=0x30a4088, pMessage=0x30b0630, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b0630, pfQOP=0x0) returned 0x0 [0293.449] recv (in: s=0x74c, buf=0x3091b2c, len=5, flags=0 | out: buf=0x3091b2c*) returned 5 [0293.449] recv (in: s=0x74c, buf=0x3091b31, len=1393, flags=0 | out: buf=0x3091b31*) returned 1393 [0293.449] DecryptMessage (in: phContext=0x30a4088, pMessage=0x30b0750, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b0750, pfQOP=0x0) returned 0x0 [0293.449] recv (in: s=0x74c, buf=0x3091b2c, len=5, flags=0 | out: buf=0x3091b2c*) returned 5 [0293.450] recv (in: s=0x74c, buf=0x3091b31, len=1393, flags=0 | out: buf=0x3091b31*) returned 1393 [0293.450] DecryptMessage (in: phContext=0x30a4088, pMessage=0x30b0864, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b0864, pfQOP=0x0) returned 0x0 [0293.450] recv (in: s=0x74c, buf=0x3091b2c, len=5, flags=0 | out: buf=0x3091b2c*) returned 5 [0293.450] recv (in: s=0x74c, buf=0x3091b31, len=1393, flags=0 | out: buf=0x3091b31*) returned 1393 [0293.450] DecryptMessage (in: phContext=0x30a4088, pMessage=0x30b0978, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b0978, pfQOP=0x0) returned 0x0 [0293.451] recv (in: s=0x74c, buf=0x3091b2c, len=5, flags=0 | out: buf=0x3091b2c*) returned 5 [0293.451] recv (in: s=0x74c, buf=0x3091b31, len=29, flags=0 | out: buf=0x3091b31*) returned 29 [0293.451] DecryptMessage (in: phContext=0x30a4088, pMessage=0x30b0a8c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b0a8c, pfQOP=0x0) returned 0x0 [0293.451] SetEvent (hEvent=0x4a8) returned 1 [0293.452] QueryContextAttributesW (in: phContext=0x30a4088, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0293.452] DeleteSecurityContext (phContext=0x30a4088) returned 0x0 [0293.459] shutdown (s=0x74c, how=2) returned 0 [0293.460] closesocket (s=0x74c) returned 0 [0293.468] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743122149825) returned 1 [0293.469] SetEvent (hEvent=0x4a8) returned 1 [0293.474] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0293.475] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0293.476] WSAConnect (in: s=0x74c, name=0x30b3e50*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0293.485] closesocket (s=0x768) returned 0 [0293.487] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x30b3ec4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x30b43b0, pOutput=0x30b4348, pfContextAttr=0x30b4260, ptsExpiry=0x73ed80 | out: phNewContext=0x30b43b0, pOutput=0x30b4348, pfContextAttr=0x30b4260, ptsExpiry=0x73ed80) returned 0x90312 [0293.489] FreeContextBuffer (in: pvContextBuffer=0x5725e28 | out: pvContextBuffer=0x5725e28) returned 0x0 [0293.490] send (s=0x74c, buf=0x30b43c4*, len=366, flags=0) returned 366 [0293.494] recv (in: s=0x74c, buf=0x30b43c4, len=5, flags=0 | out: buf=0x30b43c4*) returned 5 [0293.500] recv (in: s=0x74c, buf=0x30b43c9, len=59, flags=0 | out: buf=0x30b43c9*) returned 59 [0293.500] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x30b3ec4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30b45b8, Reserved2=0x0, phNewContext=0x30b43b0, pOutput=0x30b45cc, pfContextAttr=0x30b4260, ptsExpiry=0x73ecdc | out: phNewContext=0x30b43b0, pOutput=0x30b45cc, pfContextAttr=0x30b4260, ptsExpiry=0x73ecdc) returned 0x90312 [0293.501] recv (in: s=0x74c, buf=0x30b465c, len=5, flags=0 | out: buf=0x30b465c*) returned 5 [0293.501] recv (in: s=0x74c, buf=0x30b4675, len=1, flags=0 | out: buf=0x30b4675*) returned 1 [0293.501] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x30b3ec4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30b46e8, Reserved2=0x0, phNewContext=0x30b43b0, pOutput=0x30b46fc, pfContextAttr=0x30b4260, ptsExpiry=0x73ec3c | out: phNewContext=0x30b43b0, pOutput=0x30b46fc, pfContextAttr=0x30b4260, ptsExpiry=0x73ec3c) returned 0x90312 [0293.502] recv (in: s=0x74c, buf=0x30b478c, len=5, flags=0 | out: buf=0x30b478c*) returned 5 [0293.502] recv (in: s=0x74c, buf=0x30b47a5, len=40, flags=0 | out: buf=0x30b47a5*) returned 40 [0293.502] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x30b3ec4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30b4840, Reserved2=0x0, phNewContext=0x30b43b0, pOutput=0x30b4854, pfContextAttr=0x30b4260, ptsExpiry=0x73eb9c | out: phNewContext=0x30b43b0, pOutput=0x30b4854, pfContextAttr=0x30b4260, ptsExpiry=0x73eb9c) returned 0x0 [0293.510] FreeContextBuffer (in: pvContextBuffer=0x571e4a8 | out: pvContextBuffer=0x571e4a8) returned 0x0 [0293.510] QueryContextAttributesW (in: phContext=0x30b43b0, ulAttribute=0x4, pBuffer=0x30b4924 | out: pBuffer=0x30b4924) returned 0x0 [0293.510] QueryContextAttributesW (in: phContext=0x30b43b0, ulAttribute=0x5a, pBuffer=0x30b4960 | out: pBuffer=0x30b4960) returned 0x0 [0293.510] QueryContextAttributesW (in: phContext=0x30b43b0, ulAttribute=0x53, pBuffer=0x30b49ac | out: pBuffer=0x30b49ac) returned 0x0 [0293.511] CertDuplicateCertificateContext (pCertContext=0x571e4d8) returned 0x571e4d8 [0293.512] CertDuplicateStore (hCertStore=0x570d008) returned 0x570d008 [0293.512] CertEnumCertificatesInStore (hCertStore=0x570d008, pPrevCertContext=0x0) returned 0x571e528 [0293.512] CertDuplicateCertificateContext (pCertContext=0x571e528) returned 0x571e528 [0293.513] CertEnumCertificatesInStore (hCertStore=0x570d008, pPrevCertContext=0x571e528) returned 0x571e4d8 [0293.513] CertDuplicateCertificateContext (pCertContext=0x571e4d8) returned 0x571e4d8 [0293.513] CertEnumCertificatesInStore (hCertStore=0x570d008, pPrevCertContext=0x571e4d8) returned 0x0 [0293.513] CertCloseStore (hCertStore=0x570d008, dwFlags=0x0) returned 1 [0293.513] CertFreeCRLContext (pCrlContext=0x571e4d8) returned 1 [0293.515] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570db48 [0293.515] CertAddCRLLinkToStore (in: hCertStore=0x570db48, pCrlContext=0x571e528, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0293.515] CertAddCRLLinkToStore (in: hCertStore=0x570db48, pCrlContext=0x571e4d8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0293.516] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729800 [0293.517] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e4d8, pTime=0x73ebb0, hAdditionalStore=0x570db48, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0293.517] LocalFree (hMem=0x5729800) returned 0x0 [0293.517] CertDuplicateCertificateChain (pChainContext=0x5726f40) returned 0x5726f40 [0293.518] CertDuplicateCertificateContext (pCertContext=0x571e4d8) returned 0x571e4d8 [0293.630] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0293.631] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0293.631] CertFreeCertificateChain (pChainContext=0x5726f40) [0293.631] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5726f40, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0293.631] SetLastError (dwErrCode=0x0) [0293.631] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5726f40, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0293.632] CertFreeCertificateChain (pChainContext=0x5726f40) [0293.632] CertFreeCRLContext (pCrlContext=0x571e4d8) returned 1 [0293.633] EncryptMessage (in: phContext=0x30b43b0, fQOP=0x0, pMessage=0x30b60dc, MessageSeqNo=0x0 | out: pMessage=0x30b60dc) returned 0x0 [0293.633] CoTaskMemAlloc (cb=0x10) returned 0x9f3150 [0293.633] WSASend (in: s=0x74c, lpBuffers=0x9f3150*=((len=0x33, buf=0x30b48d0*), (len=0x4f, buf=0x30b5ff8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0293.634] CoTaskMemFree (pv=0x9f3150) [0293.634] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0293.634] recv (in: s=0x74c, buf=0x308da5c, len=5, flags=0 | out: buf=0x308da5c*) returned 5 [0293.679] recv (in: s=0x74c, buf=0x308da61, len=1393, flags=0 | out: buf=0x308da61*) returned 1393 [0293.680] DecryptMessage (in: phContext=0x30b43b0, pMessage=0x30b6248, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b6248, pfQOP=0x0) returned 0x0 [0293.680] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0293.680] recv (in: s=0x74c, buf=0x308da5c, len=5, flags=0 | out: buf=0x308da5c*) returned 5 [0293.680] recv (in: s=0x74c, buf=0x308da61, len=1393, flags=0 | out: buf=0x308da61*) returned 1393 [0293.681] DecryptMessage (in: phContext=0x30b43b0, pMessage=0x30b7cd0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b7cd0, pfQOP=0x0) returned 0x0 [0293.681] recv (in: s=0x74c, buf=0x308da5c, len=5, flags=0 | out: buf=0x308da5c*) returned 5 [0293.681] recv (in: s=0x74c, buf=0x308da61, len=1393, flags=0 | out: buf=0x308da61*) returned 1393 [0293.682] DecryptMessage (in: phContext=0x30b43b0, pMessage=0x30b8ae0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b8ae0, pfQOP=0x0) returned 0x0 [0293.682] recv (in: s=0x74c, buf=0x308da5c, len=5, flags=0 | out: buf=0x308da5c*) returned 5 [0293.682] recv (in: s=0x74c, buf=0x308da61, len=1393, flags=0 | out: buf=0x308da61*) returned 1393 [0293.682] DecryptMessage (in: phContext=0x30b43b0, pMessage=0x30b9d1c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b9d1c, pfQOP=0x0) returned 0x0 [0293.682] recv (in: s=0x74c, buf=0x308da5c, len=5, flags=0 | out: buf=0x308da5c*) returned 5 [0293.682] recv (in: s=0x74c, buf=0x308da61, len=1393, flags=0 | out: buf=0x308da61*) returned 1393 [0293.683] DecryptMessage (in: phContext=0x30b43b0, pMessage=0x30b9e30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b9e30, pfQOP=0x0) returned 0x0 [0293.683] recv (in: s=0x74c, buf=0x308da5c, len=5, flags=0 | out: buf=0x308da5c*) returned 5 [0293.684] recv (in: s=0x74c, buf=0x308da61, len=1393, flags=0 | out: buf=0x308da61*) returned 1393 [0293.684] DecryptMessage (in: phContext=0x30b43b0, pMessage=0x30bc194, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30bc194, pfQOP=0x0) returned 0x0 [0293.684] recv (in: s=0x74c, buf=0x308da5c, len=5, flags=0 | out: buf=0x308da5c*) returned 5 [0293.684] recv (in: s=0x74c, buf=0x308da61, len=1393, flags=0 | out: buf=0x308da61*) returned 1393 [0293.685] DecryptMessage (in: phContext=0x30b43b0, pMessage=0x30bc2b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30bc2b4, pfQOP=0x0) returned 0x0 [0293.685] recv (in: s=0x74c, buf=0x308da5c, len=5, flags=0 | out: buf=0x308da5c*) returned 5 [0293.685] recv (in: s=0x74c, buf=0x308da61, len=1393, flags=0 | out: buf=0x308da61*) returned 1393 [0293.685] DecryptMessage (in: phContext=0x30b43b0, pMessage=0x30bc3c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30bc3c8, pfQOP=0x0) returned 0x0 [0293.687] recv (in: s=0x74c, buf=0x308da5c, len=5, flags=0 | out: buf=0x308da5c*) returned 5 [0293.687] recv (in: s=0x74c, buf=0x308da61, len=1393, flags=0 | out: buf=0x308da61*) returned 1393 [0293.687] DecryptMessage (in: phContext=0x30b43b0, pMessage=0x30c0964, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c0964, pfQOP=0x0) returned 0x0 [0293.687] recv (in: s=0x74c, buf=0x308da5c, len=5, flags=0 | out: buf=0x308da5c*) returned 5 [0293.687] recv (in: s=0x74c, buf=0x308da61, len=1393, flags=0 | out: buf=0x308da61*) returned 1393 [0293.687] DecryptMessage (in: phContext=0x30b43b0, pMessage=0x30c0a78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c0a78, pfQOP=0x0) returned 0x0 [0293.688] recv (in: s=0x74c, buf=0x308da5c, len=5, flags=0 | out: buf=0x308da5c*) returned 5 [0293.688] recv (in: s=0x74c, buf=0x308da61, len=1393, flags=0 | out: buf=0x308da61*) returned 1393 [0293.688] DecryptMessage (in: phContext=0x30b43b0, pMessage=0x30c0b8c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c0b8c, pfQOP=0x0) returned 0x0 [0293.688] recv (in: s=0x74c, buf=0x308da5c, len=5, flags=0 | out: buf=0x308da5c*) returned 5 [0293.688] recv (in: s=0x74c, buf=0x308da61, len=1393, flags=0 | out: buf=0x308da61*) returned 1393 [0293.688] DecryptMessage (in: phContext=0x30b43b0, pMessage=0x30c0ca0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c0ca0, pfQOP=0x0) returned 0x0 [0293.689] recv (in: s=0x74c, buf=0x308da5c, len=5, flags=0 | out: buf=0x308da5c*) returned 5 [0293.689] recv (in: s=0x74c, buf=0x308da61, len=29, flags=0 | out: buf=0x308da61*) returned 29 [0293.689] DecryptMessage (in: phContext=0x30b43b0, pMessage=0x30c0db4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c0db4, pfQOP=0x0) returned 0x0 [0293.689] SetEvent (hEvent=0x4a8) returned 1 [0293.690] QueryContextAttributesW (in: phContext=0x30b43b0, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0293.690] DeleteSecurityContext (phContext=0x30b43b0) returned 0x0 [0293.700] shutdown (s=0x74c, how=2) returned 0 [0293.701] closesocket (s=0x74c) returned 0 [0293.709] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743146248368) returned 1 [0293.710] SetEvent (hEvent=0x4a8) returned 1 [0293.711] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0293.712] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0293.713] WSAConnect (in: s=0x74c, name=0x30c418c*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0293.723] closesocket (s=0x768) returned 0 [0293.725] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x30c41ec, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x30c46d8, pOutput=0x30c4664, pfContextAttr=0x30c457c, ptsExpiry=0x73ed80 | out: phNewContext=0x30c46d8, pOutput=0x30c4664, pfContextAttr=0x30c457c, ptsExpiry=0x73ed80) returned 0x90312 [0293.725] FreeContextBuffer (in: pvContextBuffer=0x5726138 | out: pvContextBuffer=0x5726138) returned 0x0 [0293.725] send (s=0x74c, buf=0x30c46ec*, len=366, flags=0) returned 366 [0293.726] recv (in: s=0x74c, buf=0x30c46ec, len=5, flags=0 | out: buf=0x30c46ec*) returned 5 [0293.736] recv (in: s=0x74c, buf=0x30c46f1, len=59, flags=0 | out: buf=0x30c46f1*) returned 59 [0293.736] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x30c41ec, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30c48e0, Reserved2=0x0, phNewContext=0x30c46d8, pOutput=0x30c48f4, pfContextAttr=0x30c457c, ptsExpiry=0x73ecdc | out: phNewContext=0x30c46d8, pOutput=0x30c48f4, pfContextAttr=0x30c457c, ptsExpiry=0x73ecdc) returned 0x90312 [0293.737] recv (in: s=0x74c, buf=0x30c4984, len=5, flags=0 | out: buf=0x30c4984*) returned 5 [0293.737] recv (in: s=0x74c, buf=0x30c499d, len=1, flags=0 | out: buf=0x30c499d*) returned 1 [0293.737] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x30c41ec, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30c4a10, Reserved2=0x0, phNewContext=0x30c46d8, pOutput=0x30c4a24, pfContextAttr=0x30c457c, ptsExpiry=0x73ec3c | out: phNewContext=0x30c46d8, pOutput=0x30c4a24, pfContextAttr=0x30c457c, ptsExpiry=0x73ec3c) returned 0x90312 [0293.738] recv (in: s=0x74c, buf=0x30c4ab4, len=5, flags=0 | out: buf=0x30c4ab4*) returned 5 [0293.738] recv (in: s=0x74c, buf=0x30c4acd, len=40, flags=0 | out: buf=0x30c4acd*) returned 40 [0293.739] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x30c41ec, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30c4b68, Reserved2=0x0, phNewContext=0x30c46d8, pOutput=0x30c4b7c, pfContextAttr=0x30c457c, ptsExpiry=0x73eb9c | out: phNewContext=0x30c46d8, pOutput=0x30c4b7c, pfContextAttr=0x30c457c, ptsExpiry=0x73eb9c) returned 0x0 [0293.741] FreeContextBuffer (in: pvContextBuffer=0x571ddc8 | out: pvContextBuffer=0x571ddc8) returned 0x0 [0293.741] QueryContextAttributesW (in: phContext=0x30c46d8, ulAttribute=0x4, pBuffer=0x30c4c4c | out: pBuffer=0x30c4c4c) returned 0x0 [0293.741] QueryContextAttributesW (in: phContext=0x30c46d8, ulAttribute=0x5a, pBuffer=0x30c4c88 | out: pBuffer=0x30c4c88) returned 0x0 [0293.742] QueryContextAttributesW (in: phContext=0x30c46d8, ulAttribute=0x53, pBuffer=0x30c4cd4 | out: pBuffer=0x30c4cd4) returned 0x0 [0293.742] CertDuplicateCertificateContext (pCertContext=0x571dad8) returned 0x571dad8 [0293.743] CertDuplicateStore (hCertStore=0x570d440) returned 0x570d440 [0293.743] CertEnumCertificatesInStore (hCertStore=0x570d440, pPrevCertContext=0x0) returned 0x571de48 [0293.743] CertDuplicateCertificateContext (pCertContext=0x571de48) returned 0x571de48 [0293.744] CertEnumCertificatesInStore (hCertStore=0x570d440, pPrevCertContext=0x571de48) returned 0x571dad8 [0293.744] CertDuplicateCertificateContext (pCertContext=0x571dad8) returned 0x571dad8 [0293.744] CertEnumCertificatesInStore (hCertStore=0x570d440, pPrevCertContext=0x571dad8) returned 0x0 [0293.744] CertCloseStore (hCertStore=0x570d440, dwFlags=0x0) returned 1 [0293.744] CertFreeCRLContext (pCrlContext=0x571dad8) returned 1 [0293.745] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d080 [0293.746] CertAddCRLLinkToStore (in: hCertStore=0x570d080, pCrlContext=0x571de48, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0293.746] CertAddCRLLinkToStore (in: hCertStore=0x570d080, pCrlContext=0x571dad8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0293.747] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729980 [0293.747] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571dad8, pTime=0x73ebb0, hAdditionalStore=0x570d080, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0293.748] LocalFree (hMem=0x5729980) returned 0x0 [0293.748] CertDuplicateCertificateChain (pChainContext=0x5728458) returned 0x5728458 [0293.748] CertDuplicateCertificateContext (pCertContext=0x571dad8) returned 0x571dad8 [0293.749] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0293.750] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0293.750] CertFreeCertificateChain (pChainContext=0x5728458) [0293.750] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5728458, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0293.750] SetLastError (dwErrCode=0x0) [0293.750] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5728458, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0293.750] CertFreeCertificateChain (pChainContext=0x5728458) [0293.751] CertFreeCRLContext (pCrlContext=0x571dad8) returned 1 [0293.751] EncryptMessage (in: phContext=0x30c46d8, fQOP=0x0, pMessage=0x30c63f8, MessageSeqNo=0x0 | out: pMessage=0x30c63f8) returned 0x0 [0293.752] CoTaskMemAlloc (cb=0x10) returned 0x9f32a0 [0293.752] WSASend (in: s=0x74c, lpBuffers=0x9f32a0*=((len=0x33, buf=0x30c4bf8*), (len=0x4f, buf=0x30c6314*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0293.754] CoTaskMemFree (pv=0x9f32a0) [0293.754] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0293.754] recv (in: s=0x74c, buf=0x3089a18, len=5, flags=0 | out: buf=0x3089a18*) returned 5 [0293.770] recv (in: s=0x74c, buf=0x3089a1d, len=1393, flags=0 | out: buf=0x3089a1d*) returned 1393 [0293.770] DecryptMessage (in: phContext=0x30c46d8, pMessage=0x30c6564, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c6564, pfQOP=0x0) returned 0x0 [0293.771] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0293.771] recv (in: s=0x74c, buf=0x3089a18, len=5, flags=0 | out: buf=0x3089a18*) returned 5 [0293.771] recv (in: s=0x74c, buf=0x3089a1d, len=1393, flags=0 | out: buf=0x3089a1d*) returned 1393 [0293.772] DecryptMessage (in: phContext=0x30c46d8, pMessage=0x30c7ff8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c7ff8, pfQOP=0x0) returned 0x0 [0293.772] recv (in: s=0x74c, buf=0x3089a18, len=5, flags=0 | out: buf=0x3089a18*) returned 5 [0293.772] recv (in: s=0x74c, buf=0x3089a1d, len=1393, flags=0 | out: buf=0x3089a1d*) returned 1393 [0293.773] DecryptMessage (in: phContext=0x30c46d8, pMessage=0x30c8e08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c8e08, pfQOP=0x0) returned 0x0 [0293.773] recv (in: s=0x74c, buf=0x3089a18, len=5, flags=0 | out: buf=0x3089a18*) returned 5 [0293.773] recv (in: s=0x74c, buf=0x3089a1d, len=1393, flags=0 | out: buf=0x3089a1d*) returned 1393 [0293.773] DecryptMessage (in: phContext=0x30c46d8, pMessage=0x30ca044, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30ca044, pfQOP=0x0) returned 0x0 [0293.773] recv (in: s=0x74c, buf=0x3089a18, len=5, flags=0 | out: buf=0x3089a18*) returned 5 [0293.774] recv (in: s=0x74c, buf=0x3089a1d, len=1393, flags=0 | out: buf=0x3089a1d*) returned 1393 [0293.774] DecryptMessage (in: phContext=0x30c46d8, pMessage=0x30ca158, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30ca158, pfQOP=0x0) returned 0x0 [0293.774] recv (in: s=0x74c, buf=0x3089a18, len=5, flags=0 | out: buf=0x3089a18*) returned 5 [0293.775] recv (in: s=0x74c, buf=0x3089a1d, len=1393, flags=0 | out: buf=0x3089a1d*) returned 1393 [0293.775] DecryptMessage (in: phContext=0x30c46d8, pMessage=0x30cc4bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30cc4bc, pfQOP=0x0) returned 0x0 [0293.775] recv (in: s=0x74c, buf=0x3089a18, len=5, flags=0 | out: buf=0x3089a18*) returned 5 [0293.775] recv (in: s=0x74c, buf=0x3089a1d, len=1393, flags=0 | out: buf=0x3089a1d*) returned 1393 [0293.775] DecryptMessage (in: phContext=0x30c46d8, pMessage=0x30cc5d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30cc5d0, pfQOP=0x0) returned 0x0 [0293.776] recv (in: s=0x74c, buf=0x3089a18, len=5, flags=0 | out: buf=0x3089a18*) returned 5 [0293.776] recv (in: s=0x74c, buf=0x3089a1d, len=1393, flags=0 | out: buf=0x3089a1d*) returned 1393 [0293.776] DecryptMessage (in: phContext=0x30c46d8, pMessage=0x30cc6e4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30cc6e4, pfQOP=0x0) returned 0x0 [0293.777] recv (in: s=0x74c, buf=0x3089a18, len=5, flags=0 | out: buf=0x3089a18*) returned 5 [0293.777] recv (in: s=0x74c, buf=0x3089a1d, len=1393, flags=0 | out: buf=0x3089a1d*) returned 1393 [0293.777] DecryptMessage (in: phContext=0x30c46d8, pMessage=0x30d0c80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d0c80, pfQOP=0x0) returned 0x0 [0293.777] recv (in: s=0x74c, buf=0x3089a18, len=5, flags=0 | out: buf=0x3089a18*) returned 5 [0293.778] recv (in: s=0x74c, buf=0x3089a1d, len=1393, flags=0 | out: buf=0x3089a1d*) returned 1393 [0293.778] DecryptMessage (in: phContext=0x30c46d8, pMessage=0x30d0da0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d0da0, pfQOP=0x0) returned 0x0 [0293.778] recv (in: s=0x74c, buf=0x3089a18, len=5, flags=0 | out: buf=0x3089a18*) returned 5 [0293.778] recv (in: s=0x74c, buf=0x3089a1d, len=1393, flags=0 | out: buf=0x3089a1d*) returned 1393 [0293.779] DecryptMessage (in: phContext=0x30c46d8, pMessage=0x30d0eb4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d0eb4, pfQOP=0x0) returned 0x0 [0293.779] recv (in: s=0x74c, buf=0x3089a18, len=5, flags=0 | out: buf=0x3089a18*) returned 5 [0293.779] recv (in: s=0x74c, buf=0x3089a1d, len=1393, flags=0 | out: buf=0x3089a1d*) returned 1393 [0293.779] DecryptMessage (in: phContext=0x30c46d8, pMessage=0x30d0fc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d0fc8, pfQOP=0x0) returned 0x0 [0293.779] recv (in: s=0x74c, buf=0x3089a18, len=5, flags=0 | out: buf=0x3089a18*) returned 5 [0293.779] recv (in: s=0x74c, buf=0x3089a1d, len=51, flags=0 | out: buf=0x3089a1d*) returned 51 [0293.780] DecryptMessage (in: phContext=0x30c46d8, pMessage=0x30d10dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d10dc, pfQOP=0x0) returned 0x0 [0293.780] SetEvent (hEvent=0x4a8) returned 1 [0293.780] QueryContextAttributesW (in: phContext=0x30c46d8, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0293.780] DeleteSecurityContext (phContext=0x30c46d8) returned 0x0 [0293.781] shutdown (s=0x74c, how=2) returned 0 [0293.782] closesocket (s=0x74c) returned 0 [0293.790] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743154313044) returned 1 [0293.790] SetEvent (hEvent=0x4a8) returned 1 [0293.792] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0293.793] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0293.794] WSAConnect (in: s=0x74c, name=0x30d44c0*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0293.805] closesocket (s=0x768) returned 0 [0293.806] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x30d4520, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x30d4a00, pOutput=0x30d4998, pfContextAttr=0x30d48b0, ptsExpiry=0x73ed80 | out: phNewContext=0x30d4a00, pOutput=0x30d4998, pfContextAttr=0x30d48b0, ptsExpiry=0x73ed80) returned 0x90312 [0293.807] FreeContextBuffer (in: pvContextBuffer=0x5726a68 | out: pvContextBuffer=0x5726a68) returned 0x0 [0293.807] send (s=0x74c, buf=0x30d4a14*, len=366, flags=0) returned 366 [0293.807] recv (in: s=0x74c, buf=0x30d4a14, len=5, flags=0 | out: buf=0x30d4a14*) returned 5 [0293.817] recv (in: s=0x74c, buf=0x30d4a19, len=59, flags=0 | out: buf=0x30d4a19*) returned 59 [0293.817] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x30d4520, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30d4c08, Reserved2=0x0, phNewContext=0x30d4a00, pOutput=0x30d4c1c, pfContextAttr=0x30d48b0, ptsExpiry=0x73ecdc | out: phNewContext=0x30d4a00, pOutput=0x30d4c1c, pfContextAttr=0x30d48b0, ptsExpiry=0x73ecdc) returned 0x90312 [0293.817] recv (in: s=0x74c, buf=0x30d4cac, len=5, flags=0 | out: buf=0x30d4cac*) returned 5 [0293.817] recv (in: s=0x74c, buf=0x30d4cc5, len=1, flags=0 | out: buf=0x30d4cc5*) returned 1 [0293.818] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x30d4520, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30d4d38, Reserved2=0x0, phNewContext=0x30d4a00, pOutput=0x30d4d4c, pfContextAttr=0x30d48b0, ptsExpiry=0x73ec3c | out: phNewContext=0x30d4a00, pOutput=0x30d4d4c, pfContextAttr=0x30d48b0, ptsExpiry=0x73ec3c) returned 0x90312 [0293.818] recv (in: s=0x74c, buf=0x30d4ddc, len=5, flags=0 | out: buf=0x30d4ddc*) returned 5 [0293.818] recv (in: s=0x74c, buf=0x30d4df5, len=40, flags=0 | out: buf=0x30d4df5*) returned 40 [0293.819] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x30d4520, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30d4e90, Reserved2=0x0, phNewContext=0x30d4a00, pOutput=0x30d4ea4, pfContextAttr=0x30d48b0, ptsExpiry=0x73eb9c | out: phNewContext=0x30d4a00, pOutput=0x30d4ea4, pfContextAttr=0x30d48b0, ptsExpiry=0x73eb9c) returned 0x0 [0293.820] FreeContextBuffer (in: pvContextBuffer=0x571dff8 | out: pvContextBuffer=0x571dff8) returned 0x0 [0293.820] QueryContextAttributesW (in: phContext=0x30d4a00, ulAttribute=0x4, pBuffer=0x30d4f74 | out: pBuffer=0x30d4f74) returned 0x0 [0293.820] QueryContextAttributesW (in: phContext=0x30d4a00, ulAttribute=0x5a, pBuffer=0x30d4fb0 | out: pBuffer=0x30d4fb0) returned 0x0 [0293.820] QueryContextAttributesW (in: phContext=0x30d4a00, ulAttribute=0x53, pBuffer=0x30d4ffc | out: pBuffer=0x30d4ffc) returned 0x0 [0293.821] CertDuplicateCertificateContext (pCertContext=0x571db28) returned 0x571db28 [0293.822] CertDuplicateStore (hCertStore=0x570dbc0) returned 0x570dbc0 [0293.822] CertEnumCertificatesInStore (hCertStore=0x570dbc0, pPrevCertContext=0x0) returned 0x571db78 [0293.822] CertDuplicateCertificateContext (pCertContext=0x571db78) returned 0x571db78 [0293.822] CertEnumCertificatesInStore (hCertStore=0x570dbc0, pPrevCertContext=0x571db78) returned 0x571db28 [0293.823] CertDuplicateCertificateContext (pCertContext=0x571db28) returned 0x571db28 [0293.823] CertEnumCertificatesInStore (hCertStore=0x570dbc0, pPrevCertContext=0x571db28) returned 0x0 [0293.823] CertCloseStore (hCertStore=0x570dbc0, dwFlags=0x0) returned 1 [0293.823] CertFreeCRLContext (pCrlContext=0x571db28) returned 1 [0293.824] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d170 [0293.824] CertAddCRLLinkToStore (in: hCertStore=0x570d170, pCrlContext=0x571db78, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0293.824] CertAddCRLLinkToStore (in: hCertStore=0x570d170, pCrlContext=0x571db28, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0293.825] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729a40 [0293.825] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571db28, pTime=0x73ebb0, hAdditionalStore=0x570d170, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0293.826] LocalFree (hMem=0x5729a40) returned 0x0 [0293.826] CertDuplicateCertificateChain (pChainContext=0x572b328) returned 0x572b328 [0293.827] CertDuplicateCertificateContext (pCertContext=0x571db28) returned 0x571db28 [0293.827] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0293.828] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0293.828] CertFreeCertificateChain (pChainContext=0x572b328) [0293.828] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x572b328, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0293.828] SetLastError (dwErrCode=0x0) [0293.828] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x572b328, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0293.829] CertFreeCertificateChain (pChainContext=0x572b328) [0293.829] CertFreeCRLContext (pCrlContext=0x571db28) returned 1 [0293.830] EncryptMessage (in: phContext=0x30d4a00, fQOP=0x0, pMessage=0x30d672c, MessageSeqNo=0x0 | out: pMessage=0x30d672c) returned 0x0 [0293.830] CoTaskMemAlloc (cb=0x10) returned 0x9f3270 [0293.830] WSASend (in: s=0x74c, lpBuffers=0x9f3270*=((len=0x33, buf=0x30d4f20*), (len=0x4f, buf=0x30d6648*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0293.830] CoTaskMemFree (pv=0x9f3270) [0293.831] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0293.831] recv (in: s=0x74c, buf=0x30859d4, len=5, flags=0 | out: buf=0x30859d4*) returned 5 [0293.853] recv (in: s=0x74c, buf=0x30859d9, len=1393, flags=0 | out: buf=0x30859d9*) returned 1393 [0293.853] DecryptMessage (in: phContext=0x30d4a00, pMessage=0x30d6898, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d6898, pfQOP=0x0) returned 0x0 [0293.854] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0293.854] recv (in: s=0x74c, buf=0x30859d4, len=5, flags=0 | out: buf=0x30859d4*) returned 5 [0293.854] recv (in: s=0x74c, buf=0x30859d9, len=1393, flags=0 | out: buf=0x30859d9*) returned 1393 [0293.855] DecryptMessage (in: phContext=0x30d4a00, pMessage=0x30d832c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d832c, pfQOP=0x0) returned 0x0 [0293.855] recv (in: s=0x74c, buf=0x30859d4, len=5, flags=0 | out: buf=0x30859d4*) returned 5 [0293.855] recv (in: s=0x74c, buf=0x30859d9, len=1393, flags=0 | out: buf=0x30859d9*) returned 1393 [0293.855] DecryptMessage (in: phContext=0x30d4a00, pMessage=0x30d9130, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d9130, pfQOP=0x0) returned 0x0 [0293.856] recv (in: s=0x74c, buf=0x30859d4, len=5, flags=0 | out: buf=0x30859d4*) returned 5 [0293.856] recv (in: s=0x74c, buf=0x30859d9, len=1393, flags=0 | out: buf=0x30859d9*) returned 1393 [0293.856] DecryptMessage (in: phContext=0x30d4a00, pMessage=0x30da378, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30da378, pfQOP=0x0) returned 0x0 [0293.856] recv (in: s=0x74c, buf=0x30859d4, len=5, flags=0 | out: buf=0x30859d4*) returned 5 [0293.856] recv (in: s=0x74c, buf=0x30859d9, len=1393, flags=0 | out: buf=0x30859d9*) returned 1393 [0293.856] DecryptMessage (in: phContext=0x30d4a00, pMessage=0x30da48c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30da48c, pfQOP=0x0) returned 0x0 [0293.857] recv (in: s=0x74c, buf=0x30859d4, len=5, flags=0 | out: buf=0x30859d4*) returned 5 [0293.857] recv (in: s=0x74c, buf=0x30859d9, len=1393, flags=0 | out: buf=0x30859d9*) returned 1393 [0293.857] DecryptMessage (in: phContext=0x30d4a00, pMessage=0x30dc7f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30dc7f0, pfQOP=0x0) returned 0x0 [0293.857] recv (in: s=0x74c, buf=0x30859d4, len=5, flags=0 | out: buf=0x30859d4*) returned 5 [0293.858] recv (in: s=0x74c, buf=0x30859d9, len=1393, flags=0 | out: buf=0x30859d9*) returned 1393 [0293.858] DecryptMessage (in: phContext=0x30d4a00, pMessage=0x30dc904, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30dc904, pfQOP=0x0) returned 0x0 [0293.858] recv (in: s=0x74c, buf=0x30859d4, len=5, flags=0 | out: buf=0x30859d4*) returned 5 [0293.858] recv (in: s=0x74c, buf=0x30859d9, len=1393, flags=0 | out: buf=0x30859d9*) returned 1393 [0293.858] DecryptMessage (in: phContext=0x30d4a00, pMessage=0x30dca18, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30dca18, pfQOP=0x0) returned 0x0 [0293.865] recv (in: s=0x74c, buf=0x30859d4, len=5, flags=0 | out: buf=0x30859d4*) returned 5 [0293.865] recv (in: s=0x74c, buf=0x30859d9, len=1393, flags=0 | out: buf=0x30859d9*) returned 1393 [0293.865] DecryptMessage (in: phContext=0x30d4a00, pMessage=0x30e0fb4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e0fb4, pfQOP=0x0) returned 0x0 [0293.865] recv (in: s=0x74c, buf=0x30859d4, len=5, flags=0 | out: buf=0x30859d4*) returned 5 [0293.865] recv (in: s=0x74c, buf=0x30859d9, len=1393, flags=0 | out: buf=0x30859d9*) returned 1393 [0293.866] DecryptMessage (in: phContext=0x30d4a00, pMessage=0x30e10c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e10c8, pfQOP=0x0) returned 0x0 [0293.866] recv (in: s=0x74c, buf=0x30859d4, len=5, flags=0 | out: buf=0x30859d4*) returned 5 [0293.866] recv (in: s=0x74c, buf=0x30859d9, len=1393, flags=0 | out: buf=0x30859d9*) returned 1393 [0293.866] DecryptMessage (in: phContext=0x30d4a00, pMessage=0x30e11dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e11dc, pfQOP=0x0) returned 0x0 [0293.866] recv (in: s=0x74c, buf=0x30859d4, len=5, flags=0 | out: buf=0x30859d4*) returned 5 [0293.866] recv (in: s=0x74c, buf=0x30859d9, len=1393, flags=0 | out: buf=0x30859d9*) returned 1393 [0293.867] DecryptMessage (in: phContext=0x30d4a00, pMessage=0x30e12f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e12f0, pfQOP=0x0) returned 0x0 [0293.867] recv (in: s=0x74c, buf=0x30859d4, len=5, flags=0 | out: buf=0x30859d4*) returned 5 [0293.867] recv (in: s=0x74c, buf=0x30859d9, len=51, flags=0 | out: buf=0x30859d9*) returned 51 [0293.867] DecryptMessage (in: phContext=0x30d4a00, pMessage=0x30e1404, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e1404, pfQOP=0x0) returned 0x0 [0293.867] SetEvent (hEvent=0x4a8) returned 1 [0293.868] QueryContextAttributesW (in: phContext=0x30d4a00, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0293.868] DeleteSecurityContext (phContext=0x30d4a00) returned 0x0 [0293.871] shutdown (s=0x74c, how=2) returned 0 [0293.873] closesocket (s=0x74c) returned 0 [0293.881] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743163409235) returned 1 [0293.881] SetEvent (hEvent=0x4a8) returned 1 [0293.885] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0293.886] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0293.886] WSAConnect (in: s=0x74c, name=0x30e47d4*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0293.900] closesocket (s=0x768) returned 0 [0293.901] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x30e4848, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x30e4d28, pOutput=0x30e4cc0, pfContextAttr=0x30e4bd8, ptsExpiry=0x73ed80 | out: phNewContext=0x30e4d28, pOutput=0x30e4cc0, pfContextAttr=0x30e4bd8, ptsExpiry=0x73ed80) returned 0x90312 [0293.901] FreeContextBuffer (in: pvContextBuffer=0x5725e28 | out: pvContextBuffer=0x5725e28) returned 0x0 [0293.901] send (s=0x74c, buf=0x30e4d3c*, len=366, flags=0) returned 366 [0293.902] recv (in: s=0x74c, buf=0x30e4d3c, len=5, flags=0 | out: buf=0x30e4d3c*) returned 5 [0293.913] recv (in: s=0x74c, buf=0x30e4d41, len=59, flags=0 | out: buf=0x30e4d41*) returned 59 [0293.914] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x30e4848, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30e4f30, Reserved2=0x0, phNewContext=0x30e4d28, pOutput=0x30e4f44, pfContextAttr=0x30e4bd8, ptsExpiry=0x73ecdc | out: phNewContext=0x30e4d28, pOutput=0x30e4f44, pfContextAttr=0x30e4bd8, ptsExpiry=0x73ecdc) returned 0x90312 [0293.916] recv (in: s=0x74c, buf=0x30e4fd4, len=5, flags=0 | out: buf=0x30e4fd4*) returned 5 [0293.917] recv (in: s=0x74c, buf=0x30e4fed, len=1, flags=0 | out: buf=0x30e4fed*) returned 1 [0293.917] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x30e4848, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30e5060, Reserved2=0x0, phNewContext=0x30e4d28, pOutput=0x30e5074, pfContextAttr=0x30e4bd8, ptsExpiry=0x73ec3c | out: phNewContext=0x30e4d28, pOutput=0x30e5074, pfContextAttr=0x30e4bd8, ptsExpiry=0x73ec3c) returned 0x90312 [0293.917] recv (in: s=0x74c, buf=0x30e5104, len=5, flags=0 | out: buf=0x30e5104*) returned 5 [0293.918] recv (in: s=0x74c, buf=0x30e511d, len=40, flags=0 | out: buf=0x30e511d*) returned 40 [0293.918] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x30e4848, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30e51b8, Reserved2=0x0, phNewContext=0x30e4d28, pOutput=0x30e51cc, pfContextAttr=0x30e4bd8, ptsExpiry=0x73eb9c | out: phNewContext=0x30e4d28, pOutput=0x30e51cc, pfContextAttr=0x30e4bd8, ptsExpiry=0x73eb9c) returned 0x0 [0293.920] FreeContextBuffer (in: pvContextBuffer=0x571deb8 | out: pvContextBuffer=0x571deb8) returned 0x0 [0293.920] QueryContextAttributesW (in: phContext=0x30e4d28, ulAttribute=0x4, pBuffer=0x30e529c | out: pBuffer=0x30e529c) returned 0x0 [0293.921] QueryContextAttributesW (in: phContext=0x30e4d28, ulAttribute=0x5a, pBuffer=0x30e52d8 | out: pBuffer=0x30e52d8) returned 0x0 [0293.921] QueryContextAttributesW (in: phContext=0x30e4d28, ulAttribute=0x53, pBuffer=0x30e5324 | out: pBuffer=0x30e5324) returned 0x0 [0293.921] CertDuplicateCertificateContext (pCertContext=0x571e1b8) returned 0x571e1b8 [0293.922] CertDuplicateStore (hCertStore=0x570d260) returned 0x570d260 [0293.922] CertEnumCertificatesInStore (hCertStore=0x570d260, pPrevCertContext=0x0) returned 0x571dd58 [0293.923] CertDuplicateCertificateContext (pCertContext=0x571dd58) returned 0x571dd58 [0293.923] CertEnumCertificatesInStore (hCertStore=0x570d260, pPrevCertContext=0x571dd58) returned 0x571e1b8 [0293.923] CertDuplicateCertificateContext (pCertContext=0x571e1b8) returned 0x571e1b8 [0293.923] CertEnumCertificatesInStore (hCertStore=0x570d260, pPrevCertContext=0x571e1b8) returned 0x0 [0293.923] CertCloseStore (hCertStore=0x570d260, dwFlags=0x0) returned 1 [0293.924] CertFreeCRLContext (pCrlContext=0x571e1b8) returned 1 [0293.925] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d4b8 [0293.926] CertAddCRLLinkToStore (in: hCertStore=0x570d4b8, pCrlContext=0x571dd58, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0293.930] CertAddCRLLinkToStore (in: hCertStore=0x570d4b8, pCrlContext=0x571e1b8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0293.931] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729700 [0293.931] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e1b8, pTime=0x73ebb0, hAdditionalStore=0x570d4b8, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0293.931] LocalFree (hMem=0x5729700) returned 0x0 [0293.932] CertDuplicateCertificateChain (pChainContext=0x5727b90) returned 0x5727b90 [0293.932] CertDuplicateCertificateContext (pCertContext=0x571e1b8) returned 0x571e1b8 [0293.933] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0293.933] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0293.933] CertFreeCertificateChain (pChainContext=0x5727b90) [0293.934] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5727b90, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0293.934] SetLastError (dwErrCode=0x0) [0293.934] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5727b90, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0293.934] CertFreeCertificateChain (pChainContext=0x5727b90) [0293.935] CertFreeCRLContext (pCrlContext=0x571e1b8) returned 1 [0293.935] EncryptMessage (in: phContext=0x30e4d28, fQOP=0x0, pMessage=0x30e6a54, MessageSeqNo=0x0 | out: pMessage=0x30e6a54) returned 0x0 [0293.935] CoTaskMemAlloc (cb=0x10) returned 0x9f3270 [0293.936] WSASend (in: s=0x74c, lpBuffers=0x9f3270*=((len=0x33, buf=0x30e5248*), (len=0x4f, buf=0x30e6970*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0293.936] CoTaskMemFree (pv=0x9f3270) [0293.936] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0293.937] recv (in: s=0x74c, buf=0x3081990, len=5, flags=0 | out: buf=0x3081990*) returned 5 [0293.953] recv (in: s=0x74c, buf=0x3081995, len=1393, flags=0 | out: buf=0x3081995*) returned 1393 [0293.953] DecryptMessage (in: phContext=0x30e4d28, pMessage=0x30e6bc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e6bc0, pfQOP=0x0) returned 0x0 [0293.954] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0293.954] recv (in: s=0x74c, buf=0x3081990, len=5, flags=0 | out: buf=0x3081990*) returned 5 [0293.954] recv (in: s=0x74c, buf=0x3081995, len=1393, flags=0 | out: buf=0x3081995*) returned 1393 [0293.955] DecryptMessage (in: phContext=0x30e4d28, pMessage=0x30e8648, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e8648, pfQOP=0x0) returned 0x0 [0293.955] recv (in: s=0x74c, buf=0x3081990, len=5, flags=0 | out: buf=0x3081990*) returned 5 [0293.955] recv (in: s=0x74c, buf=0x3081995, len=1393, flags=0 | out: buf=0x3081995*) returned 1393 [0293.955] DecryptMessage (in: phContext=0x30e4d28, pMessage=0x30e9458, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e9458, pfQOP=0x0) returned 0x0 [0293.955] recv (in: s=0x74c, buf=0x3081990, len=5, flags=0 | out: buf=0x3081990*) returned 5 [0293.956] recv (in: s=0x74c, buf=0x3081995, len=1393, flags=0 | out: buf=0x3081995*) returned 1393 [0293.957] DecryptMessage (in: phContext=0x30e4d28, pMessage=0x30ea694, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30ea694, pfQOP=0x0) returned 0x0 [0293.957] recv (in: s=0x74c, buf=0x3081990, len=5, flags=0 | out: buf=0x3081990*) returned 5 [0293.957] recv (in: s=0x74c, buf=0x3081995, len=1393, flags=0 | out: buf=0x3081995*) returned 1393 [0293.957] DecryptMessage (in: phContext=0x30e4d28, pMessage=0x30ea7b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30ea7b4, pfQOP=0x0) returned 0x0 [0293.958] recv (in: s=0x74c, buf=0x3081990, len=5, flags=0 | out: buf=0x3081990*) returned 5 [0293.958] recv (in: s=0x74c, buf=0x3081995, len=1393, flags=0 | out: buf=0x3081995*) returned 1393 [0293.958] DecryptMessage (in: phContext=0x30e4d28, pMessage=0x30ecb18, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30ecb18, pfQOP=0x0) returned 0x0 [0293.958] recv (in: s=0x74c, buf=0x3081990, len=5, flags=0 | out: buf=0x3081990*) returned 5 [0293.959] recv (in: s=0x74c, buf=0x3081995, len=1393, flags=0 | out: buf=0x3081995*) returned 1393 [0293.959] DecryptMessage (in: phContext=0x30e4d28, pMessage=0x30ecc2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30ecc2c, pfQOP=0x0) returned 0x0 [0293.959] recv (in: s=0x74c, buf=0x3081990, len=5, flags=0 | out: buf=0x3081990*) returned 5 [0293.959] recv (in: s=0x74c, buf=0x3081995, len=1393, flags=0 | out: buf=0x3081995*) returned 1393 [0293.959] DecryptMessage (in: phContext=0x30e4d28, pMessage=0x30ecd40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30ecd40, pfQOP=0x0) returned 0x0 [0293.961] recv (in: s=0x74c, buf=0x3081990, len=5, flags=0 | out: buf=0x3081990*) returned 5 [0293.961] recv (in: s=0x74c, buf=0x3081995, len=1393, flags=0 | out: buf=0x3081995*) returned 1393 [0293.961] DecryptMessage (in: phContext=0x30e4d28, pMessage=0x30f12dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30f12dc, pfQOP=0x0) returned 0x0 [0293.961] recv (in: s=0x74c, buf=0x3081990, len=5, flags=0 | out: buf=0x3081990*) returned 5 [0293.961] recv (in: s=0x74c, buf=0x3081995, len=1393, flags=0 | out: buf=0x3081995*) returned 1393 [0293.962] DecryptMessage (in: phContext=0x30e4d28, pMessage=0x30f13f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30f13f0, pfQOP=0x0) returned 0x0 [0293.962] recv (in: s=0x74c, buf=0x3081990, len=5, flags=0 | out: buf=0x3081990*) returned 5 [0293.962] recv (in: s=0x74c, buf=0x3081995, len=1393, flags=0 | out: buf=0x3081995*) returned 1393 [0293.962] DecryptMessage (in: phContext=0x30e4d28, pMessage=0x30f1504, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30f1504, pfQOP=0x0) returned 0x0 [0293.962] recv (in: s=0x74c, buf=0x3081990, len=5, flags=0 | out: buf=0x3081990*) returned 5 [0293.962] recv (in: s=0x74c, buf=0x3081995, len=1393, flags=0 | out: buf=0x3081995*) returned 1393 [0293.963] DecryptMessage (in: phContext=0x30e4d28, pMessage=0x30f1618, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30f1618, pfQOP=0x0) returned 0x0 [0293.963] recv (in: s=0x74c, buf=0x3081990, len=5, flags=0 | out: buf=0x3081990*) returned 5 [0293.963] recv (in: s=0x74c, buf=0x3081995, len=51, flags=0 | out: buf=0x3081995*) returned 51 [0293.963] DecryptMessage (in: phContext=0x30e4d28, pMessage=0x30f172c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30f172c, pfQOP=0x0) returned 0x0 [0293.963] SetEvent (hEvent=0x4a8) returned 1 [0293.964] QueryContextAttributesW (in: phContext=0x30e4d28, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0293.964] DeleteSecurityContext (phContext=0x30e4d28) returned 0x0 [0293.965] shutdown (s=0x74c, how=2) returned 0 [0293.967] closesocket (s=0x74c) returned 0 [0293.975] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743172771112) returned 1 [0293.975] SetEvent (hEvent=0x4a8) returned 1 [0293.977] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0293.983] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0293.983] WSAConnect (in: s=0x74c, name=0x30f4b18*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0293.993] closesocket (s=0x768) returned 0 [0293.995] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x30f4b64, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x30f5050, pOutput=0x30f4fe8, pfContextAttr=0x30f4f00, ptsExpiry=0x73ed80 | out: phNewContext=0x30f5050, pOutput=0x30f4fe8, pfContextAttr=0x30f4f00, ptsExpiry=0x73ed80) returned 0x90312 [0293.995] FreeContextBuffer (in: pvContextBuffer=0x57265d0 | out: pvContextBuffer=0x57265d0) returned 0x0 [0293.995] send (s=0x74c, buf=0x30f5064*, len=366, flags=0) returned 366 [0293.996] recv (in: s=0x74c, buf=0x30f5064, len=5, flags=0 | out: buf=0x30f5064*) returned 5 [0294.011] recv (in: s=0x74c, buf=0x30f5069, len=59, flags=0 | out: buf=0x30f5069*) returned 59 [0294.012] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x30f4b64, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30f5258, Reserved2=0x0, phNewContext=0x30f5050, pOutput=0x30f526c, pfContextAttr=0x30f4f00, ptsExpiry=0x73ecdc | out: phNewContext=0x30f5050, pOutput=0x30f526c, pfContextAttr=0x30f4f00, ptsExpiry=0x73ecdc) returned 0x90312 [0294.012] recv (in: s=0x74c, buf=0x30f52fc, len=5, flags=0 | out: buf=0x30f52fc*) returned 5 [0294.012] recv (in: s=0x74c, buf=0x30f5315, len=1, flags=0 | out: buf=0x30f5315*) returned 1 [0294.013] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x30f4b64, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30f5388, Reserved2=0x0, phNewContext=0x30f5050, pOutput=0x30f539c, pfContextAttr=0x30f4f00, ptsExpiry=0x73ec3c | out: phNewContext=0x30f5050, pOutput=0x30f539c, pfContextAttr=0x30f4f00, ptsExpiry=0x73ec3c) returned 0x90312 [0294.013] recv (in: s=0x74c, buf=0x30f542c, len=5, flags=0 | out: buf=0x30f542c*) returned 5 [0294.013] recv (in: s=0x74c, buf=0x30f5445, len=40, flags=0 | out: buf=0x30f5445*) returned 40 [0294.014] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x30f4b64, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30f54e0, Reserved2=0x0, phNewContext=0x30f5050, pOutput=0x30f54f4, pfContextAttr=0x30f4f00, ptsExpiry=0x73eb9c | out: phNewContext=0x30f5050, pOutput=0x30f54f4, pfContextAttr=0x30f4f00, ptsExpiry=0x73eb9c) returned 0x0 [0294.015] FreeContextBuffer (in: pvContextBuffer=0x571db98 | out: pvContextBuffer=0x571db98) returned 0x0 [0294.015] QueryContextAttributesW (in: phContext=0x30f5050, ulAttribute=0x4, pBuffer=0x30f55c4 | out: pBuffer=0x30f55c4) returned 0x0 [0294.015] QueryContextAttributesW (in: phContext=0x30f5050, ulAttribute=0x5a, pBuffer=0x30f5600 | out: pBuffer=0x30f5600) returned 0x0 [0294.015] QueryContextAttributesW (in: phContext=0x30f5050, ulAttribute=0x53, pBuffer=0x30f564c | out: pBuffer=0x30f564c) returned 0x0 [0294.016] CertDuplicateCertificateContext (pCertContext=0x571dd08) returned 0x571dd08 [0294.017] CertDuplicateStore (hCertStore=0x570d2d8) returned 0x570d2d8 [0294.017] CertEnumCertificatesInStore (hCertStore=0x570d2d8, pPrevCertContext=0x0) returned 0x571da38 [0294.017] CertDuplicateCertificateContext (pCertContext=0x571da38) returned 0x571da38 [0294.017] CertEnumCertificatesInStore (hCertStore=0x570d2d8, pPrevCertContext=0x571da38) returned 0x571dd08 [0294.018] CertDuplicateCertificateContext (pCertContext=0x571dd08) returned 0x571dd08 [0294.018] CertEnumCertificatesInStore (hCertStore=0x570d2d8, pPrevCertContext=0x571dd08) returned 0x0 [0294.018] CertCloseStore (hCertStore=0x570d2d8, dwFlags=0x0) returned 1 [0294.018] CertFreeCRLContext (pCrlContext=0x571dd08) returned 1 [0294.021] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570df08 [0294.021] CertAddCRLLinkToStore (in: hCertStore=0x570df08, pCrlContext=0x571da38, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.021] CertAddCRLLinkToStore (in: hCertStore=0x570df08, pCrlContext=0x571dd08, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.022] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729700 [0294.023] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571dd08, pTime=0x73ebb0, hAdditionalStore=0x570df08, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0294.023] LocalFree (hMem=0x5729700) returned 0x0 [0294.023] CertDuplicateCertificateChain (pChainContext=0x572d218) returned 0x572d218 [0294.024] CertDuplicateCertificateContext (pCertContext=0x571dd08) returned 0x571dd08 [0294.024] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0294.025] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0294.025] CertFreeCertificateChain (pChainContext=0x572d218) [0294.025] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x572d218, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0294.025] SetLastError (dwErrCode=0x0) [0294.025] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x572d218, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0294.026] CertFreeCertificateChain (pChainContext=0x572d218) [0294.026] CertFreeCRLContext (pCrlContext=0x571dd08) returned 1 [0294.027] EncryptMessage (in: phContext=0x30f5050, fQOP=0x0, pMessage=0x30f6d70, MessageSeqNo=0x0 | out: pMessage=0x30f6d70) returned 0x0 [0294.027] CoTaskMemAlloc (cb=0x10) returned 0x9f31b0 [0294.027] WSASend (in: s=0x74c, lpBuffers=0x9f31b0*=((len=0x33, buf=0x30f5570*), (len=0x4f, buf=0x30f6c8c*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0294.032] CoTaskMemFree (pv=0x9f31b0) [0294.032] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0294.032] recv (in: s=0x74c, buf=0x307d94c, len=5, flags=0 | out: buf=0x307d94c*) returned 5 [0294.048] recv (in: s=0x74c, buf=0x307d951, len=1393, flags=0 | out: buf=0x307d951*) returned 1393 [0294.048] DecryptMessage (in: phContext=0x30f5050, pMessage=0x30f6ee8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30f6ee8, pfQOP=0x0) returned 0x0 [0294.048] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0294.048] recv (in: s=0x74c, buf=0x307d94c, len=5, flags=0 | out: buf=0x307d94c*) returned 5 [0294.049] recv (in: s=0x74c, buf=0x307d951, len=1393, flags=0 | out: buf=0x307d951*) returned 1393 [0294.049] DecryptMessage (in: phContext=0x30f5050, pMessage=0x30f8970, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30f8970, pfQOP=0x0) returned 0x0 [0294.049] recv (in: s=0x74c, buf=0x307d94c, len=5, flags=0 | out: buf=0x307d94c*) returned 5 [0294.050] recv (in: s=0x74c, buf=0x307d951, len=1393, flags=0 | out: buf=0x307d951*) returned 1393 [0294.053] DecryptMessage (in: phContext=0x30f5050, pMessage=0x30f9780, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30f9780, pfQOP=0x0) returned 0x0 [0294.053] recv (in: s=0x74c, buf=0x307d94c, len=5, flags=0 | out: buf=0x307d94c*) returned 5 [0294.053] recv (in: s=0x74c, buf=0x307d951, len=1393, flags=0 | out: buf=0x307d951*) returned 1393 [0294.054] DecryptMessage (in: phContext=0x30f5050, pMessage=0x30fa9bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30fa9bc, pfQOP=0x0) returned 0x0 [0294.054] recv (in: s=0x74c, buf=0x307d94c, len=5, flags=0 | out: buf=0x307d94c*) returned 5 [0294.054] recv (in: s=0x74c, buf=0x307d951, len=1393, flags=0 | out: buf=0x307d951*) returned 1393 [0294.054] DecryptMessage (in: phContext=0x30f5050, pMessage=0x30faad0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30faad0, pfQOP=0x0) returned 0x0 [0294.055] recv (in: s=0x74c, buf=0x307d94c, len=5, flags=0 | out: buf=0x307d94c*) returned 5 [0294.055] recv (in: s=0x74c, buf=0x307d951, len=1393, flags=0 | out: buf=0x307d951*) returned 1393 [0294.055] DecryptMessage (in: phContext=0x30f5050, pMessage=0x30fce34, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30fce34, pfQOP=0x0) returned 0x0 [0294.055] recv (in: s=0x74c, buf=0x307d94c, len=5, flags=0 | out: buf=0x307d94c*) returned 5 [0294.055] recv (in: s=0x74c, buf=0x307d951, len=1393, flags=0 | out: buf=0x307d951*) returned 1393 [0294.056] DecryptMessage (in: phContext=0x30f5050, pMessage=0x30fcf48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30fcf48, pfQOP=0x0) returned 0x0 [0294.056] recv (in: s=0x74c, buf=0x307d94c, len=5, flags=0 | out: buf=0x307d94c*) returned 5 [0294.056] recv (in: s=0x74c, buf=0x307d951, len=1393, flags=0 | out: buf=0x307d951*) returned 1393 [0294.056] DecryptMessage (in: phContext=0x30f5050, pMessage=0x30fd068, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30fd068, pfQOP=0x0) returned 0x0 [0294.058] recv (in: s=0x74c, buf=0x307d94c, len=5, flags=0 | out: buf=0x307d94c*) returned 5 [0294.058] recv (in: s=0x74c, buf=0x307d951, len=1393, flags=0 | out: buf=0x307d951*) returned 1393 [0294.058] DecryptMessage (in: phContext=0x30f5050, pMessage=0x3101604, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3101604, pfQOP=0x0) returned 0x0 [0294.059] recv (in: s=0x74c, buf=0x307d94c, len=5, flags=0 | out: buf=0x307d94c*) returned 5 [0294.059] recv (in: s=0x74c, buf=0x307d951, len=1393, flags=0 | out: buf=0x307d951*) returned 1393 [0294.059] DecryptMessage (in: phContext=0x30f5050, pMessage=0x3101718, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3101718, pfQOP=0x0) returned 0x0 [0294.059] recv (in: s=0x74c, buf=0x307d94c, len=5, flags=0 | out: buf=0x307d94c*) returned 5 [0294.059] recv (in: s=0x74c, buf=0x307d951, len=1393, flags=0 | out: buf=0x307d951*) returned 1393 [0294.059] DecryptMessage (in: phContext=0x30f5050, pMessage=0x310182c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x310182c, pfQOP=0x0) returned 0x0 [0294.060] recv (in: s=0x74c, buf=0x307d94c, len=5, flags=0 | out: buf=0x307d94c*) returned 5 [0294.060] recv (in: s=0x74c, buf=0x307d951, len=1393, flags=0 | out: buf=0x307d951*) returned 1393 [0294.060] DecryptMessage (in: phContext=0x30f5050, pMessage=0x3101940, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3101940, pfQOP=0x0) returned 0x0 [0294.060] recv (in: s=0x74c, buf=0x307d94c, len=5, flags=0 | out: buf=0x307d94c*) returned 5 [0294.060] recv (in: s=0x74c, buf=0x307d951, len=29, flags=0 | out: buf=0x307d951*) returned 29 [0294.060] DecryptMessage (in: phContext=0x30f5050, pMessage=0x3101a54, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3101a54, pfQOP=0x0) returned 0x0 [0294.061] SetEvent (hEvent=0x4a8) returned 1 [0294.061] QueryContextAttributesW (in: phContext=0x30f5050, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0294.061] DeleteSecurityContext (phContext=0x30f5050) returned 0x0 [0294.068] shutdown (s=0x74c, how=2) returned 0 [0294.069] closesocket (s=0x74c) returned 0 [0294.075] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743182843449) returned 1 [0294.075] SetEvent (hEvent=0x4a8) returned 1 [0294.082] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0294.083] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0294.083] WSAConnect (in: s=0x74c, name=0x3104e2c*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0294.095] closesocket (s=0x768) returned 0 [0294.096] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3104e8c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x310536c, pOutput=0x3105304, pfContextAttr=0x310521c, ptsExpiry=0x73ed80 | out: phNewContext=0x310536c, pOutput=0x3105304, pfContextAttr=0x310521c, ptsExpiry=0x73ed80) returned 0x90312 [0294.100] FreeContextBuffer (in: pvContextBuffer=0x5726448 | out: pvContextBuffer=0x5726448) returned 0x0 [0294.100] send (s=0x74c, buf=0x310538c*, len=366, flags=0) returned 366 [0294.101] recv (in: s=0x74c, buf=0x310538c, len=5, flags=0 | out: buf=0x310538c*) returned 5 [0294.114] recv (in: s=0x74c, buf=0x3105391, len=59, flags=0 | out: buf=0x3105391*) returned 59 [0294.114] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3104e8c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3105580, Reserved2=0x0, phNewContext=0x310536c, pOutput=0x3105594, pfContextAttr=0x310521c, ptsExpiry=0x73ecdc | out: phNewContext=0x310536c, pOutput=0x3105594, pfContextAttr=0x310521c, ptsExpiry=0x73ecdc) returned 0x90312 [0294.115] recv (in: s=0x74c, buf=0x3105624, len=5, flags=0 | out: buf=0x3105624*) returned 5 [0294.115] recv (in: s=0x74c, buf=0x310563d, len=1, flags=0 | out: buf=0x310563d*) returned 1 [0294.115] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3104e8c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31056b0, Reserved2=0x0, phNewContext=0x310536c, pOutput=0x31056c4, pfContextAttr=0x310521c, ptsExpiry=0x73ec3c | out: phNewContext=0x310536c, pOutput=0x31056c4, pfContextAttr=0x310521c, ptsExpiry=0x73ec3c) returned 0x90312 [0294.116] recv (in: s=0x74c, buf=0x3105754, len=5, flags=0 | out: buf=0x3105754*) returned 5 [0294.116] recv (in: s=0x74c, buf=0x310576d, len=40, flags=0 | out: buf=0x310576d*) returned 40 [0294.116] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3104e8c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3105808, Reserved2=0x0, phNewContext=0x310536c, pOutput=0x310581c, pfContextAttr=0x310521c, ptsExpiry=0x73eb9c | out: phNewContext=0x310536c, pOutput=0x310581c, pfContextAttr=0x310521c, ptsExpiry=0x73eb9c) returned 0x0 [0294.125] FreeContextBuffer (in: pvContextBuffer=0x571e138 | out: pvContextBuffer=0x571e138) returned 0x0 [0294.125] QueryContextAttributesW (in: phContext=0x310536c, ulAttribute=0x4, pBuffer=0x31058ec | out: pBuffer=0x31058ec) returned 0x0 [0294.125] QueryContextAttributesW (in: phContext=0x310536c, ulAttribute=0x5a, pBuffer=0x3105928 | out: pBuffer=0x3105928) returned 0x0 [0294.125] QueryContextAttributesW (in: phContext=0x310536c, ulAttribute=0x53, pBuffer=0x3105974 | out: pBuffer=0x3105974) returned 0x0 [0294.126] CertDuplicateCertificateContext (pCertContext=0x571dc68) returned 0x571dc68 [0294.126] CertDuplicateStore (hCertStore=0x572d5a0) returned 0x572d5a0 [0294.126] CertEnumCertificatesInStore (hCertStore=0x572d5a0, pPrevCertContext=0x0) returned 0x571dda8 [0294.127] CertDuplicateCertificateContext (pCertContext=0x571dda8) returned 0x571dda8 [0294.127] CertEnumCertificatesInStore (hCertStore=0x572d5a0, pPrevCertContext=0x571dda8) returned 0x571dc68 [0294.128] CertDuplicateCertificateContext (pCertContext=0x571dc68) returned 0x571dc68 [0294.130] CertEnumCertificatesInStore (hCertStore=0x572d5a0, pPrevCertContext=0x571dc68) returned 0x0 [0294.130] CertCloseStore (hCertStore=0x572d5a0, dwFlags=0x0) returned 1 [0294.130] CertFreeCRLContext (pCrlContext=0x571dc68) returned 1 [0294.131] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x572d690 [0294.131] CertAddCRLLinkToStore (in: hCertStore=0x572d690, pCrlContext=0x571dda8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.131] CertAddCRLLinkToStore (in: hCertStore=0x572d690, pCrlContext=0x571dc68, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.132] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x57296a0 [0294.132] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571dc68, pTime=0x73ebb0, hAdditionalStore=0x572d690, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0294.133] LocalFree (hMem=0x57296a0) returned 0x0 [0294.133] CertDuplicateCertificateChain (pChainContext=0x572e600) returned 0x572e600 [0294.134] CertDuplicateCertificateContext (pCertContext=0x571dc68) returned 0x571dc68 [0294.134] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0294.135] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0294.135] CertFreeCertificateChain (pChainContext=0x572e600) [0294.135] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x572e600, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0294.135] SetLastError (dwErrCode=0x0) [0294.135] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x572e600, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0294.136] CertFreeCertificateChain (pChainContext=0x572e600) [0294.136] CertFreeCRLContext (pCrlContext=0x571dc68) returned 1 [0294.137] EncryptMessage (in: phContext=0x310536c, fQOP=0x0, pMessage=0x3107098, MessageSeqNo=0x0 | out: pMessage=0x3107098) returned 0x0 [0294.137] CoTaskMemAlloc (cb=0x10) returned 0x9f2fe8 [0294.137] WSASend (in: s=0x74c, lpBuffers=0x9f2fe8*=((len=0x33, buf=0x3105898*), (len=0x4f, buf=0x3106fb4*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0294.141] CoTaskMemFree (pv=0x9f2fe8) [0294.142] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0294.142] recv (in: s=0x74c, buf=0x3079908, len=5, flags=0 | out: buf=0x3079908*) returned 5 [0294.161] recv (in: s=0x74c, buf=0x307990d, len=1393, flags=0 | out: buf=0x307990d*) returned 1393 [0294.161] DecryptMessage (in: phContext=0x310536c, pMessage=0x3107204, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3107204, pfQOP=0x0) returned 0x0 [0294.162] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0294.162] recv (in: s=0x74c, buf=0x3079908, len=5, flags=0 | out: buf=0x3079908*) returned 5 [0294.162] recv (in: s=0x74c, buf=0x307990d, len=1393, flags=0 | out: buf=0x307990d*) returned 1393 [0294.162] DecryptMessage (in: phContext=0x310536c, pMessage=0x3108c98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3108c98, pfQOP=0x0) returned 0x0 [0294.163] recv (in: s=0x74c, buf=0x3079908, len=5, flags=0 | out: buf=0x3079908*) returned 5 [0294.163] recv (in: s=0x74c, buf=0x307990d, len=1393, flags=0 | out: buf=0x307990d*) returned 1393 [0294.163] DecryptMessage (in: phContext=0x310536c, pMessage=0x3109aa8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3109aa8, pfQOP=0x0) returned 0x0 [0294.164] recv (in: s=0x74c, buf=0x3079908, len=5, flags=0 | out: buf=0x3079908*) returned 5 [0294.164] recv (in: s=0x74c, buf=0x307990d, len=1393, flags=0 | out: buf=0x307990d*) returned 1393 [0294.164] DecryptMessage (in: phContext=0x310536c, pMessage=0x310ace4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x310ace4, pfQOP=0x0) returned 0x0 [0294.164] recv (in: s=0x74c, buf=0x3079908, len=5, flags=0 | out: buf=0x3079908*) returned 5 [0294.164] recv (in: s=0x74c, buf=0x307990d, len=1393, flags=0 | out: buf=0x307990d*) returned 1393 [0294.164] DecryptMessage (in: phContext=0x310536c, pMessage=0x310adf8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x310adf8, pfQOP=0x0) returned 0x0 [0294.165] recv (in: s=0x74c, buf=0x3079908, len=5, flags=0 | out: buf=0x3079908*) returned 5 [0294.165] recv (in: s=0x74c, buf=0x307990d, len=1393, flags=0 | out: buf=0x307990d*) returned 1393 [0294.165] DecryptMessage (in: phContext=0x310536c, pMessage=0x310d15c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x310d15c, pfQOP=0x0) returned 0x0 [0294.165] recv (in: s=0x74c, buf=0x3079908, len=5, flags=0 | out: buf=0x3079908*) returned 5 [0294.166] recv (in: s=0x74c, buf=0x307990d, len=1393, flags=0 | out: buf=0x307990d*) returned 1393 [0294.166] DecryptMessage (in: phContext=0x310536c, pMessage=0x310d270, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x310d270, pfQOP=0x0) returned 0x0 [0294.166] recv (in: s=0x74c, buf=0x3079908, len=5, flags=0 | out: buf=0x3079908*) returned 5 [0294.166] recv (in: s=0x74c, buf=0x307990d, len=1393, flags=0 | out: buf=0x307990d*) returned 1393 [0294.166] DecryptMessage (in: phContext=0x310536c, pMessage=0x310d384, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x310d384, pfQOP=0x0) returned 0x0 [0294.167] recv (in: s=0x74c, buf=0x3079908, len=5, flags=0 | out: buf=0x3079908*) returned 5 [0294.167] recv (in: s=0x74c, buf=0x307990d, len=1393, flags=0 | out: buf=0x307990d*) returned 1393 [0294.167] DecryptMessage (in: phContext=0x310536c, pMessage=0x3111920, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3111920, pfQOP=0x0) returned 0x0 [0294.168] recv (in: s=0x74c, buf=0x3079908, len=5, flags=0 | out: buf=0x3079908*) returned 5 [0294.168] recv (in: s=0x74c, buf=0x307990d, len=1393, flags=0 | out: buf=0x307990d*) returned 1393 [0294.168] DecryptMessage (in: phContext=0x310536c, pMessage=0x3111a34, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3111a34, pfQOP=0x0) returned 0x0 [0294.168] recv (in: s=0x74c, buf=0x3079908, len=5, flags=0 | out: buf=0x3079908*) returned 5 [0294.168] recv (in: s=0x74c, buf=0x307990d, len=1393, flags=0 | out: buf=0x307990d*) returned 1393 [0294.169] DecryptMessage (in: phContext=0x310536c, pMessage=0x3111b54, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3111b54, pfQOP=0x0) returned 0x0 [0294.169] recv (in: s=0x74c, buf=0x3079908, len=5, flags=0 | out: buf=0x3079908*) returned 5 [0294.169] recv (in: s=0x74c, buf=0x307990d, len=1393, flags=0 | out: buf=0x307990d*) returned 1393 [0294.169] DecryptMessage (in: phContext=0x310536c, pMessage=0x3111c68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3111c68, pfQOP=0x0) returned 0x0 [0294.169] recv (in: s=0x74c, buf=0x3079908, len=5, flags=0 | out: buf=0x3079908*) returned 5 [0294.169] recv (in: s=0x74c, buf=0x307990d, len=27, flags=0 | out: buf=0x307990d*) returned 27 [0294.170] DecryptMessage (in: phContext=0x310536c, pMessage=0x3111d7c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3111d7c, pfQOP=0x0) returned 0x0 [0294.170] SetEvent (hEvent=0x4a8) returned 1 [0294.170] QueryContextAttributesW (in: phContext=0x310536c, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0294.170] DeleteSecurityContext (phContext=0x310536c) returned 0x0 [0294.172] shutdown (s=0x74c, how=2) returned 0 [0294.172] closesocket (s=0x74c) returned 0 [0294.185] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743193784056) returned 1 [0294.189] SetEvent (hEvent=0x4a8) returned 1 [0294.192] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0294.193] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0294.194] WSAConnect (in: s=0x74c, name=0x3115160*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0294.205] closesocket (s=0x768) returned 0 [0294.212] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x31151c0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x31156a0, pOutput=0x3115638, pfContextAttr=0x3115550, ptsExpiry=0x73ed80 | out: phNewContext=0x31156a0, pOutput=0x3115638, pfContextAttr=0x3115550, ptsExpiry=0x73ed80) returned 0x90312 [0294.213] FreeContextBuffer (in: pvContextBuffer=0x57262c0 | out: pvContextBuffer=0x57262c0) returned 0x0 [0294.213] send (s=0x74c, buf=0x31156b4*, len=366, flags=0) returned 366 [0294.217] recv (in: s=0x74c, buf=0x31156b4, len=5, flags=0 | out: buf=0x31156b4*) returned 5 [0294.223] recv (in: s=0x74c, buf=0x31156b9, len=59, flags=0 | out: buf=0x31156b9*) returned 59 [0294.223] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x31151c0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31158a8, Reserved2=0x0, phNewContext=0x31156a0, pOutput=0x31158bc, pfContextAttr=0x3115550, ptsExpiry=0x73ecdc | out: phNewContext=0x31156a0, pOutput=0x31158bc, pfContextAttr=0x3115550, ptsExpiry=0x73ecdc) returned 0x90312 [0294.224] recv (in: s=0x74c, buf=0x311594c, len=5, flags=0 | out: buf=0x311594c*) returned 5 [0294.224] recv (in: s=0x74c, buf=0x3115965, len=1, flags=0 | out: buf=0x3115965*) returned 1 [0294.224] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x31151c0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31159d8, Reserved2=0x0, phNewContext=0x31156a0, pOutput=0x31159ec, pfContextAttr=0x3115550, ptsExpiry=0x73ec3c | out: phNewContext=0x31156a0, pOutput=0x31159ec, pfContextAttr=0x3115550, ptsExpiry=0x73ec3c) returned 0x90312 [0294.225] recv (in: s=0x74c, buf=0x3115a7c, len=5, flags=0 | out: buf=0x3115a7c*) returned 5 [0294.225] recv (in: s=0x74c, buf=0x3115a95, len=40, flags=0 | out: buf=0x3115a95*) returned 40 [0294.225] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x31151c0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3115b30, Reserved2=0x0, phNewContext=0x31156a0, pOutput=0x3115b44, pfContextAttr=0x3115550, ptsExpiry=0x73eb9c | out: phNewContext=0x31156a0, pOutput=0x3115b44, pfContextAttr=0x3115550, ptsExpiry=0x73eb9c) returned 0x0 [0294.226] FreeContextBuffer (in: pvContextBuffer=0x571e0e8 | out: pvContextBuffer=0x571e0e8) returned 0x0 [0294.227] QueryContextAttributesW (in: phContext=0x31156a0, ulAttribute=0x4, pBuffer=0x3115c14 | out: pBuffer=0x3115c14) returned 0x0 [0294.227] QueryContextAttributesW (in: phContext=0x31156a0, ulAttribute=0x5a, pBuffer=0x3115c50 | out: pBuffer=0x3115c50) returned 0x0 [0294.227] QueryContextAttributesW (in: phContext=0x31156a0, ulAttribute=0x53, pBuffer=0x3115c9c | out: pBuffer=0x3115c9c) returned 0x0 [0294.227] CertDuplicateCertificateContext (pCertContext=0x571e118) returned 0x571e118 [0294.228] CertDuplicateStore (hCertStore=0x572d618) returned 0x572d618 [0294.228] CertEnumCertificatesInStore (hCertStore=0x572d618, pPrevCertContext=0x0) returned 0x571e168 [0294.229] CertDuplicateCertificateContext (pCertContext=0x571e168) returned 0x571e168 [0294.229] CertEnumCertificatesInStore (hCertStore=0x572d618, pPrevCertContext=0x571e168) returned 0x571e118 [0294.230] CertDuplicateCertificateContext (pCertContext=0x571e118) returned 0x571e118 [0294.230] CertEnumCertificatesInStore (hCertStore=0x572d618, pPrevCertContext=0x571e118) returned 0x0 [0294.230] CertCloseStore (hCertStore=0x572d618, dwFlags=0x0) returned 1 [0294.230] CertFreeCRLContext (pCrlContext=0x571e118) returned 1 [0294.234] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x572d0f0 [0294.234] CertAddCRLLinkToStore (in: hCertStore=0x572d0f0, pCrlContext=0x571e168, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.235] CertAddCRLLinkToStore (in: hCertStore=0x572d0f0, pCrlContext=0x571e118, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.235] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729320 [0294.235] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e118, pTime=0x73ebb0, hAdditionalStore=0x572d0f0, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0294.236] LocalFree (hMem=0x5729320) returned 0x0 [0294.236] CertDuplicateCertificateChain (pChainContext=0x5724440) returned 0x5724440 [0294.236] CertDuplicateCertificateContext (pCertContext=0x571e118) returned 0x571e118 [0294.237] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0294.239] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0294.239] CertFreeCertificateChain (pChainContext=0x5724440) [0294.239] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5724440, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0294.239] SetLastError (dwErrCode=0x0) [0294.239] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5724440, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0294.239] CertFreeCertificateChain (pChainContext=0x5724440) [0294.239] CertFreeCRLContext (pCrlContext=0x571e118) returned 1 [0294.240] EncryptMessage (in: phContext=0x31156a0, fQOP=0x0, pMessage=0x31173cc, MessageSeqNo=0x0 | out: pMessage=0x31173cc) returned 0x0 [0294.240] CoTaskMemAlloc (cb=0x10) returned 0x9f3270 [0294.240] WSASend (in: s=0x74c, lpBuffers=0x9f3270*=((len=0x33, buf=0x3115bc0*), (len=0x4f, buf=0x31172e8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0294.270] CoTaskMemFree (pv=0x9f3270) [0294.270] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0294.270] recv (in: s=0x74c, buf=0x30758c4, len=5, flags=0 | out: buf=0x30758c4*) returned 5 [0294.271] recv (in: s=0x74c, buf=0x30758c9, len=1393, flags=0 | out: buf=0x30758c9*) returned 1393 [0294.271] DecryptMessage (in: phContext=0x31156a0, pMessage=0x3117538, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3117538, pfQOP=0x0) returned 0x0 [0294.271] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0294.271] recv (in: s=0x74c, buf=0x30758c4, len=5, flags=0 | out: buf=0x30758c4*) returned 5 [0294.272] recv (in: s=0x74c, buf=0x30758c9, len=1393, flags=0 | out: buf=0x30758c9*) returned 1393 [0294.272] DecryptMessage (in: phContext=0x31156a0, pMessage=0x3118fcc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3118fcc, pfQOP=0x0) returned 0x0 [0294.272] recv (in: s=0x74c, buf=0x30758c4, len=5, flags=0 | out: buf=0x30758c4*) returned 5 [0294.272] recv (in: s=0x74c, buf=0x30758c9, len=1393, flags=0 | out: buf=0x30758c9*) returned 1393 [0294.272] DecryptMessage (in: phContext=0x31156a0, pMessage=0x3119dd0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3119dd0, pfQOP=0x0) returned 0x0 [0294.273] recv (in: s=0x74c, buf=0x30758c4, len=5, flags=0 | out: buf=0x30758c4*) returned 5 [0294.273] recv (in: s=0x74c, buf=0x30758c9, len=1393, flags=0 | out: buf=0x30758c9*) returned 1393 [0294.273] DecryptMessage (in: phContext=0x31156a0, pMessage=0x311b018, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x311b018, pfQOP=0x0) returned 0x0 [0294.273] recv (in: s=0x74c, buf=0x30758c4, len=5, flags=0 | out: buf=0x30758c4*) returned 5 [0294.273] recv (in: s=0x74c, buf=0x30758c9, len=1393, flags=0 | out: buf=0x30758c9*) returned 1393 [0294.273] DecryptMessage (in: phContext=0x31156a0, pMessage=0x311b12c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x311b12c, pfQOP=0x0) returned 0x0 [0294.274] recv (in: s=0x74c, buf=0x30758c4, len=5, flags=0 | out: buf=0x30758c4*) returned 5 [0294.274] recv (in: s=0x74c, buf=0x30758c9, len=1393, flags=0 | out: buf=0x30758c9*) returned 1393 [0294.274] DecryptMessage (in: phContext=0x31156a0, pMessage=0x311d490, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x311d490, pfQOP=0x0) returned 0x0 [0294.274] recv (in: s=0x74c, buf=0x30758c4, len=5, flags=0 | out: buf=0x30758c4*) returned 5 [0294.274] recv (in: s=0x74c, buf=0x30758c9, len=1393, flags=0 | out: buf=0x30758c9*) returned 1393 [0294.275] DecryptMessage (in: phContext=0x31156a0, pMessage=0x311d5a4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x311d5a4, pfQOP=0x0) returned 0x0 [0294.275] recv (in: s=0x74c, buf=0x30758c4, len=5, flags=0 | out: buf=0x30758c4*) returned 5 [0294.275] recv (in: s=0x74c, buf=0x30758c9, len=1393, flags=0 | out: buf=0x30758c9*) returned 1393 [0294.275] DecryptMessage (in: phContext=0x31156a0, pMessage=0x311d6b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x311d6b8, pfQOP=0x0) returned 0x0 [0294.276] recv (in: s=0x74c, buf=0x30758c4, len=5, flags=0 | out: buf=0x30758c4*) returned 5 [0294.277] recv (in: s=0x74c, buf=0x30758c9, len=1393, flags=0 | out: buf=0x30758c9*) returned 1393 [0294.277] DecryptMessage (in: phContext=0x31156a0, pMessage=0x3121c54, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3121c54, pfQOP=0x0) returned 0x0 [0294.277] recv (in: s=0x74c, buf=0x30758c4, len=5, flags=0 | out: buf=0x30758c4*) returned 5 [0294.277] recv (in: s=0x74c, buf=0x30758c9, len=1393, flags=0 | out: buf=0x30758c9*) returned 1393 [0294.277] DecryptMessage (in: phContext=0x31156a0, pMessage=0x3121d68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3121d68, pfQOP=0x0) returned 0x0 [0294.277] recv (in: s=0x74c, buf=0x30758c4, len=5, flags=0 | out: buf=0x30758c4*) returned 5 [0294.277] recv (in: s=0x74c, buf=0x30758c9, len=1393, flags=0 | out: buf=0x30758c9*) returned 1393 [0294.278] DecryptMessage (in: phContext=0x31156a0, pMessage=0x3121e7c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3121e7c, pfQOP=0x0) returned 0x0 [0294.278] recv (in: s=0x74c, buf=0x30758c4, len=5, flags=0 | out: buf=0x30758c4*) returned 5 [0294.278] recv (in: s=0x74c, buf=0x30758c9, len=1393, flags=0 | out: buf=0x30758c9*) returned 1393 [0294.278] DecryptMessage (in: phContext=0x31156a0, pMessage=0x3121f90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3121f90, pfQOP=0x0) returned 0x0 [0294.278] recv (in: s=0x74c, buf=0x30758c4, len=5, flags=0 | out: buf=0x30758c4*) returned 5 [0294.278] recv (in: s=0x74c, buf=0x30758c9, len=28, flags=0 | out: buf=0x30758c9*) returned 28 [0294.278] DecryptMessage (in: phContext=0x31156a0, pMessage=0x31220a4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31220a4, pfQOP=0x0) returned 0x0 [0294.279] SetEvent (hEvent=0x4a8) returned 1 [0294.279] QueryContextAttributesW (in: phContext=0x31156a0, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0294.279] DeleteSecurityContext (phContext=0x31156a0) returned 0x0 [0294.280] shutdown (s=0x74c, how=2) returned 0 [0294.284] closesocket (s=0x74c) returned 0 [0294.289] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743204248557) returned 1 [0294.289] SetEvent (hEvent=0x4a8) returned 1 [0294.291] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0294.297] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0294.298] WSAConnect (in: s=0x74c, name=0x3125488*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0294.309] closesocket (s=0x768) returned 0 [0294.310] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x31254e8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x31259c8, pOutput=0x3125960, pfContextAttr=0x3125878, ptsExpiry=0x73ed80 | out: phNewContext=0x31259c8, pOutput=0x3125960, pfContextAttr=0x3125878, ptsExpiry=0x73ed80) returned 0x90312 [0294.311] FreeContextBuffer (in: pvContextBuffer=0x5725ca0 | out: pvContextBuffer=0x5725ca0) returned 0x0 [0294.311] send (s=0x74c, buf=0x31259dc*, len=366, flags=0) returned 366 [0294.312] recv (in: s=0x74c, buf=0x31259dc, len=5, flags=0 | out: buf=0x31259dc*) returned 5 [0294.320] recv (in: s=0x74c, buf=0x31259e1, len=59, flags=0 | out: buf=0x31259e1*) returned 59 [0294.321] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x31254e8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3125bd0, Reserved2=0x0, phNewContext=0x31259c8, pOutput=0x3125be4, pfContextAttr=0x3125878, ptsExpiry=0x73ecdc | out: phNewContext=0x31259c8, pOutput=0x3125be4, pfContextAttr=0x3125878, ptsExpiry=0x73ecdc) returned 0x90312 [0294.321] recv (in: s=0x74c, buf=0x3125c74, len=5, flags=0 | out: buf=0x3125c74*) returned 5 [0294.321] recv (in: s=0x74c, buf=0x3125c8d, len=1, flags=0 | out: buf=0x3125c8d*) returned 1 [0294.321] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x31254e8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3125d00, Reserved2=0x0, phNewContext=0x31259c8, pOutput=0x3125d14, pfContextAttr=0x3125878, ptsExpiry=0x73ec3c | out: phNewContext=0x31259c8, pOutput=0x3125d14, pfContextAttr=0x3125878, ptsExpiry=0x73ec3c) returned 0x90312 [0294.322] recv (in: s=0x74c, buf=0x3125da4, len=5, flags=0 | out: buf=0x3125da4*) returned 5 [0294.322] recv (in: s=0x74c, buf=0x3125dbd, len=40, flags=0 | out: buf=0x3125dbd*) returned 40 [0294.322] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x31254e8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3125e58, Reserved2=0x0, phNewContext=0x31259c8, pOutput=0x3125e6c, pfContextAttr=0x3125878, ptsExpiry=0x73eb9c | out: phNewContext=0x31259c8, pOutput=0x3125e6c, pfContextAttr=0x3125878, ptsExpiry=0x73eb9c) returned 0x0 [0294.323] FreeContextBuffer (in: pvContextBuffer=0x571dbe8 | out: pvContextBuffer=0x571dbe8) returned 0x0 [0294.323] QueryContextAttributesW (in: phContext=0x31259c8, ulAttribute=0x4, pBuffer=0x3125f3c | out: pBuffer=0x3125f3c) returned 0x0 [0294.323] QueryContextAttributesW (in: phContext=0x31259c8, ulAttribute=0x5a, pBuffer=0x3125f78 | out: pBuffer=0x3125f78) returned 0x0 [0294.324] QueryContextAttributesW (in: phContext=0x31259c8, ulAttribute=0x53, pBuffer=0x3125fc4 | out: pBuffer=0x3125fc4) returned 0x0 [0294.324] CertDuplicateCertificateContext (pCertContext=0x571de98) returned 0x571de98 [0294.325] CertDuplicateStore (hCertStore=0x572dbb8) returned 0x572dbb8 [0294.325] CertEnumCertificatesInStore (hCertStore=0x572dbb8, pPrevCertContext=0x0) returned 0x571e258 [0294.325] CertDuplicateCertificateContext (pCertContext=0x571e258) returned 0x571e258 [0294.325] CertEnumCertificatesInStore (hCertStore=0x572dbb8, pPrevCertContext=0x571e258) returned 0x571de98 [0294.326] CertDuplicateCertificateContext (pCertContext=0x571de98) returned 0x571de98 [0294.326] CertEnumCertificatesInStore (hCertStore=0x572dbb8, pPrevCertContext=0x571de98) returned 0x0 [0294.326] CertCloseStore (hCertStore=0x572dbb8, dwFlags=0x0) returned 1 [0294.326] CertFreeCRLContext (pCrlContext=0x571de98) returned 1 [0294.327] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x572d8e8 [0294.327] CertAddCRLLinkToStore (in: hCertStore=0x572d8e8, pCrlContext=0x571e258, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.327] CertAddCRLLinkToStore (in: hCertStore=0x572d8e8, pCrlContext=0x571de98, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.327] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x57295a0 [0294.328] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571de98, pTime=0x73ebb0, hAdditionalStore=0x572d8e8, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0294.328] LocalFree (hMem=0x57295a0) returned 0x0 [0294.328] CertDuplicateCertificateChain (pChainContext=0x572f020) returned 0x572f020 [0294.329] CertDuplicateCertificateContext (pCertContext=0x571de98) returned 0x571de98 [0294.329] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0294.330] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0294.330] CertFreeCertificateChain (pChainContext=0x572f020) [0294.330] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x572f020, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0294.330] SetLastError (dwErrCode=0x0) [0294.330] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x572f020, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0294.338] CertFreeCertificateChain (pChainContext=0x572f020) [0294.338] CertFreeCRLContext (pCrlContext=0x571de98) returned 1 [0294.338] EncryptMessage (in: phContext=0x31259c8, fQOP=0x0, pMessage=0x31276f4, MessageSeqNo=0x0 | out: pMessage=0x31276f4) returned 0x0 [0294.338] CoTaskMemAlloc (cb=0x10) returned 0x9f3198 [0294.338] WSASend (in: s=0x74c, lpBuffers=0x9f3198*=((len=0x33, buf=0x3125ee8*), (len=0x4f, buf=0x3127610*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0294.339] CoTaskMemFree (pv=0x9f3198) [0294.339] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0294.339] recv (in: s=0x74c, buf=0x3071880, len=5, flags=0 | out: buf=0x3071880*) returned 5 [0294.357] recv (in: s=0x74c, buf=0x3071885, len=1393, flags=0 | out: buf=0x3071885*) returned 1393 [0294.357] DecryptMessage (in: phContext=0x31259c8, pMessage=0x3127860, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3127860, pfQOP=0x0) returned 0x0 [0294.357] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0294.358] recv (in: s=0x74c, buf=0x3071880, len=5, flags=0 | out: buf=0x3071880*) returned 5 [0294.358] recv (in: s=0x74c, buf=0x3071885, len=1393, flags=0 | out: buf=0x3071885*) returned 1393 [0294.358] DecryptMessage (in: phContext=0x31259c8, pMessage=0x31292f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31292f4, pfQOP=0x0) returned 0x0 [0294.358] recv (in: s=0x74c, buf=0x3071880, len=5, flags=0 | out: buf=0x3071880*) returned 5 [0294.358] recv (in: s=0x74c, buf=0x3071885, len=1393, flags=0 | out: buf=0x3071885*) returned 1393 [0294.358] DecryptMessage (in: phContext=0x31259c8, pMessage=0x312a0f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312a0f8, pfQOP=0x0) returned 0x0 [0294.359] recv (in: s=0x74c, buf=0x3071880, len=5, flags=0 | out: buf=0x3071880*) returned 5 [0294.359] recv (in: s=0x74c, buf=0x3071885, len=1393, flags=0 | out: buf=0x3071885*) returned 1393 [0294.359] DecryptMessage (in: phContext=0x31259c8, pMessage=0x312b340, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312b340, pfQOP=0x0) returned 0x0 [0294.359] recv (in: s=0x74c, buf=0x3071880, len=5, flags=0 | out: buf=0x3071880*) returned 5 [0294.359] recv (in: s=0x74c, buf=0x3071885, len=1393, flags=0 | out: buf=0x3071885*) returned 1393 [0294.359] DecryptMessage (in: phContext=0x31259c8, pMessage=0x312b454, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312b454, pfQOP=0x0) returned 0x0 [0294.360] recv (in: s=0x74c, buf=0x3071880, len=5, flags=0 | out: buf=0x3071880*) returned 5 [0294.360] recv (in: s=0x74c, buf=0x3071885, len=1393, flags=0 | out: buf=0x3071885*) returned 1393 [0294.360] DecryptMessage (in: phContext=0x31259c8, pMessage=0x312d7b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312d7b8, pfQOP=0x0) returned 0x0 [0294.360] recv (in: s=0x74c, buf=0x3071880, len=5, flags=0 | out: buf=0x3071880*) returned 5 [0294.360] recv (in: s=0x74c, buf=0x3071885, len=1393, flags=0 | out: buf=0x3071885*) returned 1393 [0294.360] DecryptMessage (in: phContext=0x31259c8, pMessage=0x312d8cc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312d8cc, pfQOP=0x0) returned 0x0 [0294.360] recv (in: s=0x74c, buf=0x3071880, len=5, flags=0 | out: buf=0x3071880*) returned 5 [0294.361] recv (in: s=0x74c, buf=0x3071885, len=1393, flags=0 | out: buf=0x3071885*) returned 1393 [0294.361] DecryptMessage (in: phContext=0x31259c8, pMessage=0x312d9e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x312d9e0, pfQOP=0x0) returned 0x0 [0294.362] recv (in: s=0x74c, buf=0x3071880, len=5, flags=0 | out: buf=0x3071880*) returned 5 [0294.362] recv (in: s=0x74c, buf=0x3071885, len=1393, flags=0 | out: buf=0x3071885*) returned 1393 [0294.362] DecryptMessage (in: phContext=0x31259c8, pMessage=0x3131f7c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3131f7c, pfQOP=0x0) returned 0x0 [0294.370] recv (in: s=0x74c, buf=0x3071880, len=5, flags=0 | out: buf=0x3071880*) returned 5 [0294.370] recv (in: s=0x74c, buf=0x3071885, len=1393, flags=0 | out: buf=0x3071885*) returned 1393 [0294.370] DecryptMessage (in: phContext=0x31259c8, pMessage=0x3132090, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3132090, pfQOP=0x0) returned 0x0 [0294.370] recv (in: s=0x74c, buf=0x3071880, len=5, flags=0 | out: buf=0x3071880*) returned 5 [0294.370] recv (in: s=0x74c, buf=0x3071885, len=1393, flags=0 | out: buf=0x3071885*) returned 1393 [0294.370] DecryptMessage (in: phContext=0x31259c8, pMessage=0x31321a4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31321a4, pfQOP=0x0) returned 0x0 [0294.371] recv (in: s=0x74c, buf=0x3071880, len=5, flags=0 | out: buf=0x3071880*) returned 5 [0294.371] recv (in: s=0x74c, buf=0x3071885, len=1393, flags=0 | out: buf=0x3071885*) returned 1393 [0294.371] DecryptMessage (in: phContext=0x31259c8, pMessage=0x31322b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31322b8, pfQOP=0x0) returned 0x0 [0294.371] recv (in: s=0x74c, buf=0x3071880, len=5, flags=0 | out: buf=0x3071880*) returned 5 [0294.371] recv (in: s=0x74c, buf=0x3071885, len=51, flags=0 | out: buf=0x3071885*) returned 51 [0294.371] DecryptMessage (in: phContext=0x31259c8, pMessage=0x31323cc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31323cc, pfQOP=0x0) returned 0x0 [0294.371] SetEvent (hEvent=0x4a8) returned 1 [0294.372] QueryContextAttributesW (in: phContext=0x31259c8, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0294.372] DeleteSecurityContext (phContext=0x31259c8) returned 0x0 [0294.372] shutdown (s=0x74c, how=2) returned 0 [0294.373] closesocket (s=0x74c) returned 0 [0294.412] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743216550476) returned 1 [0294.413] SetEvent (hEvent=0x4a8) returned 1 [0294.416] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0294.417] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0294.418] WSAConnect (in: s=0x74c, name=0x304bed0*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0294.459] closesocket (s=0x768) returned 0 [0294.493] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x304c044, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x304c524, pOutput=0x304c4bc, pfContextAttr=0x304c3d4, ptsExpiry=0x73ed80 | out: phNewContext=0x304c524, pOutput=0x304c4bc, pfContextAttr=0x304c3d4, ptsExpiry=0x73ed80) returned 0x90312 [0294.494] FreeContextBuffer (in: pvContextBuffer=0x5726138 | out: pvContextBuffer=0x5726138) returned 0x0 [0294.494] send (s=0x74c, buf=0x304c538*, len=366, flags=0) returned 366 [0294.494] recv (in: s=0x74c, buf=0x304c538, len=5, flags=0 | out: buf=0x304c538*) returned 5 [0294.505] recv (in: s=0x74c, buf=0x304c53d, len=59, flags=0 | out: buf=0x304c53d*) returned 59 [0294.505] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x304c044, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x304c72c, Reserved2=0x0, phNewContext=0x304c524, pOutput=0x304c740, pfContextAttr=0x304c3d4, ptsExpiry=0x73ecdc | out: phNewContext=0x304c524, pOutput=0x304c740, pfContextAttr=0x304c3d4, ptsExpiry=0x73ecdc) returned 0x90312 [0294.505] recv (in: s=0x74c, buf=0x304c7d0, len=5, flags=0 | out: buf=0x304c7d0*) returned 5 [0294.505] recv (in: s=0x74c, buf=0x304c7e9, len=1, flags=0 | out: buf=0x304c7e9*) returned 1 [0294.506] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x304c044, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x304c868, Reserved2=0x0, phNewContext=0x304c524, pOutput=0x304c87c, pfContextAttr=0x304c3d4, ptsExpiry=0x73ec3c | out: phNewContext=0x304c524, pOutput=0x304c87c, pfContextAttr=0x304c3d4, ptsExpiry=0x73ec3c) returned 0x90312 [0294.506] recv (in: s=0x74c, buf=0x304c90c, len=5, flags=0 | out: buf=0x304c90c*) returned 5 [0294.506] recv (in: s=0x74c, buf=0x304c925, len=40, flags=0 | out: buf=0x304c925*) returned 40 [0294.506] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x304c044, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x304c9c0, Reserved2=0x0, phNewContext=0x304c524, pOutput=0x304c9d4, pfContextAttr=0x304c3d4, ptsExpiry=0x73eb9c | out: phNewContext=0x304c524, pOutput=0x304c9d4, pfContextAttr=0x304c3d4, ptsExpiry=0x73eb9c) returned 0x0 [0294.511] FreeContextBuffer (in: pvContextBuffer=0x571ddc8 | out: pvContextBuffer=0x571ddc8) returned 0x0 [0294.511] QueryContextAttributesW (in: phContext=0x304c524, ulAttribute=0x4, pBuffer=0x304caa4 | out: pBuffer=0x304caa4) returned 0x0 [0294.511] QueryContextAttributesW (in: phContext=0x304c524, ulAttribute=0x5a, pBuffer=0x304cae0 | out: pBuffer=0x304cae0) returned 0x0 [0294.511] QueryContextAttributesW (in: phContext=0x304c524, ulAttribute=0x53, pBuffer=0x304cb2c | out: pBuffer=0x304cb2c) returned 0x0 [0294.512] CertDuplicateCertificateContext (pCertContext=0x571db28) returned 0x571db28 [0294.512] CertDuplicateStore (hCertStore=0x570de90) returned 0x570de90 [0294.512] CertEnumCertificatesInStore (hCertStore=0x570de90, pPrevCertContext=0x0) returned 0x571e258 [0294.513] CertDuplicateCertificateContext (pCertContext=0x571e258) returned 0x571e258 [0294.513] CertEnumCertificatesInStore (hCertStore=0x570de90, pPrevCertContext=0x571e258) returned 0x571db28 [0294.513] CertDuplicateCertificateContext (pCertContext=0x571db28) returned 0x571db28 [0294.514] CertEnumCertificatesInStore (hCertStore=0x570de90, pPrevCertContext=0x571db28) returned 0x0 [0294.514] CertCloseStore (hCertStore=0x570de90, dwFlags=0x0) returned 1 [0294.514] CertFreeCRLContext (pCrlContext=0x571db28) returned 1 [0294.514] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d8f0 [0294.515] CertAddCRLLinkToStore (in: hCertStore=0x570d8f0, pCrlContext=0x571e258, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.515] CertAddCRLLinkToStore (in: hCertStore=0x570d8f0, pCrlContext=0x571db28, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.515] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729840 [0294.516] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571db28, pTime=0x73ebb0, hAdditionalStore=0x570d8f0, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0294.516] LocalFree (hMem=0x5729840) returned 0x0 [0294.516] CertDuplicateCertificateChain (pChainContext=0x9e06b0) returned 0x9e06b0 [0294.517] CertDuplicateCertificateContext (pCertContext=0x571db28) returned 0x571db28 [0294.517] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0294.518] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0294.518] CertFreeCertificateChain (pChainContext=0x9e06b0) [0294.518] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e06b0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0294.518] SetLastError (dwErrCode=0x0) [0294.518] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e06b0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0294.588] CertFreeCertificateChain (pChainContext=0x9e06b0) [0294.589] CertFreeCRLContext (pCrlContext=0x571db28) returned 1 [0294.589] EncryptMessage (in: phContext=0x304c524, fQOP=0x0, pMessage=0x304e250, MessageSeqNo=0x0 | out: pMessage=0x304e250) returned 0x0 [0294.589] CoTaskMemAlloc (cb=0x10) returned 0x9f3120 [0294.589] WSASend (in: s=0x74c, lpBuffers=0x9f3120*=((len=0x33, buf=0x304ca50*), (len=0x4f, buf=0x304e16c*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0294.590] CoTaskMemFree (pv=0x9f3120) [0294.590] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0294.590] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0294.605] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0294.606] DecryptMessage (in: phContext=0x304c524, pMessage=0x304e3bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x304e3bc, pfQOP=0x0) returned 0x0 [0294.618] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0294.618] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0294.618] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0294.618] DecryptMessage (in: phContext=0x304c524, pMessage=0x3050a50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3050a50, pfQOP=0x0) returned 0x0 [0294.619] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0294.619] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0294.619] DecryptMessage (in: phContext=0x304c524, pMessage=0x3051854, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3051854, pfQOP=0x0) returned 0x0 [0294.619] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0294.619] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0294.619] DecryptMessage (in: phContext=0x304c524, pMessage=0x3052a9c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3052a9c, pfQOP=0x0) returned 0x0 [0294.620] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0294.620] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0294.620] DecryptMessage (in: phContext=0x304c524, pMessage=0x3052bb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3052bb0, pfQOP=0x0) returned 0x0 [0294.620] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0294.620] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0294.620] DecryptMessage (in: phContext=0x304c524, pMessage=0x3054f14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3054f14, pfQOP=0x0) returned 0x0 [0294.621] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0294.621] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0294.621] DecryptMessage (in: phContext=0x304c524, pMessage=0x3055028, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3055028, pfQOP=0x0) returned 0x0 [0294.621] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0294.621] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0294.621] DecryptMessage (in: phContext=0x304c524, pMessage=0x305513c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x305513c, pfQOP=0x0) returned 0x0 [0294.622] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0294.622] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0294.622] DecryptMessage (in: phContext=0x304c524, pMessage=0x30596d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30596d8, pfQOP=0x0) returned 0x0 [0294.622] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0294.622] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0294.622] DecryptMessage (in: phContext=0x304c524, pMessage=0x30597ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30597ec, pfQOP=0x0) returned 0x0 [0294.622] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0294.622] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0294.623] DecryptMessage (in: phContext=0x304c524, pMessage=0x3059900, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3059900, pfQOP=0x0) returned 0x0 [0294.623] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0294.623] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0294.623] DecryptMessage (in: phContext=0x304c524, pMessage=0x3059a14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3059a14, pfQOP=0x0) returned 0x0 [0294.623] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0294.623] recv (in: s=0x74c, buf=0x2fcd311, len=51, flags=0 | out: buf=0x2fcd311*) returned 51 [0294.623] DecryptMessage (in: phContext=0x304c524, pMessage=0x3059b28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3059b28, pfQOP=0x0) returned 0x0 [0294.624] SetEvent (hEvent=0x4a8) returned 1 [0294.624] QueryContextAttributesW (in: phContext=0x304c524, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0294.624] DeleteSecurityContext (phContext=0x304c524) returned 0x0 [0294.625] shutdown (s=0x74c, how=2) returned 0 [0294.625] closesocket (s=0x74c) returned 0 [0294.636] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743238877617) returned 1 [0294.636] SetEvent (hEvent=0x4a8) returned 1 [0294.641] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0294.642] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0294.642] WSAConnect (in: s=0x74c, name=0x305cf9c*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0294.653] closesocket (s=0x768) returned 0 [0294.655] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x305cffc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x305d4dc, pOutput=0x305d474, pfContextAttr=0x305d38c, ptsExpiry=0x73ed80 | out: phNewContext=0x305d4dc, pOutput=0x305d474, pfContextAttr=0x305d38c, ptsExpiry=0x73ed80) returned 0x90312 [0294.656] FreeContextBuffer (in: pvContextBuffer=0x5726448 | out: pvContextBuffer=0x5726448) returned 0x0 [0294.656] send (s=0x74c, buf=0x305d4f0*, len=366, flags=0) returned 366 [0294.657] recv (in: s=0x74c, buf=0x305d4f0, len=5, flags=0 | out: buf=0x305d4f0*) returned 5 [0294.706] recv (in: s=0x74c, buf=0x305d4f5, len=59, flags=0 | out: buf=0x305d4f5*) returned 59 [0294.707] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x305cffc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x305d6e4, Reserved2=0x0, phNewContext=0x305d4dc, pOutput=0x305d6f8, pfContextAttr=0x305d38c, ptsExpiry=0x73ecdc | out: phNewContext=0x305d4dc, pOutput=0x305d6f8, pfContextAttr=0x305d38c, ptsExpiry=0x73ecdc) returned 0x90312 [0294.710] recv (in: s=0x74c, buf=0x305d788, len=5, flags=0 | out: buf=0x305d788*) returned 5 [0294.710] recv (in: s=0x74c, buf=0x305d7a1, len=1, flags=0 | out: buf=0x305d7a1*) returned 1 [0294.710] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x305cffc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x305d814, Reserved2=0x0, phNewContext=0x305d4dc, pOutput=0x305d828, pfContextAttr=0x305d38c, ptsExpiry=0x73ec3c | out: phNewContext=0x305d4dc, pOutput=0x305d828, pfContextAttr=0x305d38c, ptsExpiry=0x73ec3c) returned 0x90312 [0294.711] recv (in: s=0x74c, buf=0x305d8b8, len=5, flags=0 | out: buf=0x305d8b8*) returned 5 [0294.711] recv (in: s=0x74c, buf=0x305d8d1, len=40, flags=0 | out: buf=0x305d8d1*) returned 40 [0294.711] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x305cffc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x305d96c, Reserved2=0x0, phNewContext=0x305d4dc, pOutput=0x305d980, pfContextAttr=0x305d38c, ptsExpiry=0x73eb9c | out: phNewContext=0x305d4dc, pOutput=0x305d980, pfContextAttr=0x305d38c, ptsExpiry=0x73eb9c) returned 0x0 [0294.754] FreeContextBuffer (in: pvContextBuffer=0x571dff8 | out: pvContextBuffer=0x571dff8) returned 0x0 [0294.754] QueryContextAttributesW (in: phContext=0x305d4dc, ulAttribute=0x4, pBuffer=0x305da50 | out: pBuffer=0x305da50) returned 0x0 [0294.754] QueryContextAttributesW (in: phContext=0x305d4dc, ulAttribute=0x5a, pBuffer=0x305da8c | out: pBuffer=0x305da8c) returned 0x0 [0294.755] QueryContextAttributesW (in: phContext=0x305d4dc, ulAttribute=0x53, pBuffer=0x305dad8 | out: pBuffer=0x305dad8) returned 0x0 [0294.755] CertDuplicateCertificateContext (pCertContext=0x571dd08) returned 0x571dd08 [0294.756] CertDuplicateStore (hCertStore=0x570d170) returned 0x570d170 [0294.756] CertEnumCertificatesInStore (hCertStore=0x570d170, pPrevCertContext=0x0) returned 0x571e208 [0294.756] CertDuplicateCertificateContext (pCertContext=0x571e208) returned 0x571e208 [0294.756] CertEnumCertificatesInStore (hCertStore=0x570d170, pPrevCertContext=0x571e208) returned 0x571dd08 [0294.757] CertDuplicateCertificateContext (pCertContext=0x571dd08) returned 0x571dd08 [0294.757] CertEnumCertificatesInStore (hCertStore=0x570d170, pPrevCertContext=0x571dd08) returned 0x0 [0294.757] CertCloseStore (hCertStore=0x570d170, dwFlags=0x0) returned 1 [0294.757] CertFreeCRLContext (pCrlContext=0x571dd08) returned 1 [0294.758] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d008 [0294.758] CertAddCRLLinkToStore (in: hCertStore=0x570d008, pCrlContext=0x571e208, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.758] CertAddCRLLinkToStore (in: hCertStore=0x570d008, pCrlContext=0x571dd08, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.758] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729a80 [0294.759] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571dd08, pTime=0x73ebb0, hAdditionalStore=0x570d008, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0294.759] LocalFree (hMem=0x5729a80) returned 0x0 [0294.759] CertDuplicateCertificateChain (pChainContext=0x9e06b0) returned 0x9e06b0 [0294.760] CertDuplicateCertificateContext (pCertContext=0x571dd08) returned 0x571dd08 [0294.760] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0294.761] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0294.761] CertFreeCertificateChain (pChainContext=0x9e06b0) [0294.761] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e06b0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0294.761] SetLastError (dwErrCode=0x0) [0294.761] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e06b0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0294.761] CertFreeCertificateChain (pChainContext=0x9e06b0) [0294.761] CertFreeCRLContext (pCrlContext=0x571dd08) returned 1 [0294.762] EncryptMessage (in: phContext=0x305d4dc, fQOP=0x0, pMessage=0x305f208, MessageSeqNo=0x0 | out: pMessage=0x305f208) returned 0x0 [0294.762] CoTaskMemAlloc (cb=0x10) returned 0x9f3228 [0294.762] WSASend (in: s=0x74c, lpBuffers=0x9f3228*=((len=0x33, buf=0x305d9fc*), (len=0x4f, buf=0x305f124*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0294.763] CoTaskMemFree (pv=0x9f3228) [0294.763] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0294.763] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0294.779] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0294.779] DecryptMessage (in: phContext=0x305d4dc, pMessage=0x305f374, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x305f374, pfQOP=0x0) returned 0x0 [0294.779] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0294.779] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0294.779] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0294.780] DecryptMessage (in: phContext=0x305d4dc, pMessage=0x3060dfc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3060dfc, pfQOP=0x0) returned 0x0 [0294.780] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0294.780] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0294.780] DecryptMessage (in: phContext=0x305d4dc, pMessage=0x3061c0c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3061c0c, pfQOP=0x0) returned 0x0 [0294.780] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0294.780] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0294.781] DecryptMessage (in: phContext=0x305d4dc, pMessage=0x3062e48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3062e48, pfQOP=0x0) returned 0x0 [0294.781] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0294.781] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0294.781] DecryptMessage (in: phContext=0x305d4dc, pMessage=0x3062f68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3062f68, pfQOP=0x0) returned 0x0 [0294.781] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0294.782] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0294.782] DecryptMessage (in: phContext=0x305d4dc, pMessage=0x30652cc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30652cc, pfQOP=0x0) returned 0x0 [0294.782] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0294.782] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0294.782] DecryptMessage (in: phContext=0x305d4dc, pMessage=0x30653e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30653e0, pfQOP=0x0) returned 0x0 [0294.782] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0294.782] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0294.783] DecryptMessage (in: phContext=0x305d4dc, pMessage=0x30654f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30654f4, pfQOP=0x0) returned 0x0 [0294.783] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0294.783] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0294.783] DecryptMessage (in: phContext=0x305d4dc, pMessage=0x3069a90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3069a90, pfQOP=0x0) returned 0x0 [0294.783] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0294.783] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0294.783] DecryptMessage (in: phContext=0x305d4dc, pMessage=0x3069ba4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3069ba4, pfQOP=0x0) returned 0x0 [0294.784] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0294.784] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0294.784] DecryptMessage (in: phContext=0x305d4dc, pMessage=0x3069cb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3069cb8, pfQOP=0x0) returned 0x0 [0294.784] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0294.785] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0294.785] DecryptMessage (in: phContext=0x305d4dc, pMessage=0x3069dcc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3069dcc, pfQOP=0x0) returned 0x0 [0294.785] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0294.785] recv (in: s=0x74c, buf=0x2fd5381, len=29, flags=0 | out: buf=0x2fd5381*) returned 29 [0294.785] DecryptMessage (in: phContext=0x305d4dc, pMessage=0x3069ee0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3069ee0, pfQOP=0x0) returned 0x0 [0294.785] SetEvent (hEvent=0x4a8) returned 1 [0294.786] QueryContextAttributesW (in: phContext=0x305d4dc, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0294.786] DeleteSecurityContext (phContext=0x305d4dc) returned 0x0 [0294.786] shutdown (s=0x74c, how=2) returned 0 [0294.787] closesocket (s=0x74c) returned 0 [0294.792] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743254501892) returned 1 [0294.792] SetEvent (hEvent=0x4a8) returned 1 [0294.794] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0294.794] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0294.795] WSAConnect (in: s=0x74c, name=0x306d2b8*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0294.805] closesocket (s=0x768) returned 0 [0294.806] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x306d318, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x306d804, pOutput=0x306d79c, pfContextAttr=0x306d6b4, ptsExpiry=0x73ed80 | out: phNewContext=0x306d804, pOutput=0x306d79c, pfContextAttr=0x306d6b4, ptsExpiry=0x73ed80) returned 0x90312 [0294.806] FreeContextBuffer (in: pvContextBuffer=0x5726758 | out: pvContextBuffer=0x5726758) returned 0x0 [0294.807] send (s=0x74c, buf=0x306d818*, len=366, flags=0) returned 366 [0294.807] recv (in: s=0x74c, buf=0x306d818, len=5, flags=0 | out: buf=0x306d818*) returned 5 [0294.817] recv (in: s=0x74c, buf=0x306d81d, len=59, flags=0 | out: buf=0x306d81d*) returned 59 [0294.817] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x306d318, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x306da0c, Reserved2=0x0, phNewContext=0x306d804, pOutput=0x306da20, pfContextAttr=0x306d6b4, ptsExpiry=0x73ecdc | out: phNewContext=0x306d804, pOutput=0x306da20, pfContextAttr=0x306d6b4, ptsExpiry=0x73ecdc) returned 0x90312 [0294.818] recv (in: s=0x74c, buf=0x306dab0, len=5, flags=0 | out: buf=0x306dab0*) returned 5 [0294.818] recv (in: s=0x74c, buf=0x306dac9, len=1, flags=0 | out: buf=0x306dac9*) returned 1 [0294.818] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x306d318, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x306db3c, Reserved2=0x0, phNewContext=0x306d804, pOutput=0x306db50, pfContextAttr=0x306d6b4, ptsExpiry=0x73ec3c | out: phNewContext=0x306d804, pOutput=0x306db50, pfContextAttr=0x306d6b4, ptsExpiry=0x73ec3c) returned 0x90312 [0294.818] recv (in: s=0x74c, buf=0x306dbe0, len=5, flags=0 | out: buf=0x306dbe0*) returned 5 [0294.818] recv (in: s=0x74c, buf=0x306dbf9, len=40, flags=0 | out: buf=0x306dbf9*) returned 40 [0294.819] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x306d318, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x306dc94, Reserved2=0x0, phNewContext=0x306d804, pOutput=0x306dca8, pfContextAttr=0x306d6b4, ptsExpiry=0x73eb9c | out: phNewContext=0x306d804, pOutput=0x306dca8, pfContextAttr=0x306d6b4, ptsExpiry=0x73eb9c) returned 0x0 [0294.820] FreeContextBuffer (in: pvContextBuffer=0x571dd28 | out: pvContextBuffer=0x571dd28) returned 0x0 [0294.820] QueryContextAttributesW (in: phContext=0x306d804, ulAttribute=0x4, pBuffer=0x306dd78 | out: pBuffer=0x306dd78) returned 0x0 [0294.820] QueryContextAttributesW (in: phContext=0x306d804, ulAttribute=0x5a, pBuffer=0x306ddb4 | out: pBuffer=0x306ddb4) returned 0x0 [0294.820] QueryContextAttributesW (in: phContext=0x306d804, ulAttribute=0x53, pBuffer=0x306de00 | out: pBuffer=0x306de00) returned 0x0 [0294.821] CertDuplicateCertificateContext (pCertContext=0x571dda8) returned 0x571dda8 [0294.821] CertDuplicateStore (hCertStore=0x570d698) returned 0x570d698 [0294.821] CertEnumCertificatesInStore (hCertStore=0x570d698, pPrevCertContext=0x0) returned 0x571dc68 [0294.822] CertDuplicateCertificateContext (pCertContext=0x571dc68) returned 0x571dc68 [0294.822] CertEnumCertificatesInStore (hCertStore=0x570d698, pPrevCertContext=0x571dc68) returned 0x571dda8 [0294.822] CertDuplicateCertificateContext (pCertContext=0x571dda8) returned 0x571dda8 [0294.822] CertEnumCertificatesInStore (hCertStore=0x570d698, pPrevCertContext=0x571dda8) returned 0x0 [0294.822] CertCloseStore (hCertStore=0x570d698, dwFlags=0x0) returned 1 [0294.822] CertFreeCRLContext (pCrlContext=0x571dda8) returned 1 [0294.823] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d080 [0294.823] CertAddCRLLinkToStore (in: hCertStore=0x570d080, pCrlContext=0x571dc68, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.823] CertAddCRLLinkToStore (in: hCertStore=0x570d080, pCrlContext=0x571dda8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.824] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729a20 [0294.824] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571dda8, pTime=0x73ebb0, hAdditionalStore=0x570d080, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0294.825] LocalFree (hMem=0x5729a20) returned 0x0 [0294.825] CertDuplicateCertificateChain (pChainContext=0x9e06b0) returned 0x9e06b0 [0294.825] CertDuplicateCertificateContext (pCertContext=0x571dda8) returned 0x571dda8 [0294.826] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0294.826] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0294.826] CertFreeCertificateChain (pChainContext=0x9e06b0) [0294.826] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e06b0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0294.826] SetLastError (dwErrCode=0x0) [0294.827] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e06b0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0294.827] CertFreeCertificateChain (pChainContext=0x9e06b0) [0294.827] CertFreeCRLContext (pCrlContext=0x571dda8) returned 1 [0294.827] EncryptMessage (in: phContext=0x306d804, fQOP=0x0, pMessage=0x306f524, MessageSeqNo=0x0 | out: pMessage=0x306f524) returned 0x0 [0294.828] CoTaskMemAlloc (cb=0x10) returned 0x9f3030 [0294.828] WSASend (in: s=0x74c, lpBuffers=0x9f3030*=((len=0x33, buf=0x306dd24*), (len=0x4f, buf=0x306f440*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0294.828] CoTaskMemFree (pv=0x9f3030) [0294.828] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0294.828] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0294.852] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0294.852] DecryptMessage (in: phContext=0x306d804, pMessage=0x306f69c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x306f69c, pfQOP=0x0) returned 0x0 [0294.852] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0294.852] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0294.853] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0294.853] DecryptMessage (in: phContext=0x306d804, pMessage=0x3071124, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3071124, pfQOP=0x0) returned 0x0 [0294.853] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0294.853] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0294.853] DecryptMessage (in: phContext=0x306d804, pMessage=0x3071f34, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3071f34, pfQOP=0x0) returned 0x0 [0294.854] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0294.854] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0294.854] DecryptMessage (in: phContext=0x306d804, pMessage=0x3073170, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3073170, pfQOP=0x0) returned 0x0 [0294.854] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0294.854] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0294.854] DecryptMessage (in: phContext=0x306d804, pMessage=0x3073284, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3073284, pfQOP=0x0) returned 0x0 [0294.855] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0294.855] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0294.855] DecryptMessage (in: phContext=0x306d804, pMessage=0x30755e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30755e8, pfQOP=0x0) returned 0x0 [0294.855] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0294.855] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0294.855] DecryptMessage (in: phContext=0x306d804, pMessage=0x30756fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30756fc, pfQOP=0x0) returned 0x0 [0294.855] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0294.856] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0294.856] DecryptMessage (in: phContext=0x306d804, pMessage=0x3075810, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3075810, pfQOP=0x0) returned 0x0 [0294.856] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0294.856] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0294.856] DecryptMessage (in: phContext=0x306d804, pMessage=0x3079db8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3079db8, pfQOP=0x0) returned 0x0 [0294.857] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0294.857] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0294.857] DecryptMessage (in: phContext=0x306d804, pMessage=0x3079ecc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3079ecc, pfQOP=0x0) returned 0x0 [0294.857] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0294.857] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0294.857] DecryptMessage (in: phContext=0x306d804, pMessage=0x3079fe0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3079fe0, pfQOP=0x0) returned 0x0 [0294.857] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0294.857] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0294.858] DecryptMessage (in: phContext=0x306d804, pMessage=0x307a0f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x307a0f4, pfQOP=0x0) returned 0x0 [0294.858] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0294.858] recv (in: s=0x74c, buf=0x2fd93b9, len=29, flags=0 | out: buf=0x2fd93b9*) returned 29 [0294.858] DecryptMessage (in: phContext=0x306d804, pMessage=0x307a208, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x307a208, pfQOP=0x0) returned 0x0 [0294.858] SetEvent (hEvent=0x4a8) returned 1 [0294.859] QueryContextAttributesW (in: phContext=0x306d804, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0294.859] DeleteSecurityContext (phContext=0x306d804) returned 0x0 [0294.859] shutdown (s=0x74c, how=2) returned 0 [0294.860] closesocket (s=0x74c) returned 0 [0294.865] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743261829451) returned 1 [0294.865] SetEvent (hEvent=0x4a8) returned 1 [0294.867] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0294.868] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0294.868] WSAConnect (in: s=0x74c, name=0x307d5cc*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0294.877] closesocket (s=0x768) returned 0 [0294.879] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x307d618, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x307daf8, pOutput=0x307da90, pfContextAttr=0x307d9a8, ptsExpiry=0x73ed80 | out: phNewContext=0x307daf8, pOutput=0x307da90, pfContextAttr=0x307d9a8, ptsExpiry=0x73ed80) returned 0x90312 [0294.879] FreeContextBuffer (in: pvContextBuffer=0x5726448 | out: pvContextBuffer=0x5726448) returned 0x0 [0294.879] send (s=0x74c, buf=0x307db0c*, len=366, flags=0) returned 366 [0294.880] recv (in: s=0x74c, buf=0x307db0c, len=5, flags=0 | out: buf=0x307db0c*) returned 5 [0294.888] recv (in: s=0x74c, buf=0x307db11, len=59, flags=0 | out: buf=0x307db11*) returned 59 [0294.888] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x307d618, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x307dd0c, Reserved2=0x0, phNewContext=0x307daf8, pOutput=0x307dd20, pfContextAttr=0x307d9a8, ptsExpiry=0x73ecdc | out: phNewContext=0x307daf8, pOutput=0x307dd20, pfContextAttr=0x307d9a8, ptsExpiry=0x73ecdc) returned 0x90312 [0294.889] recv (in: s=0x74c, buf=0x307ddb0, len=5, flags=0 | out: buf=0x307ddb0*) returned 5 [0294.889] recv (in: s=0x74c, buf=0x307ddc9, len=1, flags=0 | out: buf=0x307ddc9*) returned 1 [0294.889] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x307d618, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x307de3c, Reserved2=0x0, phNewContext=0x307daf8, pOutput=0x307de50, pfContextAttr=0x307d9a8, ptsExpiry=0x73ec3c | out: phNewContext=0x307daf8, pOutput=0x307de50, pfContextAttr=0x307d9a8, ptsExpiry=0x73ec3c) returned 0x90312 [0294.890] recv (in: s=0x74c, buf=0x307dee0, len=5, flags=0 | out: buf=0x307dee0*) returned 5 [0294.890] recv (in: s=0x74c, buf=0x307def9, len=40, flags=0 | out: buf=0x307def9*) returned 40 [0294.890] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x307d618, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x307df94, Reserved2=0x0, phNewContext=0x307daf8, pOutput=0x307dfa8, pfContextAttr=0x307d9a8, ptsExpiry=0x73eb9c | out: phNewContext=0x307daf8, pOutput=0x307dfa8, pfContextAttr=0x307d9a8, ptsExpiry=0x73eb9c) returned 0x0 [0294.891] FreeContextBuffer (in: pvContextBuffer=0x571da08 | out: pvContextBuffer=0x571da08) returned 0x0 [0294.892] QueryContextAttributesW (in: phContext=0x307daf8, ulAttribute=0x4, pBuffer=0x307e078 | out: pBuffer=0x307e078) returned 0x0 [0294.892] QueryContextAttributesW (in: phContext=0x307daf8, ulAttribute=0x5a, pBuffer=0x307e0b4 | out: pBuffer=0x307e0b4) returned 0x0 [0294.892] QueryContextAttributesW (in: phContext=0x307daf8, ulAttribute=0x53, pBuffer=0x307e100 | out: pBuffer=0x307e100) returned 0x0 [0294.892] CertDuplicateCertificateContext (pCertContext=0x571da38) returned 0x571da38 [0294.893] CertDuplicateStore (hCertStore=0x570d260) returned 0x570d260 [0294.893] CertEnumCertificatesInStore (hCertStore=0x570d260, pPrevCertContext=0x0) returned 0x571dd58 [0294.894] CertDuplicateCertificateContext (pCertContext=0x571dd58) returned 0x571dd58 [0294.894] CertEnumCertificatesInStore (hCertStore=0x570d260, pPrevCertContext=0x571dd58) returned 0x571da38 [0294.895] CertDuplicateCertificateContext (pCertContext=0x571da38) returned 0x571da38 [0294.895] CertEnumCertificatesInStore (hCertStore=0x570d260, pPrevCertContext=0x571da38) returned 0x0 [0294.895] CertCloseStore (hCertStore=0x570d260, dwFlags=0x0) returned 1 [0294.895] CertFreeCRLContext (pCrlContext=0x571da38) returned 1 [0294.896] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570db48 [0294.896] CertAddCRLLinkToStore (in: hCertStore=0x570db48, pCrlContext=0x571dd58, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.896] CertAddCRLLinkToStore (in: hCertStore=0x570db48, pCrlContext=0x571da38, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.896] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729920 [0294.897] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571da38, pTime=0x73ebb0, hAdditionalStore=0x570db48, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0294.897] LocalFree (hMem=0x5729920) returned 0x0 [0294.897] CertDuplicateCertificateChain (pChainContext=0x9b20b0) returned 0x9b20b0 [0294.898] CertDuplicateCertificateContext (pCertContext=0x571da38) returned 0x571da38 [0294.898] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0294.899] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0294.899] CertFreeCertificateChain (pChainContext=0x9b20b0) [0294.899] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9b20b0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0294.899] SetLastError (dwErrCode=0x0) [0294.899] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9b20b0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0294.899] CertFreeCertificateChain (pChainContext=0x9b20b0) [0294.899] CertFreeCRLContext (pCrlContext=0x571da38) returned 1 [0294.900] EncryptMessage (in: phContext=0x307daf8, fQOP=0x0, pMessage=0x307f824, MessageSeqNo=0x0 | out: pMessage=0x307f824) returned 0x0 [0294.900] CoTaskMemAlloc (cb=0x10) returned 0x9f3120 [0294.900] WSASend (in: s=0x74c, lpBuffers=0x9f3120*=((len=0x33, buf=0x307e024*), (len=0x4f, buf=0x307f740*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0294.901] CoTaskMemFree (pv=0x9f3120) [0294.901] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0294.901] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0294.917] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0294.918] DecryptMessage (in: phContext=0x307daf8, pMessage=0x307f9b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x307f9b8, pfQOP=0x0) returned 0x0 [0294.918] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0294.918] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0294.918] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0294.918] DecryptMessage (in: phContext=0x307daf8, pMessage=0x308144c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x308144c, pfQOP=0x0) returned 0x0 [0294.919] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0294.919] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0294.919] DecryptMessage (in: phContext=0x307daf8, pMessage=0x308225c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x308225c, pfQOP=0x0) returned 0x0 [0294.919] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0294.919] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0294.919] DecryptMessage (in: phContext=0x307daf8, pMessage=0x3083498, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3083498, pfQOP=0x0) returned 0x0 [0294.920] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0294.920] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0294.920] DecryptMessage (in: phContext=0x307daf8, pMessage=0x30835ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30835ac, pfQOP=0x0) returned 0x0 [0294.920] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0294.920] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0294.920] DecryptMessage (in: phContext=0x307daf8, pMessage=0x3085910, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3085910, pfQOP=0x0) returned 0x0 [0294.921] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0294.921] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0294.921] DecryptMessage (in: phContext=0x307daf8, pMessage=0x3085a24, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3085a24, pfQOP=0x0) returned 0x0 [0294.921] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0294.921] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0294.921] DecryptMessage (in: phContext=0x307daf8, pMessage=0x3085b38, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3085b38, pfQOP=0x0) returned 0x0 [0294.922] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0294.922] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0294.922] DecryptMessage (in: phContext=0x307daf8, pMessage=0x308a0d4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x308a0d4, pfQOP=0x0) returned 0x0 [0294.922] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0294.922] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0294.922] DecryptMessage (in: phContext=0x307daf8, pMessage=0x308a1e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x308a1e8, pfQOP=0x0) returned 0x0 [0294.922] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0294.922] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0294.923] DecryptMessage (in: phContext=0x307daf8, pMessage=0x308a2fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x308a2fc, pfQOP=0x0) returned 0x0 [0294.923] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0294.923] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0294.923] DecryptMessage (in: phContext=0x307daf8, pMessage=0x308a41c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x308a41c, pfQOP=0x0) returned 0x0 [0294.923] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0294.923] recv (in: s=0x74c, buf=0x2fd1349, len=29, flags=0 | out: buf=0x2fd1349*) returned 29 [0294.923] DecryptMessage (in: phContext=0x307daf8, pMessage=0x308a530, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x308a530, pfQOP=0x0) returned 0x0 [0294.924] SetEvent (hEvent=0x4a8) returned 1 [0294.924] QueryContextAttributesW (in: phContext=0x307daf8, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0294.924] DeleteSecurityContext (phContext=0x307daf8) returned 0x0 [0294.926] shutdown (s=0x74c, how=2) returned 0 [0294.927] closesocket (s=0x74c) returned 0 [0294.931] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743268460233) returned 1 [0294.932] SetEvent (hEvent=0x4a8) returned 1 [0294.933] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0294.934] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0294.934] WSAConnect (in: s=0x74c, name=0x308d908*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0294.944] closesocket (s=0x768) returned 0 [0294.945] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x308d968, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x308de48, pOutput=0x308dde0, pfContextAttr=0x308dcf8, ptsExpiry=0x73ed80 | out: phNewContext=0x308de48, pOutput=0x308dde0, pfContextAttr=0x308dcf8, ptsExpiry=0x73ed80) returned 0x90312 [0294.945] FreeContextBuffer (in: pvContextBuffer=0x5726138 | out: pvContextBuffer=0x5726138) returned 0x0 [0294.945] send (s=0x74c, buf=0x308de5c*, len=366, flags=0) returned 366 [0294.946] recv (in: s=0x74c, buf=0x308de5c, len=5, flags=0 | out: buf=0x308de5c*) returned 5 [0294.955] recv (in: s=0x74c, buf=0x308de61, len=59, flags=0 | out: buf=0x308de61*) returned 59 [0294.956] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x308d968, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x308e050, Reserved2=0x0, phNewContext=0x308de48, pOutput=0x308e064, pfContextAttr=0x308dcf8, ptsExpiry=0x73ecdc | out: phNewContext=0x308de48, pOutput=0x308e064, pfContextAttr=0x308dcf8, ptsExpiry=0x73ecdc) returned 0x90312 [0294.957] recv (in: s=0x74c, buf=0x308e0f4, len=5, flags=0 | out: buf=0x308e0f4*) returned 5 [0294.957] recv (in: s=0x74c, buf=0x308e10d, len=1, flags=0 | out: buf=0x308e10d*) returned 1 [0294.957] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x308d968, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x308e180, Reserved2=0x0, phNewContext=0x308de48, pOutput=0x308e194, pfContextAttr=0x308dcf8, ptsExpiry=0x73ec3c | out: phNewContext=0x308de48, pOutput=0x308e194, pfContextAttr=0x308dcf8, ptsExpiry=0x73ec3c) returned 0x90312 [0294.957] recv (in: s=0x74c, buf=0x308e224, len=5, flags=0 | out: buf=0x308e224*) returned 5 [0294.958] recv (in: s=0x74c, buf=0x308e23d, len=40, flags=0 | out: buf=0x308e23d*) returned 40 [0294.958] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x308d968, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x308e2d8, Reserved2=0x0, phNewContext=0x308de48, pOutput=0x308e2ec, pfContextAttr=0x308dcf8, ptsExpiry=0x73eb9c | out: phNewContext=0x308de48, pOutput=0x308e2ec, pfContextAttr=0x308dcf8, ptsExpiry=0x73eb9c) returned 0x0 [0294.959] FreeContextBuffer (in: pvContextBuffer=0x571e318 | out: pvContextBuffer=0x571e318) returned 0x0 [0294.959] QueryContextAttributesW (in: phContext=0x308de48, ulAttribute=0x4, pBuffer=0x308e3c8 | out: pBuffer=0x308e3c8) returned 0x0 [0294.959] QueryContextAttributesW (in: phContext=0x308de48, ulAttribute=0x5a, pBuffer=0x308e404 | out: pBuffer=0x308e404) returned 0x0 [0294.959] QueryContextAttributesW (in: phContext=0x308de48, ulAttribute=0x53, pBuffer=0x308e450 | out: pBuffer=0x308e450) returned 0x0 [0294.960] CertDuplicateCertificateContext (pCertContext=0x571dbc8) returned 0x571dbc8 [0294.960] CertDuplicateStore (hCertStore=0x570d2d8) returned 0x570d2d8 [0294.960] CertEnumCertificatesInStore (hCertStore=0x570d2d8, pPrevCertContext=0x0) returned 0x571e0c8 [0294.961] CertDuplicateCertificateContext (pCertContext=0x571e0c8) returned 0x571e0c8 [0294.961] CertEnumCertificatesInStore (hCertStore=0x570d2d8, pPrevCertContext=0x571e0c8) returned 0x571dbc8 [0294.961] CertDuplicateCertificateContext (pCertContext=0x571dbc8) returned 0x571dbc8 [0294.962] CertEnumCertificatesInStore (hCertStore=0x570d2d8, pPrevCertContext=0x571dbc8) returned 0x0 [0294.962] CertCloseStore (hCertStore=0x570d2d8, dwFlags=0x0) returned 1 [0294.962] CertFreeCRLContext (pCrlContext=0x571dbc8) returned 1 [0294.962] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d440 [0294.963] CertAddCRLLinkToStore (in: hCertStore=0x570d440, pCrlContext=0x571e0c8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.963] CertAddCRLLinkToStore (in: hCertStore=0x570d440, pCrlContext=0x571dbc8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0294.963] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729820 [0294.964] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571dbc8, pTime=0x73ebb0, hAdditionalStore=0x570d440, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0294.964] LocalFree (hMem=0x5729820) returned 0x0 [0294.964] CertDuplicateCertificateChain (pChainContext=0x9b20b0) returned 0x9b20b0 [0294.965] CertDuplicateCertificateContext (pCertContext=0x571dbc8) returned 0x571dbc8 [0294.965] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0294.966] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0294.966] CertFreeCertificateChain (pChainContext=0x9b20b0) [0294.966] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9b20b0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0294.966] SetLastError (dwErrCode=0x0) [0294.966] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9b20b0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0294.966] CertFreeCertificateChain (pChainContext=0x9b20b0) [0294.967] CertFreeCRLContext (pCrlContext=0x571dbc8) returned 1 [0294.967] EncryptMessage (in: phContext=0x308de48, fQOP=0x0, pMessage=0x308fb74, MessageSeqNo=0x0 | out: pMessage=0x308fb74) returned 0x0 [0294.967] CoTaskMemAlloc (cb=0x10) returned 0x9f3270 [0294.967] WSASend (in: s=0x74c, lpBuffers=0x9f3270*=((len=0x33, buf=0x308e374*), (len=0x4f, buf=0x308fa90*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0294.968] CoTaskMemFree (pv=0x9f3270) [0294.968] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0294.968] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0295.070] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0295.070] DecryptMessage (in: phContext=0x308de48, pMessage=0x308fce0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x308fce0, pfQOP=0x0) returned 0x0 [0295.071] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0295.071] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0295.071] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0295.071] DecryptMessage (in: phContext=0x308de48, pMessage=0x3091774, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3091774, pfQOP=0x0) returned 0x0 [0295.071] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0295.071] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0295.072] DecryptMessage (in: phContext=0x308de48, pMessage=0x3092584, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3092584, pfQOP=0x0) returned 0x0 [0295.072] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0295.072] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0295.072] DecryptMessage (in: phContext=0x308de48, pMessage=0x30937c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30937c0, pfQOP=0x0) returned 0x0 [0295.072] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0295.072] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0295.072] DecryptMessage (in: phContext=0x308de48, pMessage=0x30938d4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30938d4, pfQOP=0x0) returned 0x0 [0295.073] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0295.073] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0295.073] DecryptMessage (in: phContext=0x308de48, pMessage=0x3095c38, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3095c38, pfQOP=0x0) returned 0x0 [0295.073] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0295.073] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0295.073] DecryptMessage (in: phContext=0x308de48, pMessage=0x3095d4c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3095d4c, pfQOP=0x0) returned 0x0 [0295.074] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0295.074] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0295.074] DecryptMessage (in: phContext=0x308de48, pMessage=0x3095e60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3095e60, pfQOP=0x0) returned 0x0 [0295.074] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0295.074] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0295.074] DecryptMessage (in: phContext=0x308de48, pMessage=0x309a3fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x309a3fc, pfQOP=0x0) returned 0x0 [0295.074] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0295.075] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0295.075] DecryptMessage (in: phContext=0x308de48, pMessage=0x309a510, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x309a510, pfQOP=0x0) returned 0x0 [0295.075] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0295.075] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0295.075] DecryptMessage (in: phContext=0x308de48, pMessage=0x309a624, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x309a624, pfQOP=0x0) returned 0x0 [0295.075] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0295.075] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0295.076] DecryptMessage (in: phContext=0x308de48, pMessage=0x309a738, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x309a738, pfQOP=0x0) returned 0x0 [0295.076] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0295.076] recv (in: s=0x74c, buf=0x2fc92d9, len=51, flags=0 | out: buf=0x2fc92d9*) returned 51 [0295.076] DecryptMessage (in: phContext=0x308de48, pMessage=0x309a84c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x309a84c, pfQOP=0x0) returned 0x0 [0295.076] SetEvent (hEvent=0x4a8) returned 1 [0295.077] QueryContextAttributesW (in: phContext=0x308de48, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0295.077] DeleteSecurityContext (phContext=0x308de48) returned 0x0 [0295.077] shutdown (s=0x74c, how=2) returned 0 [0295.078] closesocket (s=0x74c) returned 0 [0295.086] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743283957223) returned 1 [0295.087] SetEvent (hEvent=0x4a8) returned 1 [0295.088] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0295.089] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0295.089] WSAConnect (in: s=0x74c, name=0x309dc30*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0295.102] closesocket (s=0x768) returned 0 [0295.104] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x309dc90, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x309e170, pOutput=0x309e108, pfContextAttr=0x309e020, ptsExpiry=0x73ed80 | out: phNewContext=0x309e170, pOutput=0x309e108, pfContextAttr=0x309e020, ptsExpiry=0x73ed80) returned 0x90312 [0295.106] FreeContextBuffer (in: pvContextBuffer=0x57262c0 | out: pvContextBuffer=0x57262c0) returned 0x0 [0295.106] send (s=0x74c, buf=0x309e184*, len=366, flags=0) returned 366 [0295.107] recv (in: s=0x74c, buf=0x309e184, len=5, flags=0 | out: buf=0x309e184*) returned 5 [0295.117] recv (in: s=0x74c, buf=0x309e189, len=59, flags=0 | out: buf=0x309e189*) returned 59 [0295.117] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x309dc90, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x309e378, Reserved2=0x0, phNewContext=0x309e170, pOutput=0x309e38c, pfContextAttr=0x309e020, ptsExpiry=0x73ecdc | out: phNewContext=0x309e170, pOutput=0x309e38c, pfContextAttr=0x309e020, ptsExpiry=0x73ecdc) returned 0x90312 [0295.118] recv (in: s=0x74c, buf=0x309e41c, len=5, flags=0 | out: buf=0x309e41c*) returned 5 [0295.118] recv (in: s=0x74c, buf=0x309e435, len=1, flags=0 | out: buf=0x309e435*) returned 1 [0295.118] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x309dc90, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x309e4a8, Reserved2=0x0, phNewContext=0x309e170, pOutput=0x309e4bc, pfContextAttr=0x309e020, ptsExpiry=0x73ec3c | out: phNewContext=0x309e170, pOutput=0x309e4bc, pfContextAttr=0x309e020, ptsExpiry=0x73ec3c) returned 0x90312 [0295.119] recv (in: s=0x74c, buf=0x309e54c, len=5, flags=0 | out: buf=0x309e54c*) returned 5 [0295.119] recv (in: s=0x74c, buf=0x309e565, len=40, flags=0 | out: buf=0x309e565*) returned 40 [0295.119] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x309dc90, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x309e600, Reserved2=0x0, phNewContext=0x309e170, pOutput=0x309e614, pfContextAttr=0x309e020, ptsExpiry=0x73eb9c | out: phNewContext=0x309e170, pOutput=0x309e614, pfContextAttr=0x309e020, ptsExpiry=0x73eb9c) returned 0x0 [0295.121] FreeContextBuffer (in: pvContextBuffer=0x571dc88 | out: pvContextBuffer=0x571dc88) returned 0x0 [0295.121] QueryContextAttributesW (in: phContext=0x309e170, ulAttribute=0x4, pBuffer=0x309e6e4 | out: pBuffer=0x309e6e4) returned 0x0 [0295.122] QueryContextAttributesW (in: phContext=0x309e170, ulAttribute=0x5a, pBuffer=0x309e720 | out: pBuffer=0x309e720) returned 0x0 [0295.122] QueryContextAttributesW (in: phContext=0x309e170, ulAttribute=0x53, pBuffer=0x309e76c | out: pBuffer=0x309e76c) returned 0x0 [0295.122] CertDuplicateCertificateContext (pCertContext=0x571dcb8) returned 0x571dcb8 [0295.123] CertDuplicateStore (hCertStore=0x570d968) returned 0x570d968 [0295.123] CertEnumCertificatesInStore (hCertStore=0x570d968, pPrevCertContext=0x0) returned 0x571df38 [0295.123] CertDuplicateCertificateContext (pCertContext=0x571df38) returned 0x571df38 [0295.123] CertEnumCertificatesInStore (hCertStore=0x570d968, pPrevCertContext=0x571df38) returned 0x571dcb8 [0295.124] CertDuplicateCertificateContext (pCertContext=0x571dcb8) returned 0x571dcb8 [0295.124] CertEnumCertificatesInStore (hCertStore=0x570d968, pPrevCertContext=0x571dcb8) returned 0x0 [0295.124] CertCloseStore (hCertStore=0x570d968, dwFlags=0x0) returned 1 [0295.124] CertFreeCRLContext (pCrlContext=0x571dcb8) returned 1 [0295.125] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d4b8 [0295.125] CertAddCRLLinkToStore (in: hCertStore=0x570d4b8, pCrlContext=0x571df38, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0295.125] CertAddCRLLinkToStore (in: hCertStore=0x570d4b8, pCrlContext=0x571dcb8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0295.126] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729480 [0295.126] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571dcb8, pTime=0x73ebb0, hAdditionalStore=0x570d4b8, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0295.127] LocalFree (hMem=0x5729480) returned 0x0 [0295.127] CertDuplicateCertificateChain (pChainContext=0x9b20b0) returned 0x9b20b0 [0295.127] CertDuplicateCertificateContext (pCertContext=0x571dcb8) returned 0x571dcb8 [0295.128] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0295.133] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0295.133] CertFreeCertificateChain (pChainContext=0x9b20b0) [0295.133] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9b20b0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0295.133] SetLastError (dwErrCode=0x0) [0295.133] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9b20b0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0295.133] CertFreeCertificateChain (pChainContext=0x9b20b0) [0295.133] CertFreeCRLContext (pCrlContext=0x571dcb8) returned 1 [0295.134] EncryptMessage (in: phContext=0x309e170, fQOP=0x0, pMessage=0x309fe9c, MessageSeqNo=0x0 | out: pMessage=0x309fe9c) returned 0x0 [0295.134] CoTaskMemAlloc (cb=0x10) returned 0x9f3270 [0295.134] WSASend (in: s=0x74c, lpBuffers=0x9f3270*=((len=0x33, buf=0x309e690*), (len=0x4f, buf=0x309fdb8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0295.135] CoTaskMemFree (pv=0x9f3270) [0295.135] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0295.135] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0295.153] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0295.153] DecryptMessage (in: phContext=0x309e170, pMessage=0x30a0008, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a0008, pfQOP=0x0) returned 0x0 [0295.153] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0295.153] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0295.154] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0295.154] DecryptMessage (in: phContext=0x309e170, pMessage=0x30a1a9c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a1a9c, pfQOP=0x0) returned 0x0 [0295.154] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0295.154] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0295.154] DecryptMessage (in: phContext=0x309e170, pMessage=0x30a28a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a28a0, pfQOP=0x0) returned 0x0 [0295.154] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0295.155] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0295.155] DecryptMessage (in: phContext=0x309e170, pMessage=0x30a3ae8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a3ae8, pfQOP=0x0) returned 0x0 [0295.155] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0295.155] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0295.155] DecryptMessage (in: phContext=0x309e170, pMessage=0x30a3bfc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a3bfc, pfQOP=0x0) returned 0x0 [0295.155] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0295.156] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0295.156] DecryptMessage (in: phContext=0x309e170, pMessage=0x30a5f60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a5f60, pfQOP=0x0) returned 0x0 [0295.156] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0295.156] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0295.156] DecryptMessage (in: phContext=0x309e170, pMessage=0x30a6074, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a6074, pfQOP=0x0) returned 0x0 [0295.156] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0295.156] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0295.156] DecryptMessage (in: phContext=0x309e170, pMessage=0x30a6188, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30a6188, pfQOP=0x0) returned 0x0 [0295.157] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0295.157] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0295.157] DecryptMessage (in: phContext=0x309e170, pMessage=0x30aa724, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30aa724, pfQOP=0x0) returned 0x0 [0295.157] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0295.157] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0295.158] DecryptMessage (in: phContext=0x309e170, pMessage=0x30aa838, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30aa838, pfQOP=0x0) returned 0x0 [0295.158] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0295.158] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0295.158] DecryptMessage (in: phContext=0x309e170, pMessage=0x30aa94c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30aa94c, pfQOP=0x0) returned 0x0 [0295.158] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0295.158] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0295.159] DecryptMessage (in: phContext=0x309e170, pMessage=0x30aaa60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30aaa60, pfQOP=0x0) returned 0x0 [0295.159] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0295.159] recv (in: s=0x74c, buf=0x2fdd3f1, len=51, flags=0 | out: buf=0x2fdd3f1*) returned 51 [0295.159] DecryptMessage (in: phContext=0x309e170, pMessage=0x30aab74, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30aab74, pfQOP=0x0) returned 0x0 [0295.164] SetEvent (hEvent=0x4a8) returned 1 [0295.164] QueryContextAttributesW (in: phContext=0x309e170, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0295.164] DeleteSecurityContext (phContext=0x309e170) returned 0x0 [0295.165] shutdown (s=0x74c, how=2) returned 0 [0295.165] closesocket (s=0x74c) returned 0 [0295.170] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743292336328) returned 1 [0295.170] SetEvent (hEvent=0x4a8) returned 1 [0295.176] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0295.176] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0295.177] WSAConnect (in: s=0x74c, name=0x30adf58*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0295.186] closesocket (s=0x768) returned 0 [0295.187] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x30adfb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x30ae498, pOutput=0x30ae430, pfContextAttr=0x30ae348, ptsExpiry=0x73ed80 | out: phNewContext=0x30ae498, pOutput=0x30ae430, pfContextAttr=0x30ae348, ptsExpiry=0x73ed80) returned 0x90312 [0295.188] FreeContextBuffer (in: pvContextBuffer=0x57262c0 | out: pvContextBuffer=0x57262c0) returned 0x0 [0295.188] send (s=0x74c, buf=0x30ae4ac*, len=366, flags=0) returned 366 [0295.189] recv (in: s=0x74c, buf=0x30ae4ac, len=5, flags=0 | out: buf=0x30ae4ac*) returned 5 [0295.198] recv (in: s=0x74c, buf=0x30ae4b1, len=59, flags=0 | out: buf=0x30ae4b1*) returned 59 [0295.199] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x30adfb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30ae6a0, Reserved2=0x0, phNewContext=0x30ae498, pOutput=0x30ae6b4, pfContextAttr=0x30ae348, ptsExpiry=0x73ecdc | out: phNewContext=0x30ae498, pOutput=0x30ae6b4, pfContextAttr=0x30ae348, ptsExpiry=0x73ecdc) returned 0x90312 [0295.199] recv (in: s=0x74c, buf=0x30ae744, len=5, flags=0 | out: buf=0x30ae744*) returned 5 [0295.199] recv (in: s=0x74c, buf=0x30ae75d, len=1, flags=0 | out: buf=0x30ae75d*) returned 1 [0295.199] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x30adfb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30ae7d0, Reserved2=0x0, phNewContext=0x30ae498, pOutput=0x30ae7e4, pfContextAttr=0x30ae348, ptsExpiry=0x73ec3c | out: phNewContext=0x30ae498, pOutput=0x30ae7e4, pfContextAttr=0x30ae348, ptsExpiry=0x73ec3c) returned 0x90312 [0295.200] recv (in: s=0x74c, buf=0x30ae874, len=5, flags=0 | out: buf=0x30ae874*) returned 5 [0295.200] recv (in: s=0x74c, buf=0x30ae88d, len=40, flags=0 | out: buf=0x30ae88d*) returned 40 [0295.200] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x30adfb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30ae928, Reserved2=0x0, phNewContext=0x30ae498, pOutput=0x30ae93c, pfContextAttr=0x30ae348, ptsExpiry=0x73eb9c | out: phNewContext=0x30ae498, pOutput=0x30ae93c, pfContextAttr=0x30ae348, ptsExpiry=0x73eb9c) returned 0x0 [0295.203] FreeContextBuffer (in: pvContextBuffer=0x571e0e8 | out: pvContextBuffer=0x571e0e8) returned 0x0 [0295.203] QueryContextAttributesW (in: phContext=0x30ae498, ulAttribute=0x4, pBuffer=0x30aea0c | out: pBuffer=0x30aea0c) returned 0x0 [0295.203] QueryContextAttributesW (in: phContext=0x30ae498, ulAttribute=0x5a, pBuffer=0x30aea48 | out: pBuffer=0x30aea48) returned 0x0 [0295.203] QueryContextAttributesW (in: phContext=0x30ae498, ulAttribute=0x53, pBuffer=0x30aea94 | out: pBuffer=0x30aea94) returned 0x0 [0295.204] CertDuplicateCertificateContext (pCertContext=0x571db78) returned 0x571db78 [0295.204] CertDuplicateStore (hCertStore=0x570dbc0) returned 0x570dbc0 [0295.204] CertEnumCertificatesInStore (hCertStore=0x570dbc0, pPrevCertContext=0x0) returned 0x571dee8 [0295.205] CertDuplicateCertificateContext (pCertContext=0x571dee8) returned 0x571dee8 [0295.205] CertEnumCertificatesInStore (hCertStore=0x570dbc0, pPrevCertContext=0x571dee8) returned 0x571db78 [0295.205] CertDuplicateCertificateContext (pCertContext=0x571db78) returned 0x571db78 [0295.205] CertEnumCertificatesInStore (hCertStore=0x570dbc0, pPrevCertContext=0x571db78) returned 0x0 [0295.205] CertCloseStore (hCertStore=0x570dbc0, dwFlags=0x0) returned 1 [0295.205] CertFreeCRLContext (pCrlContext=0x571db78) returned 1 [0295.210] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570df08 [0295.210] CertAddCRLLinkToStore (in: hCertStore=0x570df08, pCrlContext=0x571dee8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0295.210] CertAddCRLLinkToStore (in: hCertStore=0x570df08, pCrlContext=0x571db78, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0295.211] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729640 [0295.211] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571db78, pTime=0x73ebb0, hAdditionalStore=0x570df08, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0295.212] LocalFree (hMem=0x5729640) returned 0x0 [0295.212] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0295.212] CertDuplicateCertificateContext (pCertContext=0x571db78) returned 0x571db78 [0295.213] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0295.213] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0295.214] CertFreeCertificateChain (pChainContext=0x9a8958) [0295.214] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0295.214] SetLastError (dwErrCode=0x0) [0295.214] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0295.214] CertFreeCertificateChain (pChainContext=0x9a8958) [0295.214] CertFreeCRLContext (pCrlContext=0x571db78) returned 1 [0295.215] EncryptMessage (in: phContext=0x30ae498, fQOP=0x0, pMessage=0x30b01c4, MessageSeqNo=0x0 | out: pMessage=0x30b01c4) returned 0x0 [0295.215] CoTaskMemAlloc (cb=0x10) returned 0x9f3270 [0295.215] WSASend (in: s=0x74c, lpBuffers=0x9f3270*=((len=0x33, buf=0x30ae9b8*), (len=0x4f, buf=0x30b00e0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0295.216] CoTaskMemFree (pv=0x9f3270) [0295.216] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0295.216] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0295.230] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0295.230] DecryptMessage (in: phContext=0x30ae498, pMessage=0x30b0330, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b0330, pfQOP=0x0) returned 0x0 [0295.231] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0295.231] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0295.231] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0295.231] DecryptMessage (in: phContext=0x30ae498, pMessage=0x30b1dc4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b1dc4, pfQOP=0x0) returned 0x0 [0295.231] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0295.232] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0295.232] DecryptMessage (in: phContext=0x30ae498, pMessage=0x30b2bc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b2bc8, pfQOP=0x0) returned 0x0 [0295.232] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0295.232] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0295.232] DecryptMessage (in: phContext=0x30ae498, pMessage=0x30b3e10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b3e10, pfQOP=0x0) returned 0x0 [0295.232] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0295.233] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0295.233] DecryptMessage (in: phContext=0x30ae498, pMessage=0x30b3f24, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b3f24, pfQOP=0x0) returned 0x0 [0295.233] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0295.233] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0295.233] DecryptMessage (in: phContext=0x30ae498, pMessage=0x30b6288, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b6288, pfQOP=0x0) returned 0x0 [0295.233] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0295.234] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0295.234] DecryptMessage (in: phContext=0x30ae498, pMessage=0x30b639c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b639c, pfQOP=0x0) returned 0x0 [0295.234] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0295.234] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0295.234] DecryptMessage (in: phContext=0x30ae498, pMessage=0x30b64b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30b64b0, pfQOP=0x0) returned 0x0 [0295.234] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0295.235] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0295.235] DecryptMessage (in: phContext=0x30ae498, pMessage=0x30baa4c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30baa4c, pfQOP=0x0) returned 0x0 [0295.235] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0295.235] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0295.235] DecryptMessage (in: phContext=0x30ae498, pMessage=0x30bab60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30bab60, pfQOP=0x0) returned 0x0 [0295.235] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0295.236] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0295.236] DecryptMessage (in: phContext=0x30ae498, pMessage=0x30bac74, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30bac74, pfQOP=0x0) returned 0x0 [0295.236] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0295.236] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0295.236] DecryptMessage (in: phContext=0x30ae498, pMessage=0x30bad88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30bad88, pfQOP=0x0) returned 0x0 [0295.240] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0295.240] recv (in: s=0x74c, buf=0x2fe54ed, len=29, flags=0 | out: buf=0x2fe54ed*) returned 29 [0295.240] DecryptMessage (in: phContext=0x30ae498, pMessage=0x30bae9c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30bae9c, pfQOP=0x0) returned 0x0 [0295.241] SetEvent (hEvent=0x4a8) returned 1 [0295.241] QueryContextAttributesW (in: phContext=0x30ae498, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0295.241] DeleteSecurityContext (phContext=0x30ae498) returned 0x0 [0295.242] shutdown (s=0x74c, how=2) returned 0 [0295.242] closesocket (s=0x74c) returned 0 [0295.247] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743301024122) returned 1 [0295.262] SetEvent (hEvent=0x4a8) returned 1 [0295.465] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0295.467] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0295.468] WSAConnect (in: s=0x74c, name=0x30be294*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0295.484] closesocket (s=0x768) returned 0 [0295.486] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x30be2e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x30be7c0, pOutput=0x30be758, pfContextAttr=0x30be670, ptsExpiry=0x73ed80 | out: phNewContext=0x30be7c0, pOutput=0x30be758, pfContextAttr=0x30be670, ptsExpiry=0x73ed80) returned 0x90312 [0295.487] FreeContextBuffer (in: pvContextBuffer=0x57268e0 | out: pvContextBuffer=0x57268e0) returned 0x0 [0295.488] send (s=0x74c, buf=0x30be7d4*, len=366, flags=0) returned 366 [0295.489] recv (in: s=0x74c, buf=0x30be7d4, len=5, flags=0 | out: buf=0x30be7d4*) returned 5 [0295.498] recv (in: s=0x74c, buf=0x30be7d9, len=59, flags=0 | out: buf=0x30be7d9*) returned 59 [0295.499] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x30be2e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30be9c8, Reserved2=0x0, phNewContext=0x30be7c0, pOutput=0x30be9dc, pfContextAttr=0x30be670, ptsExpiry=0x73ecdc | out: phNewContext=0x30be7c0, pOutput=0x30be9dc, pfContextAttr=0x30be670, ptsExpiry=0x73ecdc) returned 0x90312 [0295.500] recv (in: s=0x74c, buf=0x30bea6c, len=5, flags=0 | out: buf=0x30bea6c*) returned 5 [0295.500] recv (in: s=0x74c, buf=0x30bea85, len=1, flags=0 | out: buf=0x30bea85*) returned 1 [0295.501] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x30be2e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30beaf8, Reserved2=0x0, phNewContext=0x30be7c0, pOutput=0x30beb0c, pfContextAttr=0x30be670, ptsExpiry=0x73ec3c | out: phNewContext=0x30be7c0, pOutput=0x30beb0c, pfContextAttr=0x30be670, ptsExpiry=0x73ec3c) returned 0x90312 [0295.502] recv (in: s=0x74c, buf=0x30beb9c, len=5, flags=0 | out: buf=0x30beb9c*) returned 5 [0295.502] recv (in: s=0x74c, buf=0x30bebb5, len=40, flags=0 | out: buf=0x30bebb5*) returned 40 [0295.503] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x30be2e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30bec50, Reserved2=0x0, phNewContext=0x30be7c0, pOutput=0x30bec64, pfContextAttr=0x30be670, ptsExpiry=0x73eb9c | out: phNewContext=0x30be7c0, pOutput=0x30bec64, pfContextAttr=0x30be670, ptsExpiry=0x73eb9c) returned 0x0 [0295.506] FreeContextBuffer (in: pvContextBuffer=0x571dbe8 | out: pvContextBuffer=0x571dbe8) returned 0x0 [0295.507] QueryContextAttributesW (in: phContext=0x30be7c0, ulAttribute=0x4, pBuffer=0x30bed34 | out: pBuffer=0x30bed34) returned 0x0 [0295.507] QueryContextAttributesW (in: phContext=0x30be7c0, ulAttribute=0x5a, pBuffer=0x30bed70 | out: pBuffer=0x30bed70) returned 0x0 [0295.507] QueryContextAttributesW (in: phContext=0x30be7c0, ulAttribute=0x53, pBuffer=0x30bedbc | out: pBuffer=0x30bedbc) returned 0x0 [0295.508] CertDuplicateCertificateContext (pCertContext=0x571e348) returned 0x571e348 [0295.508] CertDuplicateStore (hCertStore=0x9df9f0) returned 0x9df9f0 [0295.509] CertEnumCertificatesInStore (hCertStore=0x9df9f0, pPrevCertContext=0x0) returned 0x571dc18 [0295.509] CertDuplicateCertificateContext (pCertContext=0x571dc18) returned 0x571dc18 [0295.509] CertEnumCertificatesInStore (hCertStore=0x9df9f0, pPrevCertContext=0x571dc18) returned 0x571e348 [0295.510] CertDuplicateCertificateContext (pCertContext=0x571e348) returned 0x571e348 [0295.510] CertEnumCertificatesInStore (hCertStore=0x9df9f0, pPrevCertContext=0x571e348) returned 0x0 [0295.510] CertCloseStore (hCertStore=0x9df9f0, dwFlags=0x0) returned 1 [0295.510] CertFreeCRLContext (pCrlContext=0x571e348) returned 1 [0295.511] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9dfb58 [0295.511] CertAddCRLLinkToStore (in: hCertStore=0x9dfb58, pCrlContext=0x571dc18, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0295.511] CertAddCRLLinkToStore (in: hCertStore=0x9dfb58, pCrlContext=0x571e348, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0295.512] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5729600 [0295.512] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e348, pTime=0x73ebb0, hAdditionalStore=0x9dfb58, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0295.512] LocalFree (hMem=0x5729600) returned 0x0 [0295.512] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0295.513] CertDuplicateCertificateContext (pCertContext=0x571e348) returned 0x571e348 [0295.513] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0295.514] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0295.514] CertFreeCertificateChain (pChainContext=0x9a8958) [0295.514] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0295.514] SetLastError (dwErrCode=0x0) [0295.514] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0295.514] CertFreeCertificateChain (pChainContext=0x9a8958) [0295.515] CertFreeCRLContext (pCrlContext=0x571e348) returned 1 [0295.515] EncryptMessage (in: phContext=0x30be7c0, fQOP=0x0, pMessage=0x30c04ec, MessageSeqNo=0x0 | out: pMessage=0x30c04ec) returned 0x0 [0295.515] CoTaskMemAlloc (cb=0x10) returned 0x9f2fe8 [0295.515] WSASend (in: s=0x74c, lpBuffers=0x9f2fe8*=((len=0x33, buf=0x30bece0*), (len=0x4f, buf=0x30c0408*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0295.516] CoTaskMemFree (pv=0x9f2fe8) [0295.516] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0295.516] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0295.531] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0295.531] DecryptMessage (in: phContext=0x30be7c0, pMessage=0x30c0658, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c0658, pfQOP=0x0) returned 0x0 [0295.532] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0295.532] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0295.532] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0295.532] DecryptMessage (in: phContext=0x30be7c0, pMessage=0x30c20ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c20ec, pfQOP=0x0) returned 0x0 [0295.532] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0295.533] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0295.533] DecryptMessage (in: phContext=0x30be7c0, pMessage=0x30c2ef0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c2ef0, pfQOP=0x0) returned 0x0 [0295.533] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0295.533] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0295.533] DecryptMessage (in: phContext=0x30be7c0, pMessage=0x30c4138, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c4138, pfQOP=0x0) returned 0x0 [0295.533] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0295.534] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0295.534] DecryptMessage (in: phContext=0x30be7c0, pMessage=0x30c424c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c424c, pfQOP=0x0) returned 0x0 [0295.536] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0295.536] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0295.536] DecryptMessage (in: phContext=0x30be7c0, pMessage=0x30c65b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c65b0, pfQOP=0x0) returned 0x0 [0295.536] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0295.536] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0295.536] DecryptMessage (in: phContext=0x30be7c0, pMessage=0x30c66c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c66c4, pfQOP=0x0) returned 0x0 [0295.537] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0295.537] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0295.537] DecryptMessage (in: phContext=0x30be7c0, pMessage=0x30c67d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30c67d8, pfQOP=0x0) returned 0x0 [0295.537] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0295.537] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0295.537] DecryptMessage (in: phContext=0x30be7c0, pMessage=0x30cad74, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30cad74, pfQOP=0x0) returned 0x0 [0295.538] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0295.538] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0295.538] DecryptMessage (in: phContext=0x30be7c0, pMessage=0x30cae88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30cae88, pfQOP=0x0) returned 0x0 [0295.538] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0295.538] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0295.538] DecryptMessage (in: phContext=0x30be7c0, pMessage=0x30caf9c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30caf9c, pfQOP=0x0) returned 0x0 [0295.538] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0295.538] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0295.539] DecryptMessage (in: phContext=0x30be7c0, pMessage=0x30cb0b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30cb0b0, pfQOP=0x0) returned 0x0 [0295.539] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0295.539] recv (in: s=0x74c, buf=0x2fe1429, len=29, flags=0 | out: buf=0x2fe1429*) returned 29 [0295.539] DecryptMessage (in: phContext=0x30be7c0, pMessage=0x30cb1c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30cb1c4, pfQOP=0x0) returned 0x0 [0295.539] SetEvent (hEvent=0x4a8) returned 1 [0295.539] QueryContextAttributesW (in: phContext=0x30be7c0, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0295.540] DeleteSecurityContext (phContext=0x30be7c0) returned 0x0 [0295.540] shutdown (s=0x74c, how=2) returned 0 [0295.541] closesocket (s=0x74c) returned 0 [0295.546] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743329932275) returned 1 [0295.546] SetEvent (hEvent=0x4a8) returned 1 [0295.548] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0295.549] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0295.549] WSAConnect (in: s=0x74c, name=0x30ce5a8*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0295.623] closesocket (s=0x768) returned 0 [0295.628] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x30ce5f4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x30cead4, pOutput=0x30cea6c, pfContextAttr=0x30ce984, ptsExpiry=0x73ed80 | out: phNewContext=0x30cead4, pOutput=0x30cea6c, pfContextAttr=0x30ce984, ptsExpiry=0x73ed80) returned 0x90312 [0295.629] FreeContextBuffer (in: pvContextBuffer=0x5725e28 | out: pvContextBuffer=0x5725e28) returned 0x0 [0295.629] send (s=0x74c, buf=0x30ceafc*, len=366, flags=0) returned 366 [0295.630] recv (in: s=0x74c, buf=0x30ceafc, len=5, flags=0 | out: buf=0x30ceafc*) returned 5 [0295.639] recv (in: s=0x74c, buf=0x30ceb01, len=59, flags=0 | out: buf=0x30ceb01*) returned 59 [0295.639] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x30ce5f4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30cecf0, Reserved2=0x0, phNewContext=0x30cead4, pOutput=0x30ced04, pfContextAttr=0x30ce984, ptsExpiry=0x73ecdc | out: phNewContext=0x30cead4, pOutput=0x30ced04, pfContextAttr=0x30ce984, ptsExpiry=0x73ecdc) returned 0x90312 [0295.640] recv (in: s=0x74c, buf=0x30ced94, len=5, flags=0 | out: buf=0x30ced94*) returned 5 [0295.640] recv (in: s=0x74c, buf=0x30cedad, len=1, flags=0 | out: buf=0x30cedad*) returned 1 [0295.640] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x30ce5f4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30cee20, Reserved2=0x0, phNewContext=0x30cead4, pOutput=0x30cee34, pfContextAttr=0x30ce984, ptsExpiry=0x73ec3c | out: phNewContext=0x30cead4, pOutput=0x30cee34, pfContextAttr=0x30ce984, ptsExpiry=0x73ec3c) returned 0x90312 [0295.641] recv (in: s=0x74c, buf=0x30ceec4, len=5, flags=0 | out: buf=0x30ceec4*) returned 5 [0295.641] recv (in: s=0x74c, buf=0x30ceedd, len=40, flags=0 | out: buf=0x30ceedd*) returned 40 [0295.641] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x30ce5f4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30cef78, Reserved2=0x0, phNewContext=0x30cead4, pOutput=0x30cef8c, pfContextAttr=0x30ce984, ptsExpiry=0x73eb9c | out: phNewContext=0x30cead4, pOutput=0x30cef8c, pfContextAttr=0x30ce984, ptsExpiry=0x73eb9c) returned 0x0 [0295.642] FreeContextBuffer (in: pvContextBuffer=0x571e688 | out: pvContextBuffer=0x571e688) returned 0x0 [0295.642] QueryContextAttributesW (in: phContext=0x30cead4, ulAttribute=0x4, pBuffer=0x30cf05c | out: pBuffer=0x30cf05c) returned 0x0 [0295.642] QueryContextAttributesW (in: phContext=0x30cead4, ulAttribute=0x5a, pBuffer=0x30cf098 | out: pBuffer=0x30cf098) returned 0x0 [0295.642] QueryContextAttributesW (in: phContext=0x30cead4, ulAttribute=0x53, pBuffer=0x30cf0e4 | out: pBuffer=0x30cf0e4) returned 0x0 [0295.643] CertDuplicateCertificateContext (pCertContext=0x571e438) returned 0x571e438 [0295.644] CertDuplicateStore (hCertStore=0x9dfbd0) returned 0x9dfbd0 [0295.644] CertEnumCertificatesInStore (hCertStore=0x9dfbd0, pPrevCertContext=0x0) returned 0x571e618 [0295.645] CertDuplicateCertificateContext (pCertContext=0x571e618) returned 0x571e618 [0295.645] CertEnumCertificatesInStore (hCertStore=0x9dfbd0, pPrevCertContext=0x571e618) returned 0x571e438 [0295.645] CertDuplicateCertificateContext (pCertContext=0x571e438) returned 0x571e438 [0295.645] CertEnumCertificatesInStore (hCertStore=0x9dfbd0, pPrevCertContext=0x571e438) returned 0x0 [0295.645] CertCloseStore (hCertStore=0x9dfbd0, dwFlags=0x0) returned 1 [0295.645] CertFreeCRLContext (pCrlContext=0x571e438) returned 1 [0295.646] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9e01e8 [0295.646] CertAddCRLLinkToStore (in: hCertStore=0x9e01e8, pCrlContext=0x571e618, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0295.646] CertAddCRLLinkToStore (in: hCertStore=0x9e01e8, pCrlContext=0x571e438, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0295.647] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x57296a0 [0295.647] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e438, pTime=0x73ebb0, hAdditionalStore=0x9e01e8, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0295.648] LocalFree (hMem=0x57296a0) returned 0x0 [0295.648] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0295.648] CertDuplicateCertificateContext (pCertContext=0x571e438) returned 0x571e438 [0295.649] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0295.649] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0295.649] CertFreeCertificateChain (pChainContext=0x9a8958) [0295.649] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0295.649] SetLastError (dwErrCode=0x0) [0295.649] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0295.650] CertFreeCertificateChain (pChainContext=0x9a8958) [0295.650] CertFreeCRLContext (pCrlContext=0x571e438) returned 1 [0295.651] EncryptMessage (in: phContext=0x30cead4, fQOP=0x0, pMessage=0x30d0814, MessageSeqNo=0x0 | out: pMessage=0x30d0814) returned 0x0 [0295.651] CoTaskMemAlloc (cb=0x10) returned 0x9f3150 [0295.651] WSASend (in: s=0x74c, lpBuffers=0x9f3150*=((len=0x33, buf=0x30cf008*), (len=0x4f, buf=0x30d0730*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0295.651] CoTaskMemFree (pv=0x9f3150) [0295.651] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0295.652] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0295.672] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0295.672] DecryptMessage (in: phContext=0x30cead4, pMessage=0x30d0980, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d0980, pfQOP=0x0) returned 0x0 [0295.673] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0295.673] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0295.673] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0295.673] DecryptMessage (in: phContext=0x30cead4, pMessage=0x30d2414, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d2414, pfQOP=0x0) returned 0x0 [0295.673] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0295.674] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0295.674] DecryptMessage (in: phContext=0x30cead4, pMessage=0x30d3218, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d3218, pfQOP=0x0) returned 0x0 [0295.674] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0295.674] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0295.674] DecryptMessage (in: phContext=0x30cead4, pMessage=0x30d4460, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d4460, pfQOP=0x0) returned 0x0 [0295.674] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0295.674] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0295.675] DecryptMessage (in: phContext=0x30cead4, pMessage=0x30d4574, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d4574, pfQOP=0x0) returned 0x0 [0295.677] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0295.677] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0295.677] DecryptMessage (in: phContext=0x30cead4, pMessage=0x30d68d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d68d8, pfQOP=0x0) returned 0x0 [0295.677] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0295.677] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0295.678] DecryptMessage (in: phContext=0x30cead4, pMessage=0x30d69ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d69ec, pfQOP=0x0) returned 0x0 [0295.678] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0295.678] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0295.678] DecryptMessage (in: phContext=0x30cead4, pMessage=0x30d6b00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30d6b00, pfQOP=0x0) returned 0x0 [0295.678] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0295.678] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0295.678] DecryptMessage (in: phContext=0x30cead4, pMessage=0x30db09c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30db09c, pfQOP=0x0) returned 0x0 [0295.679] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0295.679] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0295.679] DecryptMessage (in: phContext=0x30cead4, pMessage=0x30db1b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30db1b0, pfQOP=0x0) returned 0x0 [0295.679] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0295.679] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0295.679] DecryptMessage (in: phContext=0x30cead4, pMessage=0x30db2c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30db2c4, pfQOP=0x0) returned 0x0 [0295.679] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0295.679] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0295.680] DecryptMessage (in: phContext=0x30cead4, pMessage=0x30db3d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30db3d8, pfQOP=0x0) returned 0x0 [0295.680] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0295.680] recv (in: s=0x74c, buf=0x2f86069, len=29, flags=0 | out: buf=0x2f86069*) returned 29 [0295.680] DecryptMessage (in: phContext=0x30cead4, pMessage=0x30db4ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30db4ec, pfQOP=0x0) returned 0x0 [0295.680] SetEvent (hEvent=0x4a8) returned 1 [0295.680] QueryContextAttributesW (in: phContext=0x30cead4, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0295.681] DeleteSecurityContext (phContext=0x30cead4) returned 0x0 [0295.681] shutdown (s=0x74c, how=2) returned 0 [0295.682] closesocket (s=0x74c) returned 0 [0295.687] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743344017202) returned 1 [0295.687] SetEvent (hEvent=0x4a8) returned 1 [0295.689] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0295.689] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0295.690] WSAConnect (in: s=0x74c, name=0x30de8d0*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0295.700] closesocket (s=0x768) returned 0 [0295.701] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x30de930, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x30dee10, pOutput=0x30deda8, pfContextAttr=0x30decc0, ptsExpiry=0x73ed80 | out: phNewContext=0x30dee10, pOutput=0x30deda8, pfContextAttr=0x30decc0, ptsExpiry=0x73ed80) returned 0x90312 [0295.702] FreeContextBuffer (in: pvContextBuffer=0x5726138 | out: pvContextBuffer=0x5726138) returned 0x0 [0295.702] send (s=0x74c, buf=0x30dee24*, len=366, flags=0) returned 366 [0295.702] recv (in: s=0x74c, buf=0x30dee24, len=5, flags=0 | out: buf=0x30dee24*) returned 5 [0295.712] recv (in: s=0x74c, buf=0x30dee29, len=59, flags=0 | out: buf=0x30dee29*) returned 59 [0295.713] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x30de930, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30df018, Reserved2=0x0, phNewContext=0x30dee10, pOutput=0x30df02c, pfContextAttr=0x30decc0, ptsExpiry=0x73ecdc | out: phNewContext=0x30dee10, pOutput=0x30df02c, pfContextAttr=0x30decc0, ptsExpiry=0x73ecdc) returned 0x90312 [0295.713] recv (in: s=0x74c, buf=0x30df0bc, len=5, flags=0 | out: buf=0x30df0bc*) returned 5 [0295.713] recv (in: s=0x74c, buf=0x30df0d5, len=1, flags=0 | out: buf=0x30df0d5*) returned 1 [0295.713] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x30de930, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30df148, Reserved2=0x0, phNewContext=0x30dee10, pOutput=0x30df15c, pfContextAttr=0x30decc0, ptsExpiry=0x73ec3c | out: phNewContext=0x30dee10, pOutput=0x30df15c, pfContextAttr=0x30decc0, ptsExpiry=0x73ec3c) returned 0x90312 [0295.714] recv (in: s=0x74c, buf=0x30df1ec, len=5, flags=0 | out: buf=0x30df1ec*) returned 5 [0295.714] recv (in: s=0x74c, buf=0x30df205, len=40, flags=0 | out: buf=0x30df205*) returned 40 [0295.714] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x30de930, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30df2a0, Reserved2=0x0, phNewContext=0x30dee10, pOutput=0x30df2b4, pfContextAttr=0x30decc0, ptsExpiry=0x73eb9c | out: phNewContext=0x30dee10, pOutput=0x30df2b4, pfContextAttr=0x30decc0, ptsExpiry=0x73eb9c) returned 0x0 [0295.715] FreeContextBuffer (in: pvContextBuffer=0x571e818 | out: pvContextBuffer=0x571e818) returned 0x0 [0295.715] QueryContextAttributesW (in: phContext=0x30dee10, ulAttribute=0x4, pBuffer=0x30df384 | out: pBuffer=0x30df384) returned 0x0 [0295.715] QueryContextAttributesW (in: phContext=0x30dee10, ulAttribute=0x5a, pBuffer=0x30df3c0 | out: pBuffer=0x30df3c0) returned 0x0 [0295.715] QueryContextAttributesW (in: phContext=0x30dee10, ulAttribute=0x53, pBuffer=0x30df40c | out: pBuffer=0x30df40c) returned 0x0 [0295.716] CertDuplicateCertificateContext (pCertContext=0x571e758) returned 0x571e758 [0295.716] CertDuplicateStore (hCertStore=0x9dfcc0) returned 0x9dfcc0 [0295.716] CertEnumCertificatesInStore (hCertStore=0x9dfcc0, pPrevCertContext=0x0) returned 0x571e848 [0295.717] CertDuplicateCertificateContext (pCertContext=0x571e848) returned 0x571e848 [0295.717] CertEnumCertificatesInStore (hCertStore=0x9dfcc0, pPrevCertContext=0x571e848) returned 0x571e758 [0295.717] CertDuplicateCertificateContext (pCertContext=0x571e758) returned 0x571e758 [0295.718] CertEnumCertificatesInStore (hCertStore=0x9dfcc0, pPrevCertContext=0x571e758) returned 0x0 [0295.718] CertCloseStore (hCertStore=0x9dfcc0, dwFlags=0x0) returned 1 [0295.718] CertFreeCRLContext (pCrlContext=0x571e758) returned 1 [0295.718] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9dfdb0 [0295.719] CertAddCRLLinkToStore (in: hCertStore=0x9dfdb0, pCrlContext=0x571e848, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0295.719] CertAddCRLLinkToStore (in: hCertStore=0x9dfdb0, pCrlContext=0x571e758, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0295.719] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x57293a0 [0295.720] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e758, pTime=0x73ebb0, hAdditionalStore=0x9dfdb0, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0295.720] LocalFree (hMem=0x57293a0) returned 0x0 [0295.720] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0295.721] CertDuplicateCertificateContext (pCertContext=0x571e758) returned 0x571e758 [0295.721] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0295.721] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0295.722] CertFreeCertificateChain (pChainContext=0x9a8958) [0295.722] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0295.722] SetLastError (dwErrCode=0x0) [0295.722] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0295.723] CertFreeCertificateChain (pChainContext=0x9a8958) [0295.723] CertFreeCRLContext (pCrlContext=0x571e758) returned 1 [0295.723] EncryptMessage (in: phContext=0x30dee10, fQOP=0x0, pMessage=0x30e0b3c, MessageSeqNo=0x0 | out: pMessage=0x30e0b3c) returned 0x0 [0295.723] CoTaskMemAlloc (cb=0x10) returned 0x9f3090 [0295.724] WSASend (in: s=0x74c, lpBuffers=0x9f3090*=((len=0x33, buf=0x30df330*), (len=0x4f, buf=0x30e0a58*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0295.724] CoTaskMemFree (pv=0x9f3090) [0295.724] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0295.724] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0295.857] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0295.926] DecryptMessage (in: phContext=0x30dee10, pMessage=0x30e0ca8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e0ca8, pfQOP=0x0) returned 0x0 [0295.927] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0295.927] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0295.927] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0295.927] DecryptMessage (in: phContext=0x30dee10, pMessage=0x30e273c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e273c, pfQOP=0x0) returned 0x0 [0295.928] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0295.928] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0295.928] DecryptMessage (in: phContext=0x30dee10, pMessage=0x30e3540, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e3540, pfQOP=0x0) returned 0x0 [0295.928] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0295.929] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0295.929] DecryptMessage (in: phContext=0x30dee10, pMessage=0x30e4788, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e4788, pfQOP=0x0) returned 0x0 [0295.929] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0295.929] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0295.929] DecryptMessage (in: phContext=0x30dee10, pMessage=0x30e489c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e489c, pfQOP=0x0) returned 0x0 [0295.930] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0295.930] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0295.930] DecryptMessage (in: phContext=0x30dee10, pMessage=0x30e6c00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e6c00, pfQOP=0x0) returned 0x0 [0295.930] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0295.930] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0295.931] DecryptMessage (in: phContext=0x30dee10, pMessage=0x30e6d14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e6d14, pfQOP=0x0) returned 0x0 [0295.931] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0295.931] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0295.931] DecryptMessage (in: phContext=0x30dee10, pMessage=0x30e6e28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30e6e28, pfQOP=0x0) returned 0x0 [0295.931] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0295.932] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0295.932] DecryptMessage (in: phContext=0x30dee10, pMessage=0x30eb3c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30eb3c4, pfQOP=0x0) returned 0x0 [0295.932] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0295.932] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0295.932] DecryptMessage (in: phContext=0x30dee10, pMessage=0x30eb4d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30eb4d8, pfQOP=0x0) returned 0x0 [0295.932] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0295.933] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0295.933] DecryptMessage (in: phContext=0x30dee10, pMessage=0x30eb5ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30eb5ec, pfQOP=0x0) returned 0x0 [0295.933] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0295.933] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0295.933] DecryptMessage (in: phContext=0x30dee10, pMessage=0x30eb700, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30eb700, pfQOP=0x0) returned 0x0 [0295.933] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0295.934] recv (in: s=0x74c, buf=0x2f8a0a1, len=29, flags=0 | out: buf=0x2f8a0a1*) returned 29 [0295.934] DecryptMessage (in: phContext=0x30dee10, pMessage=0x30eb814, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x30eb814, pfQOP=0x0) returned 0x0 [0295.934] SetEvent (hEvent=0x4a8) returned 1 [0295.935] QueryContextAttributesW (in: phContext=0x30dee10, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0295.935] DeleteSecurityContext (phContext=0x30dee10) returned 0x0 [0295.936] shutdown (s=0x74c, how=2) returned 0 [0295.936] closesocket (s=0x74c) returned 0 [0295.944] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743369743793) returned 1 [0295.944] SetEvent (hEvent=0x4a8) returned 1 [0295.946] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0295.947] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0295.948] WSAConnect (in: s=0x74c, name=0x30eebec*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0296.004] closesocket (s=0x768) returned 0 [0296.005] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x30eec4c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x30ef138, pOutput=0x30ef0d0, pfContextAttr=0x30eefe8, ptsExpiry=0x73ed80 | out: phNewContext=0x30ef138, pOutput=0x30ef0d0, pfContextAttr=0x30eefe8, ptsExpiry=0x73ed80) returned 0x90312 [0296.006] FreeContextBuffer (in: pvContextBuffer=0x57268e0 | out: pvContextBuffer=0x57268e0) returned 0x0 [0296.006] send (s=0x74c, buf=0x30ef14c*, len=366, flags=0) returned 366 [0296.007] recv (in: s=0x74c, buf=0x30ef14c, len=5, flags=0 | out: buf=0x30ef14c*) returned 5 [0296.016] recv (in: s=0x74c, buf=0x30ef151, len=59, flags=0 | out: buf=0x30ef151*) returned 59 [0296.017] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x30eec4c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30ef340, Reserved2=0x0, phNewContext=0x30ef138, pOutput=0x30ef354, pfContextAttr=0x30eefe8, ptsExpiry=0x73ecdc | out: phNewContext=0x30ef138, pOutput=0x30ef354, pfContextAttr=0x30eefe8, ptsExpiry=0x73ecdc) returned 0x90312 [0296.017] recv (in: s=0x74c, buf=0x30ef3e4, len=5, flags=0 | out: buf=0x30ef3e4*) returned 5 [0296.017] recv (in: s=0x74c, buf=0x30ef3fd, len=1, flags=0 | out: buf=0x30ef3fd*) returned 1 [0296.018] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x30eec4c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30ef470, Reserved2=0x0, phNewContext=0x30ef138, pOutput=0x30ef484, pfContextAttr=0x30eefe8, ptsExpiry=0x73ec3c | out: phNewContext=0x30ef138, pOutput=0x30ef484, pfContextAttr=0x30eefe8, ptsExpiry=0x73ec3c) returned 0x90312 [0296.018] recv (in: s=0x74c, buf=0x30ef514, len=5, flags=0 | out: buf=0x30ef514*) returned 5 [0296.018] recv (in: s=0x74c, buf=0x30ef52d, len=40, flags=0 | out: buf=0x30ef52d*) returned 40 [0296.019] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x30eec4c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x30ef5c8, Reserved2=0x0, phNewContext=0x30ef138, pOutput=0x30ef5dc, pfContextAttr=0x30eefe8, ptsExpiry=0x73eb9c | out: phNewContext=0x30ef138, pOutput=0x30ef5dc, pfContextAttr=0x30eefe8, ptsExpiry=0x73eb9c) returned 0x0 [0296.033] FreeContextBuffer (in: pvContextBuffer=0x571e868 | out: pvContextBuffer=0x571e868) returned 0x0 [0296.034] QueryContextAttributesW (in: phContext=0x30ef138, ulAttribute=0x4, pBuffer=0x30ef6ac | out: pBuffer=0x30ef6ac) returned 0x0 [0296.034] QueryContextAttributesW (in: phContext=0x30ef138, ulAttribute=0x5a, pBuffer=0x30ef6e8 | out: pBuffer=0x30ef6e8) returned 0x0 [0296.192] QueryContextAttributesW (in: phContext=0x30ef138, ulAttribute=0x53, pBuffer=0x30ef734 | out: pBuffer=0x30ef734) returned 0x0 [0296.208] CertDuplicateCertificateContext (pCertContext=0x571e898) returned 0x571e898 [0296.208] CertDuplicateStore (hCertStore=0x9dfd38) returned 0x9dfd38 [0296.208] CertEnumCertificatesInStore (hCertStore=0x9dfd38, pPrevCertContext=0x0) returned 0x571e8e8 [0296.209] CertDuplicateCertificateContext (pCertContext=0x571e8e8) returned 0x571e8e8 [0296.209] CertEnumCertificatesInStore (hCertStore=0x9dfd38, pPrevCertContext=0x571e8e8) returned 0x571e898 [0296.209] CertDuplicateCertificateContext (pCertContext=0x571e898) returned 0x571e898 [0296.210] CertEnumCertificatesInStore (hCertStore=0x9dfd38, pPrevCertContext=0x571e898) returned 0x0 [0296.210] CertCloseStore (hCertStore=0x9dfd38, dwFlags=0x0) returned 1 [0296.210] CertFreeCRLContext (pCrlContext=0x571e898) returned 1 [0296.211] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9e0260 [0296.211] CertAddCRLLinkToStore (in: hCertStore=0x9e0260, pCrlContext=0x571e8e8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.211] CertAddCRLLinkToStore (in: hCertStore=0x9e0260, pCrlContext=0x571e898, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.212] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x57293e0 [0296.212] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e898, pTime=0x73ebb0, hAdditionalStore=0x9e0260, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0296.213] LocalFree (hMem=0x57293e0) returned 0x0 [0296.213] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0296.214] CertDuplicateCertificateContext (pCertContext=0x571e898) returned 0x571e898 [0296.214] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0296.215] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0296.215] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.215] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0296.215] SetLastError (dwErrCode=0x0) [0296.215] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0296.216] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.216] CertFreeCRLContext (pCrlContext=0x571e898) returned 1 [0296.216] EncryptMessage (in: phContext=0x30ef138, fQOP=0x0, pMessage=0x30f0e64, MessageSeqNo=0x0 | out: pMessage=0x30f0e64) returned 0x0 [0296.216] CoTaskMemAlloc (cb=0x10) returned 0x9f3150 [0296.217] WSASend (in: s=0x74c, lpBuffers=0x9f3150*=((len=0x33, buf=0x30ef658*), (len=0x4f, buf=0x30f0d80*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0296.217] CoTaskMemFree (pv=0x9f3150) [0296.217] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0296.242] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0296.242] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0296.242] DecryptMessage (in: phContext=0x30ef138, pMessage=0x317195c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x317195c, pfQOP=0x0) returned 0x0 [0296.243] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0296.243] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0296.243] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0296.243] DecryptMessage (in: phContext=0x30ef138, pMessage=0x31733f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31733f0, pfQOP=0x0) returned 0x0 [0296.243] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0296.244] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0296.244] DecryptMessage (in: phContext=0x30ef138, pMessage=0x31741f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31741f4, pfQOP=0x0) returned 0x0 [0296.244] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0296.244] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0296.244] DecryptMessage (in: phContext=0x30ef138, pMessage=0x317543c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x317543c, pfQOP=0x0) returned 0x0 [0296.245] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0296.245] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0296.245] DecryptMessage (in: phContext=0x30ef138, pMessage=0x3175550, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3175550, pfQOP=0x0) returned 0x0 [0296.245] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0296.245] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0296.246] DecryptMessage (in: phContext=0x30ef138, pMessage=0x31778b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31778b4, pfQOP=0x0) returned 0x0 [0296.246] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0296.246] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0296.246] DecryptMessage (in: phContext=0x30ef138, pMessage=0x31779c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31779c8, pfQOP=0x0) returned 0x0 [0296.246] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0296.246] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0296.246] DecryptMessage (in: phContext=0x30ef138, pMessage=0x3177adc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3177adc, pfQOP=0x0) returned 0x0 [0296.247] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0296.247] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0296.247] DecryptMessage (in: phContext=0x30ef138, pMessage=0x317c078, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x317c078, pfQOP=0x0) returned 0x0 [0296.247] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0296.247] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0296.248] DecryptMessage (in: phContext=0x30ef138, pMessage=0x317c18c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x317c18c, pfQOP=0x0) returned 0x0 [0296.248] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0296.248] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0296.248] DecryptMessage (in: phContext=0x30ef138, pMessage=0x317c2a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x317c2a0, pfQOP=0x0) returned 0x0 [0296.248] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0296.248] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0296.248] DecryptMessage (in: phContext=0x30ef138, pMessage=0x317c3b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x317c3b4, pfQOP=0x0) returned 0x0 [0296.249] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0296.249] recv (in: s=0x74c, buf=0x2fc1269, len=29, flags=0 | out: buf=0x2fc1269*) returned 29 [0296.249] DecryptMessage (in: phContext=0x30ef138, pMessage=0x317c4c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x317c4c8, pfQOP=0x0) returned 0x0 [0296.249] SetEvent (hEvent=0x4a8) returned 1 [0296.305] QueryContextAttributesW (in: phContext=0x30ef138, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0296.306] DeleteSecurityContext (phContext=0x30ef138) returned 0x0 [0296.307] shutdown (s=0x74c, how=2) returned 0 [0296.308] closesocket (s=0x74c) returned 0 [0296.314] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743406691680) returned 1 [0296.319] SetEvent (hEvent=0x4a8) returned 1 [0296.320] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0296.321] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0296.322] WSAConnect (in: s=0x74c, name=0x317f8a0*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0296.333] closesocket (s=0x768) returned 0 [0296.334] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x317f900, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x317fdec, pOutput=0x317fd84, pfContextAttr=0x317fc9c, ptsExpiry=0x73ed80 | out: phNewContext=0x317fdec, pOutput=0x317fd84, pfContextAttr=0x317fc9c, ptsExpiry=0x73ed80) returned 0x90312 [0296.335] FreeContextBuffer (in: pvContextBuffer=0x5725ca0 | out: pvContextBuffer=0x5725ca0) returned 0x0 [0296.335] send (s=0x74c, buf=0x317fe00*, len=366, flags=0) returned 366 [0296.335] recv (in: s=0x74c, buf=0x317fe00, len=5, flags=0 | out: buf=0x317fe00*) returned 5 [0296.344] recv (in: s=0x74c, buf=0x317fe05, len=59, flags=0 | out: buf=0x317fe05*) returned 59 [0296.344] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x317f900, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x317fff4, Reserved2=0x0, phNewContext=0x317fdec, pOutput=0x3180008, pfContextAttr=0x317fc9c, ptsExpiry=0x73ecdc | out: phNewContext=0x317fdec, pOutput=0x3180008, pfContextAttr=0x317fc9c, ptsExpiry=0x73ecdc) returned 0x90312 [0296.345] recv (in: s=0x74c, buf=0x3180098, len=5, flags=0 | out: buf=0x3180098*) returned 5 [0296.345] recv (in: s=0x74c, buf=0x31800b1, len=1, flags=0 | out: buf=0x31800b1*) returned 1 [0296.345] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x317f900, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3180124, Reserved2=0x0, phNewContext=0x317fdec, pOutput=0x3180138, pfContextAttr=0x317fc9c, ptsExpiry=0x73ec3c | out: phNewContext=0x317fdec, pOutput=0x3180138, pfContextAttr=0x317fc9c, ptsExpiry=0x73ec3c) returned 0x90312 [0296.346] recv (in: s=0x74c, buf=0x31801c8, len=5, flags=0 | out: buf=0x31801c8*) returned 5 [0296.346] recv (in: s=0x74c, buf=0x31801e1, len=40, flags=0 | out: buf=0x31801e1*) returned 40 [0296.346] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x317f900, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x318027c, Reserved2=0x0, phNewContext=0x317fdec, pOutput=0x3180290, pfContextAttr=0x317fc9c, ptsExpiry=0x73eb9c | out: phNewContext=0x317fdec, pOutput=0x3180290, pfContextAttr=0x317fc9c, ptsExpiry=0x73eb9c) returned 0x0 [0296.354] FreeContextBuffer (in: pvContextBuffer=0x5727f78 | out: pvContextBuffer=0x5727f78) returned 0x0 [0296.354] QueryContextAttributesW (in: phContext=0x317fdec, ulAttribute=0x4, pBuffer=0x3180360 | out: pBuffer=0x3180360) returned 0x0 [0296.354] QueryContextAttributesW (in: phContext=0x317fdec, ulAttribute=0x5a, pBuffer=0x318039c | out: pBuffer=0x318039c) returned 0x0 [0296.355] QueryContextAttributesW (in: phContext=0x317fdec, ulAttribute=0x53, pBuffer=0x31803e8 | out: pBuffer=0x31803e8) returned 0x0 [0296.356] CertDuplicateCertificateContext (pCertContext=0x9d88d8) returned 0x9d88d8 [0296.357] CertDuplicateStore (hCertStore=0x9e0698) returned 0x9e0698 [0296.357] CertEnumCertificatesInStore (hCertStore=0x9e0698, pPrevCertContext=0x0) returned 0x9d8388 [0296.357] CertDuplicateCertificateContext (pCertContext=0x9d8388) returned 0x9d8388 [0296.357] CertEnumCertificatesInStore (hCertStore=0x9e0698, pPrevCertContext=0x9d8388) returned 0x9d88d8 [0296.358] CertDuplicateCertificateContext (pCertContext=0x9d88d8) returned 0x9d88d8 [0296.358] CertEnumCertificatesInStore (hCertStore=0x9e0698, pPrevCertContext=0x9d88d8) returned 0x0 [0296.358] CertCloseStore (hCertStore=0x9e0698, dwFlags=0x0) returned 1 [0296.358] CertFreeCRLContext (pCrlContext=0x9d88d8) returned 1 [0296.359] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9e0170 [0296.359] CertAddCRLLinkToStore (in: hCertStore=0x9e0170, pCrlContext=0x9d8388, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.359] CertAddCRLLinkToStore (in: hCertStore=0x9e0170, pCrlContext=0x9d88d8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.360] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x571b460 [0296.361] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9d88d8, pTime=0x73ebb0, hAdditionalStore=0x9e0170, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0296.361] LocalFree (hMem=0x571b460) returned 0x0 [0296.361] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0296.362] CertDuplicateCertificateContext (pCertContext=0x9d88d8) returned 0x9d88d8 [0296.446] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0296.446] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0296.446] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.447] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0296.447] SetLastError (dwErrCode=0x0) [0296.447] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0296.447] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.447] CertFreeCRLContext (pCrlContext=0x9d88d8) returned 1 [0296.448] EncryptMessage (in: phContext=0x317fdec, fQOP=0x0, pMessage=0x3181b18, MessageSeqNo=0x0 | out: pMessage=0x3181b18) returned 0x0 [0296.448] CoTaskMemAlloc (cb=0x10) returned 0x9f31f8 [0296.448] WSASend (in: s=0x74c, lpBuffers=0x9f31f8*=((len=0x33, buf=0x318030c*), (len=0x4f, buf=0x3181a28*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0296.449] CoTaskMemFree (pv=0x9f31f8) [0296.449] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0296.449] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0296.467] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0296.467] DecryptMessage (in: phContext=0x317fdec, pMessage=0x3181c84, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3181c84, pfQOP=0x0) returned 0x0 [0296.468] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0296.469] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0296.469] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0296.469] DecryptMessage (in: phContext=0x317fdec, pMessage=0x3183718, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3183718, pfQOP=0x0) returned 0x0 [0296.469] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0296.469] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0296.470] DecryptMessage (in: phContext=0x317fdec, pMessage=0x3184528, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3184528, pfQOP=0x0) returned 0x0 [0296.470] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0296.470] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0296.470] DecryptMessage (in: phContext=0x317fdec, pMessage=0x3185764, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3185764, pfQOP=0x0) returned 0x0 [0296.470] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0296.470] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0296.470] DecryptMessage (in: phContext=0x317fdec, pMessage=0x3185878, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3185878, pfQOP=0x0) returned 0x0 [0296.471] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0296.471] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0296.471] DecryptMessage (in: phContext=0x317fdec, pMessage=0x3187bdc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3187bdc, pfQOP=0x0) returned 0x0 [0296.471] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0296.471] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0296.474] DecryptMessage (in: phContext=0x317fdec, pMessage=0x3187cf0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3187cf0, pfQOP=0x0) returned 0x0 [0296.474] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0296.474] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0296.474] DecryptMessage (in: phContext=0x317fdec, pMessage=0x3187e04, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3187e04, pfQOP=0x0) returned 0x0 [0296.475] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0296.475] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0296.475] DecryptMessage (in: phContext=0x317fdec, pMessage=0x318c3a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x318c3a0, pfQOP=0x0) returned 0x0 [0296.475] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0296.475] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0296.476] DecryptMessage (in: phContext=0x317fdec, pMessage=0x318c4b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x318c4b4, pfQOP=0x0) returned 0x0 [0296.476] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0296.476] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0296.476] DecryptMessage (in: phContext=0x317fdec, pMessage=0x318c5c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x318c5c8, pfQOP=0x0) returned 0x0 [0296.476] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0296.476] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0296.477] DecryptMessage (in: phContext=0x317fdec, pMessage=0x318c6e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x318c6e8, pfQOP=0x0) returned 0x0 [0296.477] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0296.477] recv (in: s=0x74c, buf=0x316d8a1, len=51, flags=0 | out: buf=0x316d8a1*) returned 51 [0296.477] DecryptMessage (in: phContext=0x317fdec, pMessage=0x318c7fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x318c7fc, pfQOP=0x0) returned 0x0 [0296.477] SetEvent (hEvent=0x4a8) returned 1 [0296.478] QueryContextAttributesW (in: phContext=0x317fdec, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0296.478] DeleteSecurityContext (phContext=0x317fdec) returned 0x0 [0296.478] shutdown (s=0x74c, how=2) returned 0 [0296.479] closesocket (s=0x74c) returned 0 [0296.484] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743423678126) returned 1 [0296.484] SetEvent (hEvent=0x4a8) returned 1 [0296.485] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0296.486] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0296.486] WSAConnect (in: s=0x74c, name=0x318fbc0*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0296.498] closesocket (s=0x768) returned 0 [0296.499] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x318fc34, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3190114, pOutput=0x31900ac, pfContextAttr=0x318ffc4, ptsExpiry=0x73ed80 | out: phNewContext=0x3190114, pOutput=0x31900ac, pfContextAttr=0x318ffc4, ptsExpiry=0x73ed80) returned 0x90312 [0296.499] FreeContextBuffer (in: pvContextBuffer=0x5725ca0 | out: pvContextBuffer=0x5725ca0) returned 0x0 [0296.499] send (s=0x74c, buf=0x3190128*, len=366, flags=0) returned 366 [0296.500] recv (in: s=0x74c, buf=0x3190128, len=5, flags=0 | out: buf=0x3190128*) returned 5 [0296.511] recv (in: s=0x74c, buf=0x319012d, len=59, flags=0 | out: buf=0x319012d*) returned 59 [0296.511] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x318fc34, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x319031c, Reserved2=0x0, phNewContext=0x3190114, pOutput=0x3190330, pfContextAttr=0x318ffc4, ptsExpiry=0x73ecdc | out: phNewContext=0x3190114, pOutput=0x3190330, pfContextAttr=0x318ffc4, ptsExpiry=0x73ecdc) returned 0x90312 [0296.511] recv (in: s=0x74c, buf=0x31903c0, len=5, flags=0 | out: buf=0x31903c0*) returned 5 [0296.511] recv (in: s=0x74c, buf=0x31903d9, len=1, flags=0 | out: buf=0x31903d9*) returned 1 [0296.512] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x318fc34, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x319044c, Reserved2=0x0, phNewContext=0x3190114, pOutput=0x3190460, pfContextAttr=0x318ffc4, ptsExpiry=0x73ec3c | out: phNewContext=0x3190114, pOutput=0x3190460, pfContextAttr=0x318ffc4, ptsExpiry=0x73ec3c) returned 0x90312 [0296.512] recv (in: s=0x74c, buf=0x31904f0, len=5, flags=0 | out: buf=0x31904f0*) returned 5 [0296.512] recv (in: s=0x74c, buf=0x3190509, len=40, flags=0 | out: buf=0x3190509*) returned 40 [0296.512] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x318fc34, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31905a4, Reserved2=0x0, phNewContext=0x3190114, pOutput=0x31905b8, pfContextAttr=0x318ffc4, ptsExpiry=0x73eb9c | out: phNewContext=0x3190114, pOutput=0x31905b8, pfContextAttr=0x318ffc4, ptsExpiry=0x73eb9c) returned 0x0 [0296.514] FreeContextBuffer (in: pvContextBuffer=0x9d88f8 | out: pvContextBuffer=0x9d88f8) returned 0x0 [0296.514] QueryContextAttributesW (in: phContext=0x3190114, ulAttribute=0x4, pBuffer=0x3190688 | out: pBuffer=0x3190688) returned 0x0 [0296.514] QueryContextAttributesW (in: phContext=0x3190114, ulAttribute=0x5a, pBuffer=0x31906d0 | out: pBuffer=0x31906d0) returned 0x0 [0296.514] QueryContextAttributesW (in: phContext=0x3190114, ulAttribute=0x53, pBuffer=0x319071c | out: pBuffer=0x319071c) returned 0x0 [0296.515] CertDuplicateCertificateContext (pCertContext=0x9d83d8) returned 0x9d83d8 [0296.515] CertDuplicateStore (hCertStore=0x9e04b8) returned 0x9e04b8 [0296.515] CertEnumCertificatesInStore (hCertStore=0x9e04b8, pPrevCertContext=0x0) returned 0x9d85b8 [0296.516] CertDuplicateCertificateContext (pCertContext=0x9d85b8) returned 0x9d85b8 [0296.516] CertEnumCertificatesInStore (hCertStore=0x9e04b8, pPrevCertContext=0x9d85b8) returned 0x9d83d8 [0296.516] CertDuplicateCertificateContext (pCertContext=0x9d83d8) returned 0x9d83d8 [0296.516] CertEnumCertificatesInStore (hCertStore=0x9e04b8, pPrevCertContext=0x9d83d8) returned 0x0 [0296.516] CertCloseStore (hCertStore=0x9e04b8, dwFlags=0x0) returned 1 [0296.516] CertFreeCRLContext (pCrlContext=0x9d83d8) returned 1 [0296.517] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9e0440 [0296.517] CertAddCRLLinkToStore (in: hCertStore=0x9e0440, pCrlContext=0x9d85b8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.517] CertAddCRLLinkToStore (in: hCertStore=0x9e0440, pCrlContext=0x9d83d8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.518] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x571b460 [0296.518] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9d83d8, pTime=0x73ebb0, hAdditionalStore=0x9e0440, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0296.519] LocalFree (hMem=0x571b460) returned 0x0 [0296.519] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0296.520] CertDuplicateCertificateContext (pCertContext=0x9d83d8) returned 0x9d83d8 [0296.520] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0296.521] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0296.521] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.521] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0296.521] SetLastError (dwErrCode=0x0) [0296.521] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0296.521] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.522] CertFreeCRLContext (pCrlContext=0x9d83d8) returned 1 [0296.522] EncryptMessage (in: phContext=0x3190114, fQOP=0x0, pMessage=0x3191e40, MessageSeqNo=0x0 | out: pMessage=0x3191e40) returned 0x0 [0296.522] CoTaskMemAlloc (cb=0x10) returned 0x9f3150 [0296.522] WSASend (in: s=0x74c, lpBuffers=0x9f3150*=((len=0x33, buf=0x3190634*), (len=0x4f, buf=0x3191d5c*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0296.523] CoTaskMemFree (pv=0x9f3150) [0296.523] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0296.523] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0296.543] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0296.544] DecryptMessage (in: phContext=0x3190114, pMessage=0x3191fac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3191fac, pfQOP=0x0) returned 0x0 [0296.544] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0296.544] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0296.544] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0296.545] DecryptMessage (in: phContext=0x3190114, pMessage=0x3193a40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3193a40, pfQOP=0x0) returned 0x0 [0296.545] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0296.545] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0296.545] DecryptMessage (in: phContext=0x3190114, pMessage=0x3194850, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3194850, pfQOP=0x0) returned 0x0 [0296.546] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0296.546] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0296.546] DecryptMessage (in: phContext=0x3190114, pMessage=0x3195a8c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3195a8c, pfQOP=0x0) returned 0x0 [0296.546] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0296.546] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0296.546] DecryptMessage (in: phContext=0x3190114, pMessage=0x3195ba0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3195ba0, pfQOP=0x0) returned 0x0 [0296.547] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0296.547] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0296.547] DecryptMessage (in: phContext=0x3190114, pMessage=0x3197f04, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3197f04, pfQOP=0x0) returned 0x0 [0296.547] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0296.547] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0296.547] DecryptMessage (in: phContext=0x3190114, pMessage=0x3198018, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3198018, pfQOP=0x0) returned 0x0 [0296.548] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0296.548] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0296.548] DecryptMessage (in: phContext=0x3190114, pMessage=0x319812c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x319812c, pfQOP=0x0) returned 0x0 [0296.548] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0296.549] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0296.549] DecryptMessage (in: phContext=0x3190114, pMessage=0x319c6d4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x319c6d4, pfQOP=0x0) returned 0x0 [0296.549] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0296.549] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0296.549] DecryptMessage (in: phContext=0x3190114, pMessage=0x319c7e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x319c7e8, pfQOP=0x0) returned 0x0 [0296.550] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0296.550] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0296.550] DecryptMessage (in: phContext=0x3190114, pMessage=0x319c8fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x319c8fc, pfQOP=0x0) returned 0x0 [0296.550] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0296.550] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0296.550] DecryptMessage (in: phContext=0x3190114, pMessage=0x319ca10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x319ca10, pfQOP=0x0) returned 0x0 [0296.551] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0296.551] recv (in: s=0x74c, buf=0x316985d, len=51, flags=0 | out: buf=0x316985d*) returned 51 [0296.551] DecryptMessage (in: phContext=0x3190114, pMessage=0x319cb24, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x319cb24, pfQOP=0x0) returned 0x0 [0296.551] SetEvent (hEvent=0x4a8) returned 1 [0296.551] QueryContextAttributesW (in: phContext=0x3190114, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0296.552] DeleteSecurityContext (phContext=0x3190114) returned 0x0 [0296.552] shutdown (s=0x74c, how=2) returned 0 [0296.553] closesocket (s=0x74c) returned 0 [0296.558] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743431087207) returned 1 [0296.558] SetEvent (hEvent=0x4a8) returned 1 [0296.559] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0296.560] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0296.561] WSAConnect (in: s=0x74c, name=0x319fee8*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0296.582] closesocket (s=0x768) returned 0 [0296.583] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x319ff5c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x31a043c, pOutput=0x31a03d4, pfContextAttr=0x31a02ec, ptsExpiry=0x73ed80 | out: phNewContext=0x31a043c, pOutput=0x31a03d4, pfContextAttr=0x31a02ec, ptsExpiry=0x73ed80) returned 0x90312 [0296.583] FreeContextBuffer (in: pvContextBuffer=0x5725ca0 | out: pvContextBuffer=0x5725ca0) returned 0x0 [0296.583] send (s=0x74c, buf=0x31a0450*, len=366, flags=0) returned 366 [0296.584] recv (in: s=0x74c, buf=0x31a0450, len=5, flags=0 | out: buf=0x31a0450*) returned 5 [0296.593] recv (in: s=0x74c, buf=0x31a0455, len=59, flags=0 | out: buf=0x31a0455*) returned 59 [0296.593] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x319ff5c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31a0644, Reserved2=0x0, phNewContext=0x31a043c, pOutput=0x31a0658, pfContextAttr=0x31a02ec, ptsExpiry=0x73ecdc | out: phNewContext=0x31a043c, pOutput=0x31a0658, pfContextAttr=0x31a02ec, ptsExpiry=0x73ecdc) returned 0x90312 [0296.594] recv (in: s=0x74c, buf=0x31a06f4, len=5, flags=0 | out: buf=0x31a06f4*) returned 5 [0296.594] recv (in: s=0x74c, buf=0x31a070d, len=1, flags=0 | out: buf=0x31a070d*) returned 1 [0296.594] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x319ff5c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31a0780, Reserved2=0x0, phNewContext=0x31a043c, pOutput=0x31a0794, pfContextAttr=0x31a02ec, ptsExpiry=0x73ec3c | out: phNewContext=0x31a043c, pOutput=0x31a0794, pfContextAttr=0x31a02ec, ptsExpiry=0x73ec3c) returned 0x90312 [0296.595] recv (in: s=0x74c, buf=0x31a0824, len=5, flags=0 | out: buf=0x31a0824*) returned 5 [0296.595] recv (in: s=0x74c, buf=0x31a083d, len=40, flags=0 | out: buf=0x31a083d*) returned 40 [0296.595] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x319ff5c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31a08d8, Reserved2=0x0, phNewContext=0x31a043c, pOutput=0x31a08ec, pfContextAttr=0x31a02ec, ptsExpiry=0x73eb9c | out: phNewContext=0x31a043c, pOutput=0x31a08ec, pfContextAttr=0x31a02ec, ptsExpiry=0x73eb9c) returned 0x0 [0296.596] FreeContextBuffer (in: pvContextBuffer=0x9d8628 | out: pvContextBuffer=0x9d8628) returned 0x0 [0296.596] QueryContextAttributesW (in: phContext=0x31a043c, ulAttribute=0x4, pBuffer=0x31a09bc | out: pBuffer=0x31a09bc) returned 0x0 [0296.596] QueryContextAttributesW (in: phContext=0x31a043c, ulAttribute=0x5a, pBuffer=0x31a09f8 | out: pBuffer=0x31a09f8) returned 0x0 [0296.596] QueryContextAttributesW (in: phContext=0x31a043c, ulAttribute=0x53, pBuffer=0x31a0a44 | out: pBuffer=0x31a0a44) returned 0x0 [0296.661] CertDuplicateCertificateContext (pCertContext=0x9d8608) returned 0x9d8608 [0296.662] CertDuplicateStore (hCertStore=0x9e02d8) returned 0x9e02d8 [0296.662] CertEnumCertificatesInStore (hCertStore=0x9e02d8, pPrevCertContext=0x0) returned 0x9d8478 [0296.662] CertDuplicateCertificateContext (pCertContext=0x9d8478) returned 0x9d8478 [0296.662] CertEnumCertificatesInStore (hCertStore=0x9e02d8, pPrevCertContext=0x9d8478) returned 0x9d8608 [0296.663] CertDuplicateCertificateContext (pCertContext=0x9d8608) returned 0x9d8608 [0296.663] CertEnumCertificatesInStore (hCertStore=0x9e02d8, pPrevCertContext=0x9d8608) returned 0x0 [0296.663] CertCloseStore (hCertStore=0x9e02d8, dwFlags=0x0) returned 1 [0296.663] CertFreeCRLContext (pCrlContext=0x9d8608) returned 1 [0296.664] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9dfae0 [0296.664] CertAddCRLLinkToStore (in: hCertStore=0x9dfae0, pCrlContext=0x9d8478, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.664] CertAddCRLLinkToStore (in: hCertStore=0x9dfae0, pCrlContext=0x9d8608, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.665] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x56ad470 [0296.665] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9d8608, pTime=0x73ebb0, hAdditionalStore=0x9dfae0, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0296.665] LocalFree (hMem=0x56ad470) returned 0x0 [0296.666] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0296.666] CertDuplicateCertificateContext (pCertContext=0x9d8608) returned 0x9d8608 [0296.667] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0296.667] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0296.667] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.667] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0296.667] SetLastError (dwErrCode=0x0) [0296.667] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0296.668] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.668] CertFreeCRLContext (pCrlContext=0x9d8608) returned 1 [0296.669] EncryptMessage (in: phContext=0x31a043c, fQOP=0x0, pMessage=0x31a2174, MessageSeqNo=0x0 | out: pMessage=0x31a2174) returned 0x0 [0296.669] CoTaskMemAlloc (cb=0x10) returned 0x9f30a8 [0296.669] WSASend (in: s=0x74c, lpBuffers=0x9f30a8*=((len=0x33, buf=0x31a0968*), (len=0x4f, buf=0x31a2090*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0296.670] CoTaskMemFree (pv=0x9f30a8) [0296.670] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0296.670] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0296.692] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0296.692] DecryptMessage (in: phContext=0x31a043c, pMessage=0x31a22e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31a22e0, pfQOP=0x0) returned 0x0 [0296.693] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0296.693] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0296.693] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0296.693] DecryptMessage (in: phContext=0x31a043c, pMessage=0x31a3d68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31a3d68, pfQOP=0x0) returned 0x0 [0296.694] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0296.694] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0296.694] DecryptMessage (in: phContext=0x31a043c, pMessage=0x31a4b78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31a4b78, pfQOP=0x0) returned 0x0 [0296.694] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0296.694] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0296.694] DecryptMessage (in: phContext=0x31a043c, pMessage=0x31a5db4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31a5db4, pfQOP=0x0) returned 0x0 [0296.694] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0296.694] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0296.695] DecryptMessage (in: phContext=0x31a043c, pMessage=0x31a5ec8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31a5ec8, pfQOP=0x0) returned 0x0 [0296.695] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0296.695] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0296.696] DecryptMessage (in: phContext=0x31a043c, pMessage=0x31a8238, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31a8238, pfQOP=0x0) returned 0x0 [0296.696] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0296.696] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0296.696] DecryptMessage (in: phContext=0x31a043c, pMessage=0x31a834c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31a834c, pfQOP=0x0) returned 0x0 [0296.696] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0296.696] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0296.697] DecryptMessage (in: phContext=0x31a043c, pMessage=0x31a8460, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31a8460, pfQOP=0x0) returned 0x0 [0296.697] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0296.697] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0296.697] DecryptMessage (in: phContext=0x31a043c, pMessage=0x31ac9fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31ac9fc, pfQOP=0x0) returned 0x0 [0296.698] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0296.698] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0296.698] DecryptMessage (in: phContext=0x31a043c, pMessage=0x31acb10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31acb10, pfQOP=0x0) returned 0x0 [0296.698] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0296.698] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0296.698] DecryptMessage (in: phContext=0x31a043c, pMessage=0x31acc24, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31acc24, pfQOP=0x0) returned 0x0 [0296.698] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0296.699] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0296.699] DecryptMessage (in: phContext=0x31a043c, pMessage=0x31acd38, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31acd38, pfQOP=0x0) returned 0x0 [0296.699] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0296.699] recv (in: s=0x74c, buf=0x3165819, len=29, flags=0 | out: buf=0x3165819*) returned 29 [0296.699] DecryptMessage (in: phContext=0x31a043c, pMessage=0x31ace4c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31ace4c, pfQOP=0x0) returned 0x0 [0296.699] SetEvent (hEvent=0x4a8) returned 1 [0296.700] QueryContextAttributesW (in: phContext=0x31a043c, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0296.700] DeleteSecurityContext (phContext=0x31a043c) returned 0x0 [0296.701] shutdown (s=0x74c, how=2) returned 0 [0296.701] closesocket (s=0x74c) returned 0 [0296.707] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743445997284) returned 1 [0296.707] SetEvent (hEvent=0x4a8) returned 1 [0296.709] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0296.709] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0296.710] WSAConnect (in: s=0x74c, name=0x31b0224*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0296.719] closesocket (s=0x768) returned 0 [0296.720] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x31b0284, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x31b0770, pOutput=0x31b0708, pfContextAttr=0x31b0614, ptsExpiry=0x73ed80 | out: phNewContext=0x31b0770, pOutput=0x31b0708, pfContextAttr=0x31b0614, ptsExpiry=0x73ed80) returned 0x90312 [0296.721] FreeContextBuffer (in: pvContextBuffer=0x5726a68 | out: pvContextBuffer=0x5726a68) returned 0x0 [0296.721] send (s=0x74c, buf=0x31b0784*, len=366, flags=0) returned 366 [0296.721] recv (in: s=0x74c, buf=0x31b0784, len=5, flags=0 | out: buf=0x31b0784*) returned 5 [0296.732] recv (in: s=0x74c, buf=0x31b0789, len=59, flags=0 | out: buf=0x31b0789*) returned 59 [0296.732] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x31b0284, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31b0978, Reserved2=0x0, phNewContext=0x31b0770, pOutput=0x31b098c, pfContextAttr=0x31b0614, ptsExpiry=0x73ecdc | out: phNewContext=0x31b0770, pOutput=0x31b098c, pfContextAttr=0x31b0614, ptsExpiry=0x73ecdc) returned 0x90312 [0296.732] recv (in: s=0x74c, buf=0x31b0a1c, len=5, flags=0 | out: buf=0x31b0a1c*) returned 5 [0296.732] recv (in: s=0x74c, buf=0x31b0a35, len=1, flags=0 | out: buf=0x31b0a35*) returned 1 [0296.733] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x31b0284, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31b0aa8, Reserved2=0x0, phNewContext=0x31b0770, pOutput=0x31b0abc, pfContextAttr=0x31b0614, ptsExpiry=0x73ec3c | out: phNewContext=0x31b0770, pOutput=0x31b0abc, pfContextAttr=0x31b0614, ptsExpiry=0x73ec3c) returned 0x90312 [0296.733] recv (in: s=0x74c, buf=0x31b0b4c, len=5, flags=0 | out: buf=0x31b0b4c*) returned 5 [0296.733] recv (in: s=0x74c, buf=0x31b0b65, len=40, flags=0 | out: buf=0x31b0b65*) returned 40 [0296.733] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x31b0284, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31b0c00, Reserved2=0x0, phNewContext=0x31b0770, pOutput=0x31b0c14, pfContextAttr=0x31b0614, ptsExpiry=0x73eb9c | out: phNewContext=0x31b0770, pOutput=0x31b0c14, pfContextAttr=0x31b0614, ptsExpiry=0x73eb9c) returned 0x0 [0296.734] FreeContextBuffer (in: pvContextBuffer=0x9d8768 | out: pvContextBuffer=0x9d8768) returned 0x0 [0296.734] QueryContextAttributesW (in: phContext=0x31b0770, ulAttribute=0x4, pBuffer=0x31b0ce4 | out: pBuffer=0x31b0ce4) returned 0x0 [0296.734] QueryContextAttributesW (in: phContext=0x31b0770, ulAttribute=0x5a, pBuffer=0x31b0d20 | out: pBuffer=0x31b0d20) returned 0x0 [0296.735] QueryContextAttributesW (in: phContext=0x31b0770, ulAttribute=0x53, pBuffer=0x31b0d6c | out: pBuffer=0x31b0d6c) returned 0x0 [0296.735] CertDuplicateCertificateContext (pCertContext=0x9d8298) returned 0x9d8298 [0296.736] CertDuplicateStore (hCertStore=0x9dfe28) returned 0x9dfe28 [0296.736] CertEnumCertificatesInStore (hCertStore=0x9dfe28, pPrevCertContext=0x0) returned 0x9d8428 [0296.736] CertDuplicateCertificateContext (pCertContext=0x9d8428) returned 0x9d8428 [0296.736] CertEnumCertificatesInStore (hCertStore=0x9dfe28, pPrevCertContext=0x9d8428) returned 0x9d8298 [0296.737] CertDuplicateCertificateContext (pCertContext=0x9d8298) returned 0x9d8298 [0296.737] CertEnumCertificatesInStore (hCertStore=0x9dfe28, pPrevCertContext=0x9d8298) returned 0x0 [0296.737] CertCloseStore (hCertStore=0x9dfe28, dwFlags=0x0) returned 1 [0296.737] CertFreeCRLContext (pCrlContext=0x9d8298) returned 1 [0296.739] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9dfa68 [0296.739] CertAddCRLLinkToStore (in: hCertStore=0x9dfa68, pCrlContext=0x9d8428, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.740] CertAddCRLLinkToStore (in: hCertStore=0x9dfa68, pCrlContext=0x9d8298, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.740] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x92f968 [0296.740] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9d8298, pTime=0x73ebb0, hAdditionalStore=0x9dfa68, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0296.741] LocalFree (hMem=0x92f968) returned 0x0 [0296.741] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0296.741] CertDuplicateCertificateContext (pCertContext=0x9d8298) returned 0x9d8298 [0296.742] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0296.742] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0296.742] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.743] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0296.743] SetLastError (dwErrCode=0x0) [0296.743] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0296.744] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.744] CertFreeCRLContext (pCrlContext=0x9d8298) returned 1 [0296.744] EncryptMessage (in: phContext=0x31b0770, fQOP=0x0, pMessage=0x31b249c, MessageSeqNo=0x0 | out: pMessage=0x31b249c) returned 0x0 [0296.745] CoTaskMemAlloc (cb=0x10) returned 0x9f3120 [0296.745] WSASend (in: s=0x74c, lpBuffers=0x9f3120*=((len=0x33, buf=0x31b0c90*), (len=0x4f, buf=0x31b23b8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0296.745] CoTaskMemFree (pv=0x9f3120) [0296.745] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0296.745] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0296.769] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0296.769] DecryptMessage (in: phContext=0x31b0770, pMessage=0x31b2608, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31b2608, pfQOP=0x0) returned 0x0 [0296.770] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0296.770] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0296.770] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0296.770] DecryptMessage (in: phContext=0x31b0770, pMessage=0x31b409c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31b409c, pfQOP=0x0) returned 0x0 [0296.771] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0296.771] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0296.771] DecryptMessage (in: phContext=0x31b0770, pMessage=0x31b4ea0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31b4ea0, pfQOP=0x0) returned 0x0 [0296.771] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0296.772] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0296.772] DecryptMessage (in: phContext=0x31b0770, pMessage=0x31b60e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31b60e8, pfQOP=0x0) returned 0x0 [0296.772] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0296.772] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0296.772] DecryptMessage (in: phContext=0x31b0770, pMessage=0x31b61fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31b61fc, pfQOP=0x0) returned 0x0 [0296.773] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0296.773] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0296.773] DecryptMessage (in: phContext=0x31b0770, pMessage=0x31b8560, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31b8560, pfQOP=0x0) returned 0x0 [0296.773] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0296.773] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0296.773] DecryptMessage (in: phContext=0x31b0770, pMessage=0x31b8674, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31b8674, pfQOP=0x0) returned 0x0 [0296.773] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0296.774] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0296.774] DecryptMessage (in: phContext=0x31b0770, pMessage=0x31b8788, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31b8788, pfQOP=0x0) returned 0x0 [0296.774] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0296.774] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0296.774] DecryptMessage (in: phContext=0x31b0770, pMessage=0x31bcd24, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31bcd24, pfQOP=0x0) returned 0x0 [0296.775] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0296.775] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0296.775] DecryptMessage (in: phContext=0x31b0770, pMessage=0x31bce38, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31bce38, pfQOP=0x0) returned 0x0 [0296.775] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0296.775] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0296.775] DecryptMessage (in: phContext=0x31b0770, pMessage=0x31bcf4c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31bcf4c, pfQOP=0x0) returned 0x0 [0296.775] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0296.776] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0296.776] DecryptMessage (in: phContext=0x31b0770, pMessage=0x31bd060, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31bd060, pfQOP=0x0) returned 0x0 [0296.776] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0296.776] recv (in: s=0x74c, buf=0x31617d5, len=29, flags=0 | out: buf=0x31617d5*) returned 29 [0296.776] DecryptMessage (in: phContext=0x31b0770, pMessage=0x31bd174, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31bd174, pfQOP=0x0) returned 0x0 [0296.776] SetEvent (hEvent=0x4a8) returned 1 [0296.777] QueryContextAttributesW (in: phContext=0x31b0770, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0296.778] DeleteSecurityContext (phContext=0x31b0770) returned 0x0 [0296.778] shutdown (s=0x74c, how=2) returned 0 [0296.779] closesocket (s=0x74c) returned 0 [0296.787] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743453970887) returned 1 [0296.787] SetEvent (hEvent=0x4a8) returned 1 [0296.788] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0296.789] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0296.789] WSAConnect (in: s=0x74c, name=0x31c054c*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0296.799] closesocket (s=0x768) returned 0 [0296.801] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x31c05ac, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x31c0a98, pOutput=0x31c0a30, pfContextAttr=0x31c0948, ptsExpiry=0x73ed80 | out: phNewContext=0x31c0a98, pOutput=0x31c0a30, pfContextAttr=0x31c0948, ptsExpiry=0x73ed80) returned 0x90312 [0296.801] FreeContextBuffer (in: pvContextBuffer=0x57265d0 | out: pvContextBuffer=0x57265d0) returned 0x0 [0296.801] send (s=0x74c, buf=0x31c0aac*, len=366, flags=0) returned 366 [0296.802] recv (in: s=0x74c, buf=0x31c0aac, len=5, flags=0 | out: buf=0x31c0aac*) returned 5 [0296.812] recv (in: s=0x74c, buf=0x31c0ab1, len=59, flags=0 | out: buf=0x31c0ab1*) returned 59 [0296.812] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x31c05ac, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31c0ca0, Reserved2=0x0, phNewContext=0x31c0a98, pOutput=0x31c0cb4, pfContextAttr=0x31c0948, ptsExpiry=0x73ecdc | out: phNewContext=0x31c0a98, pOutput=0x31c0cb4, pfContextAttr=0x31c0948, ptsExpiry=0x73ecdc) returned 0x90312 [0296.812] recv (in: s=0x74c, buf=0x31c0d44, len=5, flags=0 | out: buf=0x31c0d44*) returned 5 [0296.812] recv (in: s=0x74c, buf=0x31c0d5d, len=1, flags=0 | out: buf=0x31c0d5d*) returned 1 [0296.813] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x31c05ac, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31c0dd0, Reserved2=0x0, phNewContext=0x31c0a98, pOutput=0x31c0de4, pfContextAttr=0x31c0948, ptsExpiry=0x73ec3c | out: phNewContext=0x31c0a98, pOutput=0x31c0de4, pfContextAttr=0x31c0948, ptsExpiry=0x73ec3c) returned 0x90312 [0296.813] recv (in: s=0x74c, buf=0x31c0e74, len=5, flags=0 | out: buf=0x31c0e74*) returned 5 [0296.813] recv (in: s=0x74c, buf=0x31c0e8d, len=40, flags=0 | out: buf=0x31c0e8d*) returned 40 [0296.813] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x31c05ac, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31c0f28, Reserved2=0x0, phNewContext=0x31c0a98, pOutput=0x31c0f3c, pfContextAttr=0x31c0948, ptsExpiry=0x73eb9c | out: phNewContext=0x31c0a98, pOutput=0x31c0f3c, pfContextAttr=0x31c0948, ptsExpiry=0x73eb9c) returned 0x0 [0296.814] FreeContextBuffer (in: pvContextBuffer=0x9d8858 | out: pvContextBuffer=0x9d8858) returned 0x0 [0296.815] QueryContextAttributesW (in: phContext=0x31c0a98, ulAttribute=0x4, pBuffer=0x31c100c | out: pBuffer=0x31c100c) returned 0x0 [0296.815] QueryContextAttributesW (in: phContext=0x31c0a98, ulAttribute=0x5a, pBuffer=0x31c1048 | out: pBuffer=0x31c1048) returned 0x0 [0296.815] QueryContextAttributesW (in: phContext=0x31c0a98, ulAttribute=0x53, pBuffer=0x31c1094 | out: pBuffer=0x31c1094) returned 0x0 [0296.816] CertDuplicateCertificateContext (pCertContext=0x9d84c8) returned 0x9d84c8 [0296.817] CertDuplicateStore (hCertStore=0x9e0350) returned 0x9e0350 [0296.817] CertEnumCertificatesInStore (hCertStore=0x9e0350, pPrevCertContext=0x0) returned 0x9d8518 [0296.817] CertDuplicateCertificateContext (pCertContext=0x9d8518) returned 0x9d8518 [0296.818] CertEnumCertificatesInStore (hCertStore=0x9e0350, pPrevCertContext=0x9d8518) returned 0x9d84c8 [0296.818] CertDuplicateCertificateContext (pCertContext=0x9d84c8) returned 0x9d84c8 [0296.818] CertEnumCertificatesInStore (hCertStore=0x9e0350, pPrevCertContext=0x9d84c8) returned 0x0 [0296.818] CertCloseStore (hCertStore=0x9e0350, dwFlags=0x0) returned 1 [0296.818] CertFreeCRLContext (pCrlContext=0x9d84c8) returned 1 [0296.819] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9e03c8 [0296.819] CertAddCRLLinkToStore (in: hCertStore=0x9e03c8, pCrlContext=0x9d8518, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.819] CertAddCRLLinkToStore (in: hCertStore=0x9e03c8, pCrlContext=0x9d84c8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.820] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x92f888 [0296.820] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9d84c8, pTime=0x73ebb0, hAdditionalStore=0x9e03c8, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0296.820] LocalFree (hMem=0x92f888) returned 0x0 [0296.821] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0296.821] CertDuplicateCertificateContext (pCertContext=0x9d84c8) returned 0x9d84c8 [0296.822] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0296.822] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0296.822] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.822] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0296.822] SetLastError (dwErrCode=0x0) [0296.822] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0296.824] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.824] CertFreeCRLContext (pCrlContext=0x9d84c8) returned 1 [0296.824] EncryptMessage (in: phContext=0x31c0a98, fQOP=0x0, pMessage=0x31c27c4, MessageSeqNo=0x0 | out: pMessage=0x31c27c4) returned 0x0 [0296.824] CoTaskMemAlloc (cb=0x10) returned 0x9f2fb8 [0296.824] WSASend (in: s=0x74c, lpBuffers=0x9f2fb8*=((len=0x33, buf=0x31c0fb8*), (len=0x4f, buf=0x31c26e0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0296.825] CoTaskMemFree (pv=0x9f2fb8) [0296.825] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0296.825] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0296.841] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0296.841] DecryptMessage (in: phContext=0x31c0a98, pMessage=0x31c2930, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31c2930, pfQOP=0x0) returned 0x0 [0296.842] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0296.842] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0296.842] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0296.842] DecryptMessage (in: phContext=0x31c0a98, pMessage=0x31c43c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31c43c4, pfQOP=0x0) returned 0x0 [0296.843] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0296.843] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0296.843] DecryptMessage (in: phContext=0x31c0a98, pMessage=0x31c51c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31c51c8, pfQOP=0x0) returned 0x0 [0296.844] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0296.844] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0296.844] DecryptMessage (in: phContext=0x31c0a98, pMessage=0x31c6410, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31c6410, pfQOP=0x0) returned 0x0 [0296.844] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0296.844] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0296.844] DecryptMessage (in: phContext=0x31c0a98, pMessage=0x31c6524, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31c6524, pfQOP=0x0) returned 0x0 [0296.845] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0296.845] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0296.845] DecryptMessage (in: phContext=0x31c0a98, pMessage=0x31c8888, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31c8888, pfQOP=0x0) returned 0x0 [0296.846] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0296.846] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0296.846] DecryptMessage (in: phContext=0x31c0a98, pMessage=0x31c899c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31c899c, pfQOP=0x0) returned 0x0 [0296.846] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0296.846] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0296.846] DecryptMessage (in: phContext=0x31c0a98, pMessage=0x31c8ab0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31c8ab0, pfQOP=0x0) returned 0x0 [0296.848] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0296.848] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0296.848] DecryptMessage (in: phContext=0x31c0a98, pMessage=0x31cd04c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31cd04c, pfQOP=0x0) returned 0x0 [0296.848] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0296.848] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0296.849] DecryptMessage (in: phContext=0x31c0a98, pMessage=0x31cd160, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31cd160, pfQOP=0x0) returned 0x0 [0296.849] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0296.849] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0296.849] DecryptMessage (in: phContext=0x31c0a98, pMessage=0x31cd274, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31cd274, pfQOP=0x0) returned 0x0 [0296.849] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0296.849] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0296.850] DecryptMessage (in: phContext=0x31c0a98, pMessage=0x31cd388, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31cd388, pfQOP=0x0) returned 0x0 [0296.850] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0296.850] recv (in: s=0x74c, buf=0x315d791, len=51, flags=0 | out: buf=0x315d791*) returned 51 [0296.850] DecryptMessage (in: phContext=0x31c0a98, pMessage=0x31cd49c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31cd49c, pfQOP=0x0) returned 0x0 [0296.850] SetEvent (hEvent=0x4a8) returned 1 [0296.851] QueryContextAttributesW (in: phContext=0x31c0a98, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0296.851] DeleteSecurityContext (phContext=0x31c0a98) returned 0x0 [0296.852] shutdown (s=0x74c, how=2) returned 0 [0296.852] closesocket (s=0x74c) returned 0 [0296.859] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743461178263) returned 1 [0296.859] SetEvent (hEvent=0x4a8) returned 1 [0296.861] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0296.862] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0296.866] WSAConnect (in: s=0x74c, name=0x31d0880*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0296.876] closesocket (s=0x768) returned 0 [0296.877] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x31d08e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x31d0dc0, pOutput=0x31d0d58, pfContextAttr=0x31d0c70, ptsExpiry=0x73ed80 | out: phNewContext=0x31d0dc0, pOutput=0x31d0d58, pfContextAttr=0x31d0c70, ptsExpiry=0x73ed80) returned 0x90312 [0296.878] FreeContextBuffer (in: pvContextBuffer=0x5726448 | out: pvContextBuffer=0x5726448) returned 0x0 [0296.878] send (s=0x74c, buf=0x31d0dd4*, len=366, flags=0) returned 366 [0296.879] recv (in: s=0x74c, buf=0x31d0dd4, len=5, flags=0 | out: buf=0x31d0dd4*) returned 5 [0296.889] recv (in: s=0x74c, buf=0x31d0dd9, len=59, flags=0 | out: buf=0x31d0dd9*) returned 59 [0296.890] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x31d08e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31d0fc8, Reserved2=0x0, phNewContext=0x31d0dc0, pOutput=0x31d0fdc, pfContextAttr=0x31d0c70, ptsExpiry=0x73ecdc | out: phNewContext=0x31d0dc0, pOutput=0x31d0fdc, pfContextAttr=0x31d0c70, ptsExpiry=0x73ecdc) returned 0x90312 [0296.890] recv (in: s=0x74c, buf=0x31d106c, len=5, flags=0 | out: buf=0x31d106c*) returned 5 [0296.890] recv (in: s=0x74c, buf=0x31d1085, len=1, flags=0 | out: buf=0x31d1085*) returned 1 [0296.891] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x31d08e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31d10f8, Reserved2=0x0, phNewContext=0x31d0dc0, pOutput=0x31d110c, pfContextAttr=0x31d0c70, ptsExpiry=0x73ec3c | out: phNewContext=0x31d0dc0, pOutput=0x31d110c, pfContextAttr=0x31d0c70, ptsExpiry=0x73ec3c) returned 0x90312 [0296.910] recv (in: s=0x74c, buf=0x31d119c, len=5, flags=0 | out: buf=0x31d119c*) returned 5 [0296.910] recv (in: s=0x74c, buf=0x31d11b5, len=40, flags=0 | out: buf=0x31d11b5*) returned 40 [0296.911] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x31d08e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31d1250, Reserved2=0x0, phNewContext=0x31d0dc0, pOutput=0x31d1264, pfContextAttr=0x31d0c70, ptsExpiry=0x73eb9c | out: phNewContext=0x31d0dc0, pOutput=0x31d1264, pfContextAttr=0x31d0c70, ptsExpiry=0x73eb9c) returned 0x0 [0296.912] FreeContextBuffer (in: pvContextBuffer=0x9d86c8 | out: pvContextBuffer=0x9d86c8) returned 0x0 [0296.912] QueryContextAttributesW (in: phContext=0x31d0dc0, ulAttribute=0x4, pBuffer=0x31d1334 | out: pBuffer=0x31d1334) returned 0x0 [0296.912] QueryContextAttributesW (in: phContext=0x31d0dc0, ulAttribute=0x5a, pBuffer=0x31d1370 | out: pBuffer=0x31d1370) returned 0x0 [0296.913] QueryContextAttributesW (in: phContext=0x31d0dc0, ulAttribute=0x53, pBuffer=0x31d13bc | out: pBuffer=0x31d13bc) returned 0x0 [0296.913] CertDuplicateCertificateContext (pCertContext=0x9d82e8) returned 0x9d82e8 [0296.914] CertDuplicateStore (hCertStore=0x9dfc48) returned 0x9dfc48 [0296.914] CertEnumCertificatesInStore (hCertStore=0x9dfc48, pPrevCertContext=0x0) returned 0x9d86f8 [0296.915] CertDuplicateCertificateContext (pCertContext=0x9d86f8) returned 0x9d86f8 [0296.915] CertEnumCertificatesInStore (hCertStore=0x9dfc48, pPrevCertContext=0x9d86f8) returned 0x9d82e8 [0296.915] CertDuplicateCertificateContext (pCertContext=0x9d82e8) returned 0x9d82e8 [0296.915] CertEnumCertificatesInStore (hCertStore=0x9dfc48, pPrevCertContext=0x9d82e8) returned 0x0 [0296.915] CertCloseStore (hCertStore=0x9dfc48, dwFlags=0x0) returned 1 [0296.915] CertFreeCRLContext (pCrlContext=0x9d82e8) returned 1 [0296.916] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9e0710 [0296.917] CertAddCRLLinkToStore (in: hCertStore=0x9e0710, pCrlContext=0x9d86f8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.917] CertAddCRLLinkToStore (in: hCertStore=0x9e0710, pCrlContext=0x9d82e8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0296.918] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x92f788 [0296.918] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9d82e8, pTime=0x73ebb0, hAdditionalStore=0x9e0710, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0296.918] LocalFree (hMem=0x92f788) returned 0x0 [0296.919] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0296.919] CertDuplicateCertificateContext (pCertContext=0x9d82e8) returned 0x9d82e8 [0296.920] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0296.921] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0296.921] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.921] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0296.921] SetLastError (dwErrCode=0x0) [0296.921] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0296.922] CertFreeCertificateChain (pChainContext=0x9a8958) [0296.923] CertFreeCRLContext (pCrlContext=0x9d82e8) returned 1 [0296.924] EncryptMessage (in: phContext=0x31d0dc0, fQOP=0x0, pMessage=0x31d2aec, MessageSeqNo=0x0 | out: pMessage=0x31d2aec) returned 0x0 [0296.924] CoTaskMemAlloc (cb=0x10) returned 0x9f31c8 [0296.924] WSASend (in: s=0x74c, lpBuffers=0x9f31c8*=((len=0x33, buf=0x31d12e0*), (len=0x4f, buf=0x31d2a08*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0296.925] CoTaskMemFree (pv=0x9f31c8) [0296.925] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0296.925] recv (in: s=0x74c, buf=0x3159748, len=5, flags=0 | out: buf=0x3159748*) returned 5 [0296.954] recv (in: s=0x74c, buf=0x315974d, len=1393, flags=0 | out: buf=0x315974d*) returned 1393 [0296.954] DecryptMessage (in: phContext=0x31d0dc0, pMessage=0x31d2c58, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31d2c58, pfQOP=0x0) returned 0x0 [0296.955] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0296.956] recv (in: s=0x74c, buf=0x3159748, len=5, flags=0 | out: buf=0x3159748*) returned 5 [0296.956] recv (in: s=0x74c, buf=0x315974d, len=1393, flags=0 | out: buf=0x315974d*) returned 1393 [0296.956] DecryptMessage (in: phContext=0x31d0dc0, pMessage=0x31d46ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31d46ec, pfQOP=0x0) returned 0x0 [0296.956] recv (in: s=0x74c, buf=0x3159748, len=5, flags=0 | out: buf=0x3159748*) returned 5 [0296.957] recv (in: s=0x74c, buf=0x315974d, len=1393, flags=0 | out: buf=0x315974d*) returned 1393 [0296.957] DecryptMessage (in: phContext=0x31d0dc0, pMessage=0x31d54f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31d54f0, pfQOP=0x0) returned 0x0 [0296.957] recv (in: s=0x74c, buf=0x3159748, len=5, flags=0 | out: buf=0x3159748*) returned 5 [0296.957] recv (in: s=0x74c, buf=0x315974d, len=1393, flags=0 | out: buf=0x315974d*) returned 1393 [0296.958] DecryptMessage (in: phContext=0x31d0dc0, pMessage=0x31d6738, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31d6738, pfQOP=0x0) returned 0x0 [0296.958] recv (in: s=0x74c, buf=0x3159748, len=5, flags=0 | out: buf=0x3159748*) returned 5 [0296.958] recv (in: s=0x74c, buf=0x315974d, len=1393, flags=0 | out: buf=0x315974d*) returned 1393 [0296.958] DecryptMessage (in: phContext=0x31d0dc0, pMessage=0x31d684c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31d684c, pfQOP=0x0) returned 0x0 [0296.959] recv (in: s=0x74c, buf=0x3159748, len=5, flags=0 | out: buf=0x3159748*) returned 5 [0296.959] recv (in: s=0x74c, buf=0x315974d, len=1393, flags=0 | out: buf=0x315974d*) returned 1393 [0296.959] DecryptMessage (in: phContext=0x31d0dc0, pMessage=0x31d8bb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31d8bb0, pfQOP=0x0) returned 0x0 [0296.959] recv (in: s=0x74c, buf=0x3159748, len=5, flags=0 | out: buf=0x3159748*) returned 5 [0296.959] recv (in: s=0x74c, buf=0x315974d, len=1393, flags=0 | out: buf=0x315974d*) returned 1393 [0296.960] DecryptMessage (in: phContext=0x31d0dc0, pMessage=0x31d8cc4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31d8cc4, pfQOP=0x0) returned 0x0 [0296.960] recv (in: s=0x74c, buf=0x3159748, len=5, flags=0 | out: buf=0x3159748*) returned 5 [0296.960] recv (in: s=0x74c, buf=0x315974d, len=1393, flags=0 | out: buf=0x315974d*) returned 1393 [0296.960] DecryptMessage (in: phContext=0x31d0dc0, pMessage=0x31d8dd8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31d8dd8, pfQOP=0x0) returned 0x0 [0296.961] recv (in: s=0x74c, buf=0x3159748, len=5, flags=0 | out: buf=0x3159748*) returned 5 [0296.961] recv (in: s=0x74c, buf=0x315974d, len=1393, flags=0 | out: buf=0x315974d*) returned 1393 [0296.961] DecryptMessage (in: phContext=0x31d0dc0, pMessage=0x31dd374, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31dd374, pfQOP=0x0) returned 0x0 [0296.961] recv (in: s=0x74c, buf=0x3159748, len=5, flags=0 | out: buf=0x3159748*) returned 5 [0296.962] recv (in: s=0x74c, buf=0x315974d, len=1393, flags=0 | out: buf=0x315974d*) returned 1393 [0296.962] DecryptMessage (in: phContext=0x31d0dc0, pMessage=0x31dd488, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31dd488, pfQOP=0x0) returned 0x0 [0296.962] recv (in: s=0x74c, buf=0x3159748, len=5, flags=0 | out: buf=0x3159748*) returned 5 [0296.962] recv (in: s=0x74c, buf=0x315974d, len=1393, flags=0 | out: buf=0x315974d*) returned 1393 [0296.962] DecryptMessage (in: phContext=0x31d0dc0, pMessage=0x31dd59c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31dd59c, pfQOP=0x0) returned 0x0 [0296.962] recv (in: s=0x74c, buf=0x3159748, len=5, flags=0 | out: buf=0x3159748*) returned 5 [0296.963] recv (in: s=0x74c, buf=0x315974d, len=1393, flags=0 | out: buf=0x315974d*) returned 1393 [0296.963] DecryptMessage (in: phContext=0x31d0dc0, pMessage=0x31dd6b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31dd6b0, pfQOP=0x0) returned 0x0 [0296.963] recv (in: s=0x74c, buf=0x3159748, len=5, flags=0 | out: buf=0x3159748*) returned 5 [0296.963] recv (in: s=0x74c, buf=0x315974d, len=29, flags=0 | out: buf=0x315974d*) returned 29 [0296.963] DecryptMessage (in: phContext=0x31d0dc0, pMessage=0x31dd7c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31dd7c4, pfQOP=0x0) returned 0x0 [0296.964] SetEvent (hEvent=0x4a8) returned 1 [0296.964] QueryContextAttributesW (in: phContext=0x31d0dc0, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0296.966] DeleteSecurityContext (phContext=0x31d0dc0) returned 0x0 [0296.967] shutdown (s=0x74c, how=2) returned 0 [0296.968] closesocket (s=0x74c) returned 0 [0296.976] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743472879214) returned 1 [0296.976] SetEvent (hEvent=0x4a8) returned 1 [0296.978] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0296.979] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0296.980] WSAConnect (in: s=0x74c, name=0x31e0ba8*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0296.992] closesocket (s=0x768) returned 0 [0296.993] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x31e0c08, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x31e10e8, pOutput=0x31e1080, pfContextAttr=0x31e0f98, ptsExpiry=0x73ed80 | out: phNewContext=0x31e10e8, pOutput=0x31e1080, pfContextAttr=0x31e0f98, ptsExpiry=0x73ed80) returned 0x90312 [0296.994] FreeContextBuffer (in: pvContextBuffer=0x5726448 | out: pvContextBuffer=0x5726448) returned 0x0 [0296.994] send (s=0x74c, buf=0x31e10fc*, len=366, flags=0) returned 366 [0296.994] recv (in: s=0x74c, buf=0x31e10fc, len=5, flags=0 | out: buf=0x31e10fc*) returned 5 [0297.002] recv (in: s=0x74c, buf=0x31e1101, len=59, flags=0 | out: buf=0x31e1101*) returned 59 [0297.003] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x31e0c08, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31e12f0, Reserved2=0x0, phNewContext=0x31e10e8, pOutput=0x31e1304, pfContextAttr=0x31e0f98, ptsExpiry=0x73ecdc | out: phNewContext=0x31e10e8, pOutput=0x31e1304, pfContextAttr=0x31e0f98, ptsExpiry=0x73ecdc) returned 0x90312 [0297.004] recv (in: s=0x74c, buf=0x31e1394, len=5, flags=0 | out: buf=0x31e1394*) returned 5 [0297.004] recv (in: s=0x74c, buf=0x31e13ad, len=1, flags=0 | out: buf=0x31e13ad*) returned 1 [0297.004] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x31e0c08, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31e1420, Reserved2=0x0, phNewContext=0x31e10e8, pOutput=0x31e1434, pfContextAttr=0x31e0f98, ptsExpiry=0x73ec3c | out: phNewContext=0x31e10e8, pOutput=0x31e1434, pfContextAttr=0x31e0f98, ptsExpiry=0x73ec3c) returned 0x90312 [0297.005] recv (in: s=0x74c, buf=0x31e14c4, len=5, flags=0 | out: buf=0x31e14c4*) returned 5 [0297.005] recv (in: s=0x74c, buf=0x31e14dd, len=40, flags=0 | out: buf=0x31e14dd*) returned 40 [0297.005] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x31e0c08, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31e1578, Reserved2=0x0, phNewContext=0x31e10e8, pOutput=0x31e158c, pfContextAttr=0x31e0f98, ptsExpiry=0x73eb9c | out: phNewContext=0x31e10e8, pOutput=0x31e158c, pfContextAttr=0x31e0f98, ptsExpiry=0x73eb9c) returned 0x0 [0297.007] FreeContextBuffer (in: pvContextBuffer=0x9d8768 | out: pvContextBuffer=0x9d8768) returned 0x0 [0297.007] QueryContextAttributesW (in: phContext=0x31e10e8, ulAttribute=0x4, pBuffer=0x31e165c | out: pBuffer=0x31e165c) returned 0x0 [0297.007] QueryContextAttributesW (in: phContext=0x31e10e8, ulAttribute=0x5a, pBuffer=0x31e1698 | out: pBuffer=0x31e1698) returned 0x0 [0297.007] QueryContextAttributesW (in: phContext=0x31e10e8, ulAttribute=0x53, pBuffer=0x31e16e4 | out: pBuffer=0x31e16e4) returned 0x0 [0297.008] CertDuplicateCertificateContext (pCertContext=0x9d8a68) returned 0x9d8a68 [0297.008] CertDuplicateStore (hCertStore=0x9e0530) returned 0x9e0530 [0297.009] CertEnumCertificatesInStore (hCertStore=0x9e0530, pPrevCertContext=0x0) returned 0x9d8798 [0297.009] CertDuplicateCertificateContext (pCertContext=0x9d8798) returned 0x9d8798 [0297.009] CertEnumCertificatesInStore (hCertStore=0x9e0530, pPrevCertContext=0x9d8798) returned 0x9d8a68 [0297.010] CertDuplicateCertificateContext (pCertContext=0x9d8a68) returned 0x9d8a68 [0297.010] CertEnumCertificatesInStore (hCertStore=0x9e0530, pPrevCertContext=0x9d8a68) returned 0x0 [0297.010] CertCloseStore (hCertStore=0x9e0530, dwFlags=0x0) returned 1 [0297.010] CertFreeCRLContext (pCrlContext=0x9d8a68) returned 1 [0297.011] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9e0080 [0297.011] CertAddCRLLinkToStore (in: hCertStore=0x9e0080, pCrlContext=0x9d8798, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0297.012] CertAddCRLLinkToStore (in: hCertStore=0x9e0080, pCrlContext=0x9d8a68, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0297.012] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x92f7c8 [0297.013] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9d8a68, pTime=0x73ebb0, hAdditionalStore=0x9e0080, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0297.013] LocalFree (hMem=0x92f7c8) returned 0x0 [0297.014] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0297.014] CertDuplicateCertificateContext (pCertContext=0x9d8a68) returned 0x9d8a68 [0297.016] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0297.017] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0297.017] CertFreeCertificateChain (pChainContext=0x9a8958) [0297.017] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0297.017] SetLastError (dwErrCode=0x0) [0297.017] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0297.017] CertFreeCertificateChain (pChainContext=0x9a8958) [0297.018] CertFreeCRLContext (pCrlContext=0x9d8a68) returned 1 [0297.018] EncryptMessage (in: phContext=0x31e10e8, fQOP=0x0, pMessage=0x31e2e14, MessageSeqNo=0x0 | out: pMessage=0x31e2e14) returned 0x0 [0297.018] CoTaskMemAlloc (cb=0x10) returned 0x9f31f8 [0297.019] WSASend (in: s=0x74c, lpBuffers=0x9f31f8*=((len=0x33, buf=0x31e1608*), (len=0x4f, buf=0x31e2d30*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0297.020] CoTaskMemFree (pv=0x9f31f8) [0297.020] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0297.020] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0297.039] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0297.039] DecryptMessage (in: phContext=0x31e10e8, pMessage=0x31e2f80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31e2f80, pfQOP=0x0) returned 0x0 [0297.040] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0297.040] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0297.040] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0297.041] DecryptMessage (in: phContext=0x31e10e8, pMessage=0x31e4a14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31e4a14, pfQOP=0x0) returned 0x0 [0297.041] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0297.041] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0297.041] DecryptMessage (in: phContext=0x31e10e8, pMessage=0x31e5818, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31e5818, pfQOP=0x0) returned 0x0 [0297.042] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0297.042] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0297.042] DecryptMessage (in: phContext=0x31e10e8, pMessage=0x31e6a60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31e6a60, pfQOP=0x0) returned 0x0 [0297.042] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0297.042] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0297.043] DecryptMessage (in: phContext=0x31e10e8, pMessage=0x31e6b74, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31e6b74, pfQOP=0x0) returned 0x0 [0297.043] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0297.043] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0297.044] DecryptMessage (in: phContext=0x31e10e8, pMessage=0x31e8ed8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31e8ed8, pfQOP=0x0) returned 0x0 [0297.044] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0297.044] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0297.044] DecryptMessage (in: phContext=0x31e10e8, pMessage=0x31e8fec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31e8fec, pfQOP=0x0) returned 0x0 [0297.044] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0297.045] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0297.045] DecryptMessage (in: phContext=0x31e10e8, pMessage=0x31e9100, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31e9100, pfQOP=0x0) returned 0x0 [0297.045] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0297.046] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0297.046] DecryptMessage (in: phContext=0x31e10e8, pMessage=0x31ed69c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31ed69c, pfQOP=0x0) returned 0x0 [0297.046] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0297.046] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0297.046] DecryptMessage (in: phContext=0x31e10e8, pMessage=0x31ed7b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31ed7b0, pfQOP=0x0) returned 0x0 [0297.047] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0297.047] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0297.047] DecryptMessage (in: phContext=0x31e10e8, pMessage=0x31ed8c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31ed8c4, pfQOP=0x0) returned 0x0 [0297.047] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0297.047] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0297.047] DecryptMessage (in: phContext=0x31e10e8, pMessage=0x31ed9d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31ed9d8, pfQOP=0x0) returned 0x0 [0297.048] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0297.048] recv (in: s=0x74c, buf=0x3155709, len=29, flags=0 | out: buf=0x3155709*) returned 29 [0297.048] DecryptMessage (in: phContext=0x31e10e8, pMessage=0x31edaec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31edaec, pfQOP=0x0) returned 0x0 [0297.048] SetEvent (hEvent=0x4a8) returned 1 [0297.048] QueryContextAttributesW (in: phContext=0x31e10e8, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0297.049] DeleteSecurityContext (phContext=0x31e10e8) returned 0x0 [0297.052] shutdown (s=0x74c, how=2) returned 0 [0297.052] closesocket (s=0x74c) returned 0 [0297.059] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743481176093) returned 1 [0297.059] SetEvent (hEvent=0x4a8) returned 1 [0297.061] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0297.062] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0297.063] WSAConnect (in: s=0x74c, name=0x31f0ed0*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0297.113] closesocket (s=0x768) returned 0 [0297.114] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x31f0f30, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x31f1410, pOutput=0x31f13a8, pfContextAttr=0x31f12c0, ptsExpiry=0x73ed80 | out: phNewContext=0x31f1410, pOutput=0x31f13a8, pfContextAttr=0x31f12c0, ptsExpiry=0x73ed80) returned 0x90312 [0297.115] FreeContextBuffer (in: pvContextBuffer=0x5726138 | out: pvContextBuffer=0x5726138) returned 0x0 [0297.115] send (s=0x74c, buf=0x31f1424*, len=366, flags=0) returned 366 [0297.117] recv (in: s=0x74c, buf=0x31f1424, len=5, flags=0 | out: buf=0x31f1424*) returned 5 [0297.142] recv (in: s=0x74c, buf=0x31f1429, len=59, flags=0 | out: buf=0x31f1429*) returned 59 [0297.143] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x31f0f30, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31f1618, Reserved2=0x0, phNewContext=0x31f1410, pOutput=0x31f162c, pfContextAttr=0x31f12c0, ptsExpiry=0x73ecdc | out: phNewContext=0x31f1410, pOutput=0x31f162c, pfContextAttr=0x31f12c0, ptsExpiry=0x73ecdc) returned 0x90312 [0297.143] recv (in: s=0x74c, buf=0x31f16bc, len=5, flags=0 | out: buf=0x31f16bc*) returned 5 [0297.143] recv (in: s=0x74c, buf=0x31f16d5, len=1, flags=0 | out: buf=0x31f16d5*) returned 1 [0297.223] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x31f0f30, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31f1748, Reserved2=0x0, phNewContext=0x31f1410, pOutput=0x31f175c, pfContextAttr=0x31f12c0, ptsExpiry=0x73ec3c | out: phNewContext=0x31f1410, pOutput=0x31f175c, pfContextAttr=0x31f12c0, ptsExpiry=0x73ec3c) returned 0x90312 [0297.224] recv (in: s=0x74c, buf=0x31f17ec, len=5, flags=0 | out: buf=0x31f17ec*) returned 5 [0297.224] recv (in: s=0x74c, buf=0x31f1805, len=40, flags=0 | out: buf=0x31f1805*) returned 40 [0297.224] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x31f0f30, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x31f18a0, Reserved2=0x0, phNewContext=0x31f1410, pOutput=0x31f18b4, pfContextAttr=0x31f12c0, ptsExpiry=0x73eb9c | out: phNewContext=0x31f1410, pOutput=0x31f18b4, pfContextAttr=0x31f12c0, ptsExpiry=0x73eb9c) returned 0x0 [0297.225] FreeContextBuffer (in: pvContextBuffer=0x9d8a88 | out: pvContextBuffer=0x9d8a88) returned 0x0 [0297.225] QueryContextAttributesW (in: phContext=0x31f1410, ulAttribute=0x4, pBuffer=0x31f1984 | out: pBuffer=0x31f1984) returned 0x0 [0297.225] QueryContextAttributesW (in: phContext=0x31f1410, ulAttribute=0x5a, pBuffer=0x31f19c0 | out: pBuffer=0x31f19c0) returned 0x0 [0297.225] QueryContextAttributesW (in: phContext=0x31f1410, ulAttribute=0x53, pBuffer=0x31f1a0c | out: pBuffer=0x31f1a0c) returned 0x0 [0297.226] CertDuplicateCertificateContext (pCertContext=0x9d8928) returned 0x9d8928 [0297.226] CertDuplicateStore (hCertStore=0x9e0788) returned 0x9e0788 [0297.226] CertEnumCertificatesInStore (hCertStore=0x9e0788, pPrevCertContext=0x0) returned 0x9d8ab8 [0297.227] CertDuplicateCertificateContext (pCertContext=0x9d8ab8) returned 0x9d8ab8 [0297.227] CertEnumCertificatesInStore (hCertStore=0x9e0788, pPrevCertContext=0x9d8ab8) returned 0x9d8928 [0297.227] CertDuplicateCertificateContext (pCertContext=0x9d8928) returned 0x9d8928 [0297.227] CertEnumCertificatesInStore (hCertStore=0x9e0788, pPrevCertContext=0x9d8928) returned 0x0 [0297.227] CertCloseStore (hCertStore=0x9e0788, dwFlags=0x0) returned 1 [0297.228] CertFreeCRLContext (pCrlContext=0x9d8928) returned 1 [0297.228] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9e0800 [0297.229] CertAddCRLLinkToStore (in: hCertStore=0x9e0800, pCrlContext=0x9d8ab8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0297.229] CertAddCRLLinkToStore (in: hCertStore=0x9e0800, pCrlContext=0x9d8928, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0297.231] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x92fa88 [0297.231] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9d8928, pTime=0x73ebb0, hAdditionalStore=0x9e0800, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0297.231] LocalFree (hMem=0x92fa88) returned 0x0 [0297.231] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0297.232] CertDuplicateCertificateContext (pCertContext=0x9d8928) returned 0x9d8928 [0297.232] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0297.233] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0297.233] CertFreeCertificateChain (pChainContext=0x9a8958) [0297.233] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0297.233] SetLastError (dwErrCode=0x0) [0297.233] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0297.234] CertFreeCertificateChain (pChainContext=0x9a8958) [0297.234] CertFreeCRLContext (pCrlContext=0x9d8928) returned 1 [0297.234] EncryptMessage (in: phContext=0x31f1410, fQOP=0x0, pMessage=0x31f313c, MessageSeqNo=0x0 | out: pMessage=0x31f313c) returned 0x0 [0297.234] CoTaskMemAlloc (cb=0x10) returned 0x9f3120 [0297.234] WSASend (in: s=0x74c, lpBuffers=0x9f3120*=((len=0x33, buf=0x31f1930*), (len=0x4f, buf=0x31f3058*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0297.235] CoTaskMemFree (pv=0x9f3120) [0297.235] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0297.235] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0297.255] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0297.255] DecryptMessage (in: phContext=0x31f1410, pMessage=0x31f32a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31f32a8, pfQOP=0x0) returned 0x0 [0297.256] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0297.256] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0297.256] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0297.256] DecryptMessage (in: phContext=0x31f1410, pMessage=0x31f4d3c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31f4d3c, pfQOP=0x0) returned 0x0 [0297.256] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0297.257] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0297.257] DecryptMessage (in: phContext=0x31f1410, pMessage=0x31f5b40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31f5b40, pfQOP=0x0) returned 0x0 [0297.257] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0297.257] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0297.258] DecryptMessage (in: phContext=0x31f1410, pMessage=0x31f6d88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31f6d88, pfQOP=0x0) returned 0x0 [0297.258] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0297.258] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0297.258] DecryptMessage (in: phContext=0x31f1410, pMessage=0x31f6e9c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31f6e9c, pfQOP=0x0) returned 0x0 [0297.258] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0297.259] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0297.259] DecryptMessage (in: phContext=0x31f1410, pMessage=0x31f9200, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31f9200, pfQOP=0x0) returned 0x0 [0297.259] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0297.259] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0297.259] DecryptMessage (in: phContext=0x31f1410, pMessage=0x31f9314, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31f9314, pfQOP=0x0) returned 0x0 [0297.259] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0297.259] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0297.259] DecryptMessage (in: phContext=0x31f1410, pMessage=0x31f9428, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31f9428, pfQOP=0x0) returned 0x0 [0297.260] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0297.260] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0297.260] DecryptMessage (in: phContext=0x31f1410, pMessage=0x31fd9c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31fd9c4, pfQOP=0x0) returned 0x0 [0297.260] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0297.261] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0297.261] DecryptMessage (in: phContext=0x31f1410, pMessage=0x31fdad8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31fdad8, pfQOP=0x0) returned 0x0 [0297.261] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0297.261] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0297.261] DecryptMessage (in: phContext=0x31f1410, pMessage=0x31fdbec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31fdbec, pfQOP=0x0) returned 0x0 [0297.261] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0297.261] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0297.261] DecryptMessage (in: phContext=0x31f1410, pMessage=0x31fdd00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31fdd00, pfQOP=0x0) returned 0x0 [0297.262] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0297.262] recv (in: s=0x74c, buf=0x31515b9, len=51, flags=0 | out: buf=0x31515b9*) returned 51 [0297.262] DecryptMessage (in: phContext=0x31f1410, pMessage=0x31fde14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x31fde14, pfQOP=0x0) returned 0x0 [0297.262] SetEvent (hEvent=0x4a8) returned 1 [0297.262] QueryContextAttributesW (in: phContext=0x31f1410, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0297.262] DeleteSecurityContext (phContext=0x31f1410) returned 0x0 [0297.263] shutdown (s=0x74c, how=2) returned 0 [0297.263] closesocket (s=0x74c) returned 0 [0297.270] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743502268123) returned 1 [0297.270] SetEvent (hEvent=0x4a8) returned 1 [0297.271] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0297.272] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0297.273] WSAConnect (in: s=0x74c, name=0x32011e4*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0297.288] closesocket (s=0x768) returned 0 [0297.289] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3201258, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3201738, pOutput=0x32016d0, pfContextAttr=0x32015e8, ptsExpiry=0x73ed80 | out: phNewContext=0x3201738, pOutput=0x32016d0, pfContextAttr=0x32015e8, ptsExpiry=0x73ed80) returned 0x90312 [0297.293] FreeContextBuffer (in: pvContextBuffer=0x57268e0 | out: pvContextBuffer=0x57268e0) returned 0x0 [0297.293] send (s=0x74c, buf=0x320174c*, len=366, flags=0) returned 366 [0297.295] recv (in: s=0x74c, buf=0x320174c, len=5, flags=0 | out: buf=0x320174c*) returned 5 [0297.303] recv (in: s=0x74c, buf=0x3201751, len=59, flags=0 | out: buf=0x3201751*) returned 59 [0297.303] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3201258, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3201940, Reserved2=0x0, phNewContext=0x3201738, pOutput=0x3201954, pfContextAttr=0x32015e8, ptsExpiry=0x73ecdc | out: phNewContext=0x3201738, pOutput=0x3201954, pfContextAttr=0x32015e8, ptsExpiry=0x73ecdc) returned 0x90312 [0297.304] recv (in: s=0x74c, buf=0x32019e4, len=5, flags=0 | out: buf=0x32019e4*) returned 5 [0297.304] recv (in: s=0x74c, buf=0x32019fd, len=1, flags=0 | out: buf=0x32019fd*) returned 1 [0297.304] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3201258, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3201a70, Reserved2=0x0, phNewContext=0x3201738, pOutput=0x3201a84, pfContextAttr=0x32015e8, ptsExpiry=0x73ec3c | out: phNewContext=0x3201738, pOutput=0x3201a84, pfContextAttr=0x32015e8, ptsExpiry=0x73ec3c) returned 0x90312 [0297.305] recv (in: s=0x74c, buf=0x3201b14, len=5, flags=0 | out: buf=0x3201b14*) returned 5 [0297.305] recv (in: s=0x74c, buf=0x3201b2d, len=40, flags=0 | out: buf=0x3201b2d*) returned 40 [0297.305] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3201258, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3201bc8, Reserved2=0x0, phNewContext=0x3201738, pOutput=0x3201bdc, pfContextAttr=0x32015e8, ptsExpiry=0x73eb9c | out: phNewContext=0x3201738, pOutput=0x3201bdc, pfContextAttr=0x32015e8, ptsExpiry=0x73eb9c) returned 0x0 [0297.307] FreeContextBuffer (in: pvContextBuffer=0x9d9208 | out: pvContextBuffer=0x9d9208) returned 0x0 [0297.307] QueryContextAttributesW (in: phContext=0x3201738, ulAttribute=0x4, pBuffer=0x3201cac | out: pBuffer=0x3201cac) returned 0x0 [0297.307] QueryContextAttributesW (in: phContext=0x3201738, ulAttribute=0x5a, pBuffer=0x3201ce8 | out: pBuffer=0x3201ce8) returned 0x0 [0297.307] QueryContextAttributesW (in: phContext=0x3201738, ulAttribute=0x53, pBuffer=0x3201d34 | out: pBuffer=0x3201d34) returned 0x0 [0297.308] CertDuplicateCertificateContext (pCertContext=0x9d8b08) returned 0x9d8b08 [0297.308] CertDuplicateStore (hCertStore=0x9dfea0) returned 0x9dfea0 [0297.309] CertEnumCertificatesInStore (hCertStore=0x9dfea0, pPrevCertContext=0x0) returned 0x9d8b58 [0297.309] CertDuplicateCertificateContext (pCertContext=0x9d8b58) returned 0x9d8b58 [0297.309] CertEnumCertificatesInStore (hCertStore=0x9dfea0, pPrevCertContext=0x9d8b58) returned 0x9d8b08 [0297.311] CertDuplicateCertificateContext (pCertContext=0x9d8b08) returned 0x9d8b08 [0297.311] CertEnumCertificatesInStore (hCertStore=0x9dfea0, pPrevCertContext=0x9d8b08) returned 0x0 [0297.311] CertCloseStore (hCertStore=0x9dfea0, dwFlags=0x0) returned 1 [0297.311] CertFreeCRLContext (pCrlContext=0x9d8b08) returned 1 [0297.312] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9dff18 [0297.313] CertAddCRLLinkToStore (in: hCertStore=0x9dff18, pCrlContext=0x9d8b58, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0297.313] CertAddCRLLinkToStore (in: hCertStore=0x9dff18, pCrlContext=0x9d8b08, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0297.314] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x92f7e8 [0297.314] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9d8b08, pTime=0x73ebb0, hAdditionalStore=0x9dff18, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0297.315] LocalFree (hMem=0x92f7e8) returned 0x0 [0297.315] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0297.322] CertDuplicateCertificateContext (pCertContext=0x9d8b08) returned 0x9d8b08 [0297.322] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0297.324] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0297.324] CertFreeCertificateChain (pChainContext=0x9a8958) [0297.324] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0297.324] SetLastError (dwErrCode=0x0) [0297.324] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0297.325] CertFreeCertificateChain (pChainContext=0x9a8958) [0297.325] CertFreeCRLContext (pCrlContext=0x9d8b08) returned 1 [0297.325] EncryptMessage (in: phContext=0x3201738, fQOP=0x0, pMessage=0x3203464, MessageSeqNo=0x0 | out: pMessage=0x3203464) returned 0x0 [0297.326] CoTaskMemAlloc (cb=0x10) returned 0x9f3288 [0297.326] WSASend (in: s=0x74c, lpBuffers=0x9f3288*=((len=0x33, buf=0x3201c58*), (len=0x4f, buf=0x3203380*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0297.331] CoTaskMemFree (pv=0x9f3288) [0297.331] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0297.332] recv (in: s=0x74c, buf=0x314d570, len=5, flags=0 | out: buf=0x314d570*) returned 5 [0297.380] recv (in: s=0x74c, buf=0x314d575, len=1393, flags=0 | out: buf=0x314d575*) returned 1393 [0297.381] DecryptMessage (in: phContext=0x3201738, pMessage=0x32035d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32035d0, pfQOP=0x0) returned 0x0 [0297.382] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0297.382] recv (in: s=0x74c, buf=0x314d570, len=5, flags=0 | out: buf=0x314d570*) returned 5 [0297.382] recv (in: s=0x74c, buf=0x314d575, len=1393, flags=0 | out: buf=0x314d575*) returned 1393 [0297.382] DecryptMessage (in: phContext=0x3201738, pMessage=0x3205064, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3205064, pfQOP=0x0) returned 0x0 [0297.382] recv (in: s=0x74c, buf=0x314d570, len=5, flags=0 | out: buf=0x314d570*) returned 5 [0297.383] recv (in: s=0x74c, buf=0x314d575, len=1393, flags=0 | out: buf=0x314d575*) returned 1393 [0297.383] DecryptMessage (in: phContext=0x3201738, pMessage=0x3205e68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3205e68, pfQOP=0x0) returned 0x0 [0297.383] recv (in: s=0x74c, buf=0x314d570, len=5, flags=0 | out: buf=0x314d570*) returned 5 [0297.384] recv (in: s=0x74c, buf=0x314d575, len=1393, flags=0 | out: buf=0x314d575*) returned 1393 [0297.384] DecryptMessage (in: phContext=0x3201738, pMessage=0x32070b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32070b0, pfQOP=0x0) returned 0x0 [0297.384] recv (in: s=0x74c, buf=0x314d570, len=5, flags=0 | out: buf=0x314d570*) returned 5 [0297.384] recv (in: s=0x74c, buf=0x314d575, len=1393, flags=0 | out: buf=0x314d575*) returned 1393 [0297.384] DecryptMessage (in: phContext=0x3201738, pMessage=0x32071c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32071c4, pfQOP=0x0) returned 0x0 [0297.385] recv (in: s=0x74c, buf=0x314d570, len=5, flags=0 | out: buf=0x314d570*) returned 5 [0297.385] recv (in: s=0x74c, buf=0x314d575, len=1393, flags=0 | out: buf=0x314d575*) returned 1393 [0297.385] DecryptMessage (in: phContext=0x3201738, pMessage=0x3209528, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3209528, pfQOP=0x0) returned 0x0 [0297.386] recv (in: s=0x74c, buf=0x314d570, len=5, flags=0 | out: buf=0x314d570*) returned 5 [0297.386] recv (in: s=0x74c, buf=0x314d575, len=1393, flags=0 | out: buf=0x314d575*) returned 1393 [0297.386] DecryptMessage (in: phContext=0x3201738, pMessage=0x320963c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x320963c, pfQOP=0x0) returned 0x0 [0297.386] recv (in: s=0x74c, buf=0x314d570, len=5, flags=0 | out: buf=0x314d570*) returned 5 [0297.386] recv (in: s=0x74c, buf=0x314d575, len=1393, flags=0 | out: buf=0x314d575*) returned 1393 [0297.386] DecryptMessage (in: phContext=0x3201738, pMessage=0x3209750, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3209750, pfQOP=0x0) returned 0x0 [0297.387] recv (in: s=0x74c, buf=0x314d570, len=5, flags=0 | out: buf=0x314d570*) returned 5 [0297.387] recv (in: s=0x74c, buf=0x314d575, len=1393, flags=0 | out: buf=0x314d575*) returned 1393 [0297.388] DecryptMessage (in: phContext=0x3201738, pMessage=0x320dcec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x320dcec, pfQOP=0x0) returned 0x0 [0297.388] recv (in: s=0x74c, buf=0x314d570, len=5, flags=0 | out: buf=0x314d570*) returned 5 [0297.388] recv (in: s=0x74c, buf=0x314d575, len=1393, flags=0 | out: buf=0x314d575*) returned 1393 [0297.388] DecryptMessage (in: phContext=0x3201738, pMessage=0x320de00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x320de00, pfQOP=0x0) returned 0x0 [0297.388] recv (in: s=0x74c, buf=0x314d570, len=5, flags=0 | out: buf=0x314d570*) returned 5 [0297.388] recv (in: s=0x74c, buf=0x314d575, len=1393, flags=0 | out: buf=0x314d575*) returned 1393 [0297.389] DecryptMessage (in: phContext=0x3201738, pMessage=0x320df14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x320df14, pfQOP=0x0) returned 0x0 [0297.389] recv (in: s=0x74c, buf=0x314d570, len=5, flags=0 | out: buf=0x314d570*) returned 5 [0297.389] recv (in: s=0x74c, buf=0x314d575, len=1393, flags=0 | out: buf=0x314d575*) returned 1393 [0297.389] DecryptMessage (in: phContext=0x3201738, pMessage=0x320e028, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x320e028, pfQOP=0x0) returned 0x0 [0297.389] recv (in: s=0x74c, buf=0x314d570, len=5, flags=0 | out: buf=0x314d570*) returned 5 [0297.390] recv (in: s=0x74c, buf=0x314d575, len=29, flags=0 | out: buf=0x314d575*) returned 29 [0297.390] DecryptMessage (in: phContext=0x3201738, pMessage=0x320e13c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x320e13c, pfQOP=0x0) returned 0x0 [0297.390] SetEvent (hEvent=0x4a8) returned 1 [0297.390] QueryContextAttributesW (in: phContext=0x3201738, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0297.391] DeleteSecurityContext (phContext=0x3201738) returned 0x0 [0297.411] shutdown (s=0x74c, how=2) returned 0 [0297.412] closesocket (s=0x74c) returned 0 [0297.418] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743517143709) returned 1 [0297.418] SetEvent (hEvent=0x4a8) returned 1 [0297.480] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0297.481] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0297.481] WSAConnect (in: s=0x74c, name=0x3211534*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0297.498] closesocket (s=0x768) returned 0 [0297.499] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3211580, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3211a60, pOutput=0x32119f8, pfContextAttr=0x3211910, ptsExpiry=0x73ed80 | out: phNewContext=0x3211a60, pOutput=0x32119f8, pfContextAttr=0x3211910, ptsExpiry=0x73ed80) returned 0x90312 [0297.502] FreeContextBuffer (in: pvContextBuffer=0x5725fb0 | out: pvContextBuffer=0x5725fb0) returned 0x0 [0297.502] send (s=0x74c, buf=0x3211a74*, len=366, flags=0) returned 366 [0297.504] recv (in: s=0x74c, buf=0x3211a74, len=5, flags=0 | out: buf=0x3211a74*) returned 5 [0297.513] recv (in: s=0x74c, buf=0x3211a79, len=59, flags=0 | out: buf=0x3211a79*) returned 59 [0297.513] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3211580, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3211c68, Reserved2=0x0, phNewContext=0x3211a60, pOutput=0x3211c7c, pfContextAttr=0x3211910, ptsExpiry=0x73ecdc | out: phNewContext=0x3211a60, pOutput=0x3211c7c, pfContextAttr=0x3211910, ptsExpiry=0x73ecdc) returned 0x90312 [0297.516] recv (in: s=0x74c, buf=0x3211d0c, len=5, flags=0 | out: buf=0x3211d0c*) returned 5 [0297.516] recv (in: s=0x74c, buf=0x3211d25, len=1, flags=0 | out: buf=0x3211d25*) returned 1 [0297.517] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3211580, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3211d98, Reserved2=0x0, phNewContext=0x3211a60, pOutput=0x3211dac, pfContextAttr=0x3211910, ptsExpiry=0x73ec3c | out: phNewContext=0x3211a60, pOutput=0x3211dac, pfContextAttr=0x3211910, ptsExpiry=0x73ec3c) returned 0x90312 [0297.517] recv (in: s=0x74c, buf=0x3211e3c, len=5, flags=0 | out: buf=0x3211e3c*) returned 5 [0297.517] recv (in: s=0x74c, buf=0x3211e55, len=40, flags=0 | out: buf=0x3211e55*) returned 40 [0297.518] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3211580, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3211ef0, Reserved2=0x0, phNewContext=0x3211a60, pOutput=0x3211f04, pfContextAttr=0x3211910, ptsExpiry=0x73eb9c | out: phNewContext=0x3211a60, pOutput=0x3211f04, pfContextAttr=0x3211910, ptsExpiry=0x73eb9c) returned 0x0 [0297.520] FreeContextBuffer (in: pvContextBuffer=0x9d9438 | out: pvContextBuffer=0x9d9438) returned 0x0 [0297.521] QueryContextAttributesW (in: phContext=0x3211a60, ulAttribute=0x4, pBuffer=0x3211fe0 | out: pBuffer=0x3211fe0) returned 0x0 [0297.521] QueryContextAttributesW (in: phContext=0x3211a60, ulAttribute=0x5a, pBuffer=0x321201c | out: pBuffer=0x321201c) returned 0x0 [0297.522] QueryContextAttributesW (in: phContext=0x3211a60, ulAttribute=0x53, pBuffer=0x3212068 | out: pBuffer=0x3212068) returned 0x0 [0297.522] CertDuplicateCertificateContext (pCertContext=0x9d8fb8) returned 0x9d8fb8 [0297.523] CertDuplicateStore (hCertStore=0x9e05a8) returned 0x9e05a8 [0297.523] CertEnumCertificatesInStore (hCertStore=0x9e05a8, pPrevCertContext=0x0) returned 0x9d9288 [0297.523] CertDuplicateCertificateContext (pCertContext=0x9d9288) returned 0x9d9288 [0297.524] CertEnumCertificatesInStore (hCertStore=0x9e05a8, pPrevCertContext=0x9d9288) returned 0x9d8fb8 [0297.524] CertDuplicateCertificateContext (pCertContext=0x9d8fb8) returned 0x9d8fb8 [0297.524] CertEnumCertificatesInStore (hCertStore=0x9e05a8, pPrevCertContext=0x9d8fb8) returned 0x0 [0297.524] CertCloseStore (hCertStore=0x9e05a8, dwFlags=0x0) returned 1 [0297.524] CertFreeCRLContext (pCrlContext=0x9d8fb8) returned 1 [0297.525] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9dff90 [0297.526] CertAddCRLLinkToStore (in: hCertStore=0x9dff90, pCrlContext=0x9d9288, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0297.526] CertAddCRLLinkToStore (in: hCertStore=0x9dff90, pCrlContext=0x9d8fb8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0297.527] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x92fb48 [0297.527] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9d8fb8, pTime=0x73ebb0, hAdditionalStore=0x9dff90, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0297.527] LocalFree (hMem=0x92fb48) returned 0x0 [0297.528] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0297.528] CertDuplicateCertificateContext (pCertContext=0x9d8fb8) returned 0x9d8fb8 [0297.529] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0297.529] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0297.530] CertFreeCertificateChain (pChainContext=0x9a8958) [0297.530] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0297.530] SetLastError (dwErrCode=0x0) [0297.530] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0297.531] CertFreeCertificateChain (pChainContext=0x9a8958) [0297.531] CertFreeCRLContext (pCrlContext=0x9d8fb8) returned 1 [0297.531] EncryptMessage (in: phContext=0x3211a60, fQOP=0x0, pMessage=0x321378c, MessageSeqNo=0x0 | out: pMessage=0x321378c) returned 0x0 [0297.531] CoTaskMemAlloc (cb=0x10) returned 0x9f3120 [0297.531] WSASend (in: s=0x74c, lpBuffers=0x9f3120*=((len=0x33, buf=0x3211f80*), (len=0x4f, buf=0x32136a8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0297.532] CoTaskMemFree (pv=0x9f3120) [0297.532] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0297.532] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0297.805] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0297.805] DecryptMessage (in: phContext=0x3211a60, pMessage=0x32138f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32138f8, pfQOP=0x0) returned 0x0 [0297.806] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0297.806] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0297.806] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0297.806] DecryptMessage (in: phContext=0x3211a60, pMessage=0x321538c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x321538c, pfQOP=0x0) returned 0x0 [0297.807] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0297.807] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0297.807] DecryptMessage (in: phContext=0x3211a60, pMessage=0x321619c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x321619c, pfQOP=0x0) returned 0x0 [0297.807] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0297.807] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0297.808] DecryptMessage (in: phContext=0x3211a60, pMessage=0x32173d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32173d8, pfQOP=0x0) returned 0x0 [0297.808] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0297.808] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0297.808] DecryptMessage (in: phContext=0x3211a60, pMessage=0x32174ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32174ec, pfQOP=0x0) returned 0x0 [0297.808] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0297.808] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0297.809] DecryptMessage (in: phContext=0x3211a60, pMessage=0x3219850, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3219850, pfQOP=0x0) returned 0x0 [0297.809] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0297.809] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0297.809] DecryptMessage (in: phContext=0x3211a60, pMessage=0x3219964, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3219964, pfQOP=0x0) returned 0x0 [0297.809] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0297.809] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0297.809] DecryptMessage (in: phContext=0x3211a60, pMessage=0x3219a78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3219a78, pfQOP=0x0) returned 0x0 [0297.810] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0297.810] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0297.810] DecryptMessage (in: phContext=0x3211a60, pMessage=0x321e014, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x321e014, pfQOP=0x0) returned 0x0 [0297.810] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0297.811] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0297.811] DecryptMessage (in: phContext=0x3211a60, pMessage=0x321e128, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x321e128, pfQOP=0x0) returned 0x0 [0297.811] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0297.811] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0297.811] DecryptMessage (in: phContext=0x3211a60, pMessage=0x321e23c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x321e23c, pfQOP=0x0) returned 0x0 [0297.811] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0297.811] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0297.811] DecryptMessage (in: phContext=0x3211a60, pMessage=0x321e350, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x321e350, pfQOP=0x0) returned 0x0 [0297.812] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0297.812] recv (in: s=0x74c, buf=0x3149531, len=51, flags=0 | out: buf=0x3149531*) returned 51 [0297.812] DecryptMessage (in: phContext=0x3211a60, pMessage=0x321e464, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x321e464, pfQOP=0x0) returned 0x0 [0297.812] SetEvent (hEvent=0x4a8) returned 1 [0297.813] QueryContextAttributesW (in: phContext=0x3211a60, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0297.813] DeleteSecurityContext (phContext=0x3211a60) returned 0x0 [0297.813] shutdown (s=0x74c, how=2) returned 0 [0297.817] closesocket (s=0x74c) returned 0 [0297.823] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743557581319) returned 1 [0297.823] SetEvent (hEvent=0x4a8) returned 1 [0297.825] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0297.825] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x768 [0297.826] WSAConnect (in: s=0x74c, name=0x3221848*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0297.841] closesocket (s=0x768) returned 0 [0297.841] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32218a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3221d88, pOutput=0x3221d20, pfContextAttr=0x3221c38, ptsExpiry=0x73ed80 | out: phNewContext=0x3221d88, pOutput=0x3221d20, pfContextAttr=0x3221c38, ptsExpiry=0x73ed80) returned 0x90312 [0297.842] FreeContextBuffer (in: pvContextBuffer=0x5725fb0 | out: pvContextBuffer=0x5725fb0) returned 0x0 [0297.842] send (s=0x74c, buf=0x3221d9c*, len=366, flags=0) returned 366 [0297.843] recv (in: s=0x74c, buf=0x3221d9c, len=5, flags=0 | out: buf=0x3221d9c*) returned 5 [0297.863] recv (in: s=0x74c, buf=0x3221da1, len=59, flags=0 | out: buf=0x3221da1*) returned 59 [0297.906] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32218a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3221f90, Reserved2=0x0, phNewContext=0x3221d88, pOutput=0x3221fa4, pfContextAttr=0x3221c38, ptsExpiry=0x73ecdc | out: phNewContext=0x3221d88, pOutput=0x3221fa4, pfContextAttr=0x3221c38, ptsExpiry=0x73ecdc) returned 0x90312 [0297.907] recv (in: s=0x74c, buf=0x3222040, len=5, flags=0 | out: buf=0x3222040*) returned 5 [0297.907] recv (in: s=0x74c, buf=0x3222059, len=1, flags=0 | out: buf=0x3222059*) returned 1 [0297.908] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32218a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32220cc, Reserved2=0x0, phNewContext=0x3221d88, pOutput=0x32220e0, pfContextAttr=0x3221c38, ptsExpiry=0x73ec3c | out: phNewContext=0x3221d88, pOutput=0x32220e0, pfContextAttr=0x3221c38, ptsExpiry=0x73ec3c) returned 0x90312 [0297.908] recv (in: s=0x74c, buf=0x3222170, len=5, flags=0 | out: buf=0x3222170*) returned 5 [0297.908] recv (in: s=0x74c, buf=0x3222189, len=40, flags=0 | out: buf=0x3222189*) returned 40 [0297.908] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32218a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3222224, Reserved2=0x0, phNewContext=0x3221d88, pOutput=0x3222238, pfContextAttr=0x3221c38, ptsExpiry=0x73eb9c | out: phNewContext=0x3221d88, pOutput=0x3222238, pfContextAttr=0x3221c38, ptsExpiry=0x73eb9c) returned 0x0 [0297.910] FreeContextBuffer (in: pvContextBuffer=0x9d91b8 | out: pvContextBuffer=0x9d91b8) returned 0x0 [0297.910] QueryContextAttributesW (in: phContext=0x3221d88, ulAttribute=0x4, pBuffer=0x3222308 | out: pBuffer=0x3222308) returned 0x0 [0297.910] QueryContextAttributesW (in: phContext=0x3221d88, ulAttribute=0x5a, pBuffer=0x3222344 | out: pBuffer=0x3222344) returned 0x0 [0297.910] QueryContextAttributesW (in: phContext=0x3221d88, ulAttribute=0x53, pBuffer=0x3222390 | out: pBuffer=0x3222390) returned 0x0 [0297.911] CertDuplicateCertificateContext (pCertContext=0x9d8e28) returned 0x9d8e28 [0297.912] CertDuplicateStore (hCertStore=0x9e0008) returned 0x9e0008 [0297.912] CertEnumCertificatesInStore (hCertStore=0x9e0008, pPrevCertContext=0x0) returned 0x9d9378 [0297.912] CertDuplicateCertificateContext (pCertContext=0x9d9378) returned 0x9d9378 [0297.912] CertEnumCertificatesInStore (hCertStore=0x9e0008, pPrevCertContext=0x9d9378) returned 0x9d8e28 [0297.913] CertDuplicateCertificateContext (pCertContext=0x9d8e28) returned 0x9d8e28 [0297.913] CertEnumCertificatesInStore (hCertStore=0x9e0008, pPrevCertContext=0x9d8e28) returned 0x0 [0297.913] CertCloseStore (hCertStore=0x9e0008, dwFlags=0x0) returned 1 [0297.913] CertFreeCRLContext (pCrlContext=0x9d8e28) returned 1 [0297.914] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9e00f8 [0297.914] CertAddCRLLinkToStore (in: hCertStore=0x9e00f8, pCrlContext=0x9d9378, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0297.914] CertAddCRLLinkToStore (in: hCertStore=0x9e00f8, pCrlContext=0x9d8e28, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0297.915] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x92fe88 [0297.915] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9d8e28, pTime=0x73ebb0, hAdditionalStore=0x9e00f8, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0297.915] LocalFree (hMem=0x92fe88) returned 0x0 [0297.916] CertDuplicateCertificateChain (pChainContext=0x9a8958) returned 0x9a8958 [0297.916] CertDuplicateCertificateContext (pCertContext=0x9d8e28) returned 0x9d8e28 [0297.917] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0297.917] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0297.917] CertFreeCertificateChain (pChainContext=0x9a8958) [0297.917] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9a8958, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0297.917] SetLastError (dwErrCode=0x0) [0297.917] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9a8958, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0297.918] CertFreeCertificateChain (pChainContext=0x9a8958) [0297.918] CertFreeCRLContext (pCrlContext=0x9d8e28) returned 1 [0297.918] EncryptMessage (in: phContext=0x3221d88, fQOP=0x0, pMessage=0x3223ab4, MessageSeqNo=0x0 | out: pMessage=0x3223ab4) returned 0x0 [0297.918] CoTaskMemAlloc (cb=0x10) returned 0x9f31f8 [0297.919] WSASend (in: s=0x74c, lpBuffers=0x9f31f8*=((len=0x33, buf=0x32222b4*), (len=0x4f, buf=0x32239d0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0297.922] CoTaskMemFree (pv=0x9f31f8) [0297.922] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0297.922] recv (in: s=0x74c, buf=0x31454e8, len=5, flags=0 | out: buf=0x31454e8*) returned 5 [0297.943] recv (in: s=0x74c, buf=0x31454ed, len=1393, flags=0 | out: buf=0x31454ed*) returned 1393 [0297.943] DecryptMessage (in: phContext=0x3221d88, pMessage=0x3223c20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3223c20, pfQOP=0x0) returned 0x0 [0297.943] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0297.944] recv (in: s=0x74c, buf=0x31454e8, len=5, flags=0 | out: buf=0x31454e8*) returned 5 [0297.944] recv (in: s=0x74c, buf=0x31454ed, len=1393, flags=0 | out: buf=0x31454ed*) returned 1393 [0297.944] DecryptMessage (in: phContext=0x3221d88, pMessage=0x32256b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32256b4, pfQOP=0x0) returned 0x0 [0297.944] recv (in: s=0x74c, buf=0x31454e8, len=5, flags=0 | out: buf=0x31454e8*) returned 5 [0297.944] recv (in: s=0x74c, buf=0x31454ed, len=1393, flags=0 | out: buf=0x31454ed*) returned 1393 [0297.945] DecryptMessage (in: phContext=0x3221d88, pMessage=0x32264c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32264c4, pfQOP=0x0) returned 0x0 [0297.945] recv (in: s=0x74c, buf=0x31454e8, len=5, flags=0 | out: buf=0x31454e8*) returned 5 [0297.945] recv (in: s=0x74c, buf=0x31454ed, len=1393, flags=0 | out: buf=0x31454ed*) returned 1393 [0297.945] DecryptMessage (in: phContext=0x3221d88, pMessage=0x3227700, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3227700, pfQOP=0x0) returned 0x0 [0297.945] recv (in: s=0x74c, buf=0x31454e8, len=5, flags=0 | out: buf=0x31454e8*) returned 5 [0297.945] recv (in: s=0x74c, buf=0x31454ed, len=1393, flags=0 | out: buf=0x31454ed*) returned 1393 [0297.945] DecryptMessage (in: phContext=0x3221d88, pMessage=0x3227814, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3227814, pfQOP=0x0) returned 0x0 [0297.946] recv (in: s=0x74c, buf=0x31454e8, len=5, flags=0 | out: buf=0x31454e8*) returned 5 [0297.946] recv (in: s=0x74c, buf=0x31454ed, len=1393, flags=0 | out: buf=0x31454ed*) returned 1393 [0297.946] DecryptMessage (in: phContext=0x3221d88, pMessage=0x3229b78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3229b78, pfQOP=0x0) returned 0x0 [0297.946] recv (in: s=0x74c, buf=0x31454e8, len=5, flags=0 | out: buf=0x31454e8*) returned 5 [0297.947] recv (in: s=0x74c, buf=0x31454ed, len=1393, flags=0 | out: buf=0x31454ed*) returned 1393 [0297.947] DecryptMessage (in: phContext=0x3221d88, pMessage=0x3229c8c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3229c8c, pfQOP=0x0) returned 0x0 [0297.947] recv (in: s=0x74c, buf=0x31454e8, len=5, flags=0 | out: buf=0x31454e8*) returned 5 [0297.947] recv (in: s=0x74c, buf=0x31454ed, len=1393, flags=0 | out: buf=0x31454ed*) returned 1393 [0297.947] DecryptMessage (in: phContext=0x3221d88, pMessage=0x3229da0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3229da0, pfQOP=0x0) returned 0x0 [0297.969] recv (in: s=0x74c, buf=0x31454e8, len=5, flags=0 | out: buf=0x31454e8*) returned 5 [0297.970] recv (in: s=0x74c, buf=0x31454ed, len=1393, flags=0 | out: buf=0x31454ed*) returned 1393 [0297.970] DecryptMessage (in: phContext=0x3221d88, pMessage=0x322e00c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x322e00c, pfQOP=0x0) returned 0x0 [0297.970] recv (in: s=0x74c, buf=0x31454e8, len=5, flags=0 | out: buf=0x31454e8*) returned 5 [0297.970] recv (in: s=0x74c, buf=0x31454ed, len=1393, flags=0 | out: buf=0x31454ed*) returned 1393 [0297.970] DecryptMessage (in: phContext=0x3221d88, pMessage=0x322e120, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x322e120, pfQOP=0x0) returned 0x0 [0297.971] recv (in: s=0x74c, buf=0x31454e8, len=5, flags=0 | out: buf=0x31454e8*) returned 5 [0297.971] recv (in: s=0x74c, buf=0x31454ed, len=1393, flags=0 | out: buf=0x31454ed*) returned 1393 [0297.971] DecryptMessage (in: phContext=0x3221d88, pMessage=0x322e234, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x322e234, pfQOP=0x0) returned 0x0 [0297.971] recv (in: s=0x74c, buf=0x31454e8, len=5, flags=0 | out: buf=0x31454e8*) returned 5 [0297.971] recv (in: s=0x74c, buf=0x31454ed, len=1393, flags=0 | out: buf=0x31454ed*) returned 1393 [0297.971] DecryptMessage (in: phContext=0x3221d88, pMessage=0x322e348, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x322e348, pfQOP=0x0) returned 0x0 [0297.971] recv (in: s=0x74c, buf=0x31454e8, len=5, flags=0 | out: buf=0x31454e8*) returned 5 [0297.971] recv (in: s=0x74c, buf=0x31454ed, len=50, flags=0 | out: buf=0x31454ed*) returned 50 [0298.063] DecryptMessage (in: phContext=0x3221d88, pMessage=0x322e51c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x322e51c, pfQOP=0x0) returned 0x0 [0298.063] SetEvent (hEvent=0x4a8) returned 1 [0298.063] QueryContextAttributesW (in: phContext=0x3221d88, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0298.064] DeleteSecurityContext (phContext=0x3221d88) returned 0x0 [0298.065] shutdown (s=0x74c, how=2) returned 0 [0298.065] closesocket (s=0x74c) returned 0 [0298.076] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743582869830) returned 1 [0298.076] SetEvent (hEvent=0x4a8) returned 1 [0298.079] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0298.080] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0298.081] WSAConnect (in: s=0x74c, name=0x32321f4*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0298.091] closesocket (s=0x45c) returned 0 [0298.092] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3232254, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x323277c, pOutput=0x3232714, pfContextAttr=0x323262c, ptsExpiry=0x73ed80 | out: phNewContext=0x323277c, pOutput=0x3232714, pfContextAttr=0x323262c, ptsExpiry=0x73ed80) returned 0x90312 [0298.093] FreeContextBuffer (in: pvContextBuffer=0x57268e0 | out: pvContextBuffer=0x57268e0) returned 0x0 [0298.093] send (s=0x74c, buf=0x3232790*, len=366, flags=0) returned 366 [0298.093] recv (in: s=0x74c, buf=0x3232790, len=5, flags=0 | out: buf=0x3232790*) returned 5 [0298.102] recv (in: s=0x74c, buf=0x3232795, len=59, flags=0 | out: buf=0x3232795*) returned 59 [0298.102] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3232254, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3232984, Reserved2=0x0, phNewContext=0x323277c, pOutput=0x3232998, pfContextAttr=0x323262c, ptsExpiry=0x73ecdc | out: phNewContext=0x323277c, pOutput=0x3232998, pfContextAttr=0x323262c, ptsExpiry=0x73ecdc) returned 0x90312 [0298.103] recv (in: s=0x74c, buf=0x3232a28, len=5, flags=0 | out: buf=0x3232a28*) returned 5 [0298.103] recv (in: s=0x74c, buf=0x3232a41, len=1, flags=0 | out: buf=0x3232a41*) returned 1 [0298.103] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3232254, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3232ab4, Reserved2=0x0, phNewContext=0x323277c, pOutput=0x3232ac8, pfContextAttr=0x323262c, ptsExpiry=0x73ec3c | out: phNewContext=0x323277c, pOutput=0x3232ac8, pfContextAttr=0x323262c, ptsExpiry=0x73ec3c) returned 0x90312 [0298.104] recv (in: s=0x74c, buf=0x3232b58, len=5, flags=0 | out: buf=0x3232b58*) returned 5 [0298.104] recv (in: s=0x74c, buf=0x3232b71, len=40, flags=0 | out: buf=0x3232b71*) returned 40 [0298.104] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3232254, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3232c0c, Reserved2=0x0, phNewContext=0x323277c, pOutput=0x3232c20, pfContextAttr=0x323262c, ptsExpiry=0x73eb9c | out: phNewContext=0x323277c, pOutput=0x3232c20, pfContextAttr=0x323262c, ptsExpiry=0x73eb9c) returned 0x0 [0298.105] FreeContextBuffer (in: pvContextBuffer=0x9df708 | out: pvContextBuffer=0x9df708) returned 0x0 [0298.105] QueryContextAttributesW (in: phContext=0x323277c, ulAttribute=0x4, pBuffer=0x3232cf0 | out: pBuffer=0x3232cf0) returned 0x0 [0298.105] QueryContextAttributesW (in: phContext=0x323277c, ulAttribute=0x5a, pBuffer=0x3232d2c | out: pBuffer=0x3232d2c) returned 0x0 [0298.106] QueryContextAttributesW (in: phContext=0x323277c, ulAttribute=0x53, pBuffer=0x3232d78 | out: pBuffer=0x3232d78) returned 0x0 [0298.106] CertDuplicateCertificateContext (pCertContext=0x9df878) returned 0x9df878 [0298.107] CertDuplicateStore (hCertStore=0x570d698) returned 0x570d698 [0298.107] CertEnumCertificatesInStore (hCertStore=0x570d698, pPrevCertContext=0x0) returned 0x9df468 [0298.108] CertDuplicateCertificateContext (pCertContext=0x9df468) returned 0x9df468 [0298.108] CertEnumCertificatesInStore (hCertStore=0x570d698, pPrevCertContext=0x9df468) returned 0x9df878 [0298.108] CertDuplicateCertificateContext (pCertContext=0x9df878) returned 0x9df878 [0298.108] CertEnumCertificatesInStore (hCertStore=0x570d698, pPrevCertContext=0x9df878) returned 0x0 [0298.108] CertCloseStore (hCertStore=0x570d698, dwFlags=0x0) returned 1 [0298.108] CertFreeCRLContext (pCrlContext=0x9df878) returned 1 [0298.109] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570de90 [0298.110] CertAddCRLLinkToStore (in: hCertStore=0x570de90, pCrlContext=0x9df468, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0298.110] CertAddCRLLinkToStore (in: hCertStore=0x570de90, pCrlContext=0x9df878, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0298.110] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e220 [0298.111] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9df878, pTime=0x73ebb0, hAdditionalStore=0x570de90, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0298.111] LocalFree (hMem=0x99e220) returned 0x0 [0298.111] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0298.112] CertDuplicateCertificateContext (pCertContext=0x9df878) returned 0x9df878 [0298.113] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0298.114] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0298.114] CertFreeCertificateChain (pChainContext=0x9dd700) [0298.114] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0298.114] SetLastError (dwErrCode=0x0) [0298.114] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0298.115] CertFreeCertificateChain (pChainContext=0x9dd700) [0298.115] CertFreeCRLContext (pCrlContext=0x9df878) returned 1 [0298.116] EncryptMessage (in: phContext=0x323277c, fQOP=0x0, pMessage=0x32344a8, MessageSeqNo=0x0 | out: pMessage=0x32344a8) returned 0x0 [0298.116] CoTaskMemAlloc (cb=0x10) returned 0x9f3a80 [0298.116] WSASend (in: s=0x74c, lpBuffers=0x9f3a80*=((len=0x33, buf=0x3232c9c*), (len=0x4f, buf=0x32343c4*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0298.117] CoTaskMemFree (pv=0x9f3a80) [0298.117] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0298.117] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0298.132] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0298.132] DecryptMessage (in: phContext=0x323277c, pMessage=0x3234624, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3234624, pfQOP=0x0) returned 0x0 [0298.138] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0298.138] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0298.138] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0298.138] DecryptMessage (in: phContext=0x323277c, pMessage=0x3236cac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3236cac, pfQOP=0x0) returned 0x0 [0298.138] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0298.138] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0298.139] DecryptMessage (in: phContext=0x323277c, pMessage=0x3237ab0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3237ab0, pfQOP=0x0) returned 0x0 [0298.139] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0298.139] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0298.140] DecryptMessage (in: phContext=0x323277c, pMessage=0x3238cf8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3238cf8, pfQOP=0x0) returned 0x0 [0298.140] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0298.140] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0298.140] DecryptMessage (in: phContext=0x323277c, pMessage=0x3238e0c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3238e0c, pfQOP=0x0) returned 0x0 [0298.141] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0298.141] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0298.141] DecryptMessage (in: phContext=0x323277c, pMessage=0x323b170, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x323b170, pfQOP=0x0) returned 0x0 [0298.141] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0298.141] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0298.142] DecryptMessage (in: phContext=0x323277c, pMessage=0x323b284, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x323b284, pfQOP=0x0) returned 0x0 [0298.142] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0298.142] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0298.142] DecryptMessage (in: phContext=0x323277c, pMessage=0x323b398, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x323b398, pfQOP=0x0) returned 0x0 [0298.143] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0298.143] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0298.143] DecryptMessage (in: phContext=0x323277c, pMessage=0x323f934, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x323f934, pfQOP=0x0) returned 0x0 [0298.143] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0298.143] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0298.145] DecryptMessage (in: phContext=0x323277c, pMessage=0x323fa48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x323fa48, pfQOP=0x0) returned 0x0 [0298.145] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0298.145] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0298.145] DecryptMessage (in: phContext=0x323277c, pMessage=0x323fb5c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x323fb5c, pfQOP=0x0) returned 0x0 [0298.145] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0298.145] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0298.146] DecryptMessage (in: phContext=0x323277c, pMessage=0x323fc70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x323fc70, pfQOP=0x0) returned 0x0 [0298.146] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0298.146] recv (in: s=0x74c, buf=0x2f86069, len=29, flags=0 | out: buf=0x2f86069*) returned 29 [0298.146] DecryptMessage (in: phContext=0x323277c, pMessage=0x323fd84, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x323fd84, pfQOP=0x0) returned 0x0 [0298.146] SetEvent (hEvent=0x4a8) returned 1 [0298.147] QueryContextAttributesW (in: phContext=0x323277c, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0298.147] DeleteSecurityContext (phContext=0x323277c) returned 0x0 [0298.147] shutdown (s=0x74c, how=2) returned 0 [0298.148] closesocket (s=0x74c) returned 0 [0298.155] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743590803096) returned 1 [0298.155] SetEvent (hEvent=0x4a8) returned 1 [0298.157] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0298.158] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0298.158] WSAConnect (in: s=0x74c, name=0x3243154*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0298.168] closesocket (s=0x45c) returned 0 [0298.169] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32431c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32436a8, pOutput=0x3243640, pfContextAttr=0x3243558, ptsExpiry=0x73ed80 | out: phNewContext=0x32436a8, pOutput=0x3243640, pfContextAttr=0x3243558, ptsExpiry=0x73ed80) returned 0x90312 [0298.170] FreeContextBuffer (in: pvContextBuffer=0x5726758 | out: pvContextBuffer=0x5726758) returned 0x0 [0298.170] send (s=0x74c, buf=0x32436bc*, len=366, flags=0) returned 366 [0298.172] recv (in: s=0x74c, buf=0x32436bc, len=5, flags=0 | out: buf=0x32436bc*) returned 5 [0298.218] recv (in: s=0x74c, buf=0x32436c1, len=59, flags=0 | out: buf=0x32436c1*) returned 59 [0298.219] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32431c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32438b0, Reserved2=0x0, phNewContext=0x32436a8, pOutput=0x32438c4, pfContextAttr=0x3243558, ptsExpiry=0x73ecdc | out: phNewContext=0x32436a8, pOutput=0x32438c4, pfContextAttr=0x3243558, ptsExpiry=0x73ecdc) returned 0x90312 [0298.219] recv (in: s=0x74c, buf=0x3243954, len=5, flags=0 | out: buf=0x3243954*) returned 5 [0298.219] recv (in: s=0x74c, buf=0x324396d, len=1, flags=0 | out: buf=0x324396d*) returned 1 [0298.220] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32431c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32439e0, Reserved2=0x0, phNewContext=0x32436a8, pOutput=0x32439f4, pfContextAttr=0x3243558, ptsExpiry=0x73ec3c | out: phNewContext=0x32436a8, pOutput=0x32439f4, pfContextAttr=0x3243558, ptsExpiry=0x73ec3c) returned 0x90312 [0298.220] recv (in: s=0x74c, buf=0x3243a84, len=5, flags=0 | out: buf=0x3243a84*) returned 5 [0298.220] recv (in: s=0x74c, buf=0x3243a9d, len=40, flags=0 | out: buf=0x3243a9d*) returned 40 [0298.221] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32431c8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3243b38, Reserved2=0x0, phNewContext=0x32436a8, pOutput=0x3243b4c, pfContextAttr=0x3243558, ptsExpiry=0x73eb9c | out: phNewContext=0x32436a8, pOutput=0x3243b4c, pfContextAttr=0x3243558, ptsExpiry=0x73eb9c) returned 0x0 [0298.222] FreeContextBuffer (in: pvContextBuffer=0x9df578 | out: pvContextBuffer=0x9df578) returned 0x0 [0298.223] QueryContextAttributesW (in: phContext=0x32436a8, ulAttribute=0x4, pBuffer=0x3243c1c | out: pBuffer=0x3243c1c) returned 0x0 [0298.223] QueryContextAttributesW (in: phContext=0x32436a8, ulAttribute=0x5a, pBuffer=0x3243c58 | out: pBuffer=0x3243c58) returned 0x0 [0298.223] QueryContextAttributesW (in: phContext=0x32436a8, ulAttribute=0x53, pBuffer=0x3243ca4 | out: pBuffer=0x3243ca4) returned 0x0 [0298.224] CertDuplicateCertificateContext (pCertContext=0x9df5a8) returned 0x9df5a8 [0298.224] CertDuplicateStore (hCertStore=0x570d8f0) returned 0x570d8f0 [0298.224] CertEnumCertificatesInStore (hCertStore=0x570d8f0, pPrevCertContext=0x0) returned 0x9df418 [0298.225] CertDuplicateCertificateContext (pCertContext=0x9df418) returned 0x9df418 [0298.225] CertEnumCertificatesInStore (hCertStore=0x570d8f0, pPrevCertContext=0x9df418) returned 0x9df5a8 [0298.225] CertDuplicateCertificateContext (pCertContext=0x9df5a8) returned 0x9df5a8 [0298.225] CertEnumCertificatesInStore (hCertStore=0x570d8f0, pPrevCertContext=0x9df5a8) returned 0x0 [0298.225] CertCloseStore (hCertStore=0x570d8f0, dwFlags=0x0) returned 1 [0298.226] CertFreeCRLContext (pCrlContext=0x9df5a8) returned 1 [0298.227] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d440 [0298.227] CertAddCRLLinkToStore (in: hCertStore=0x570d440, pCrlContext=0x9df418, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0298.227] CertAddCRLLinkToStore (in: hCertStore=0x570d440, pCrlContext=0x9df5a8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0298.228] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e1c0 [0298.228] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9df5a8, pTime=0x73ebb0, hAdditionalStore=0x570d440, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0298.229] LocalFree (hMem=0x99e1c0) returned 0x0 [0298.229] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0298.230] CertDuplicateCertificateContext (pCertContext=0x9df5a8) returned 0x9df5a8 [0298.230] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0298.231] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0298.231] CertFreeCertificateChain (pChainContext=0x9dd700) [0298.231] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0298.231] SetLastError (dwErrCode=0x0) [0298.231] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0298.232] CertFreeCertificateChain (pChainContext=0x9dd700) [0298.232] CertFreeCRLContext (pCrlContext=0x9df5a8) returned 1 [0298.233] EncryptMessage (in: phContext=0x32436a8, fQOP=0x0, pMessage=0x32453d4, MessageSeqNo=0x0 | out: pMessage=0x32453d4) returned 0x0 [0298.233] CoTaskMemAlloc (cb=0x10) returned 0x9f3ac8 [0298.233] WSASend (in: s=0x74c, lpBuffers=0x9f3ac8*=((len=0x33, buf=0x3243bc8*), (len=0x4f, buf=0x32452f0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0298.234] CoTaskMemFree (pv=0x9f3ac8) [0298.234] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0298.234] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0298.263] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0298.264] DecryptMessage (in: phContext=0x32436a8, pMessage=0x3245550, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3245550, pfQOP=0x0) returned 0x0 [0298.264] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0298.264] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0298.265] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0298.265] DecryptMessage (in: phContext=0x32436a8, pMessage=0x3246fe4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3246fe4, pfQOP=0x0) returned 0x0 [0298.265] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0298.265] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0298.265] DecryptMessage (in: phContext=0x32436a8, pMessage=0x3247de8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3247de8, pfQOP=0x0) returned 0x0 [0298.266] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0298.266] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0298.267] DecryptMessage (in: phContext=0x32436a8, pMessage=0x3249030, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3249030, pfQOP=0x0) returned 0x0 [0298.267] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0298.267] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0298.267] DecryptMessage (in: phContext=0x32436a8, pMessage=0x3249144, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3249144, pfQOP=0x0) returned 0x0 [0298.268] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0298.268] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0298.268] DecryptMessage (in: phContext=0x32436a8, pMessage=0x324b4a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x324b4a8, pfQOP=0x0) returned 0x0 [0298.269] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0298.269] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0298.269] DecryptMessage (in: phContext=0x32436a8, pMessage=0x324b5bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x324b5bc, pfQOP=0x0) returned 0x0 [0298.269] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0298.269] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0298.270] DecryptMessage (in: phContext=0x32436a8, pMessage=0x324b6d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x324b6d0, pfQOP=0x0) returned 0x0 [0298.270] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0298.271] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0298.271] DecryptMessage (in: phContext=0x32436a8, pMessage=0x324fc6c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x324fc6c, pfQOP=0x0) returned 0x0 [0298.271] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0298.271] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0298.271] DecryptMessage (in: phContext=0x32436a8, pMessage=0x324fd80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x324fd80, pfQOP=0x0) returned 0x0 [0298.271] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0298.272] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0298.272] DecryptMessage (in: phContext=0x32436a8, pMessage=0x324fe94, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x324fe94, pfQOP=0x0) returned 0x0 [0298.272] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0298.272] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0298.272] DecryptMessage (in: phContext=0x32436a8, pMessage=0x324ffa8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x324ffa8, pfQOP=0x0) returned 0x0 [0298.272] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0298.273] recv (in: s=0x74c, buf=0x2fe54ed, len=51, flags=0 | out: buf=0x2fe54ed*) returned 51 [0298.273] DecryptMessage (in: phContext=0x32436a8, pMessage=0x32500bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32500bc, pfQOP=0x0) returned 0x0 [0298.273] SetEvent (hEvent=0x4a8) returned 1 [0298.273] QueryContextAttributesW (in: phContext=0x32436a8, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0298.274] DeleteSecurityContext (phContext=0x32436a8) returned 0x0 [0298.275] shutdown (s=0x74c, how=2) returned 0 [0298.276] closesocket (s=0x74c) returned 0 [0298.285] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743603854119) returned 1 [0298.286] SetEvent (hEvent=0x4a8) returned 1 [0298.287] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0298.288] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0298.289] WSAConnect (in: s=0x74c, name=0x325348c*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0298.299] closesocket (s=0x45c) returned 0 [0298.300] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3253500, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32539e0, pOutput=0x3253978, pfContextAttr=0x3253890, ptsExpiry=0x73ed80 | out: phNewContext=0x32539e0, pOutput=0x3253978, pfContextAttr=0x3253890, ptsExpiry=0x73ed80) returned 0x90312 [0298.301] FreeContextBuffer (in: pvContextBuffer=0x5725e28 | out: pvContextBuffer=0x5725e28) returned 0x0 [0298.301] send (s=0x74c, buf=0x32539f4*, len=366, flags=0) returned 366 [0298.302] recv (in: s=0x74c, buf=0x32539f4, len=5, flags=0 | out: buf=0x32539f4*) returned 5 [0298.311] recv (in: s=0x74c, buf=0x32539f9, len=59, flags=0 | out: buf=0x32539f9*) returned 59 [0298.311] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3253500, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3253be8, Reserved2=0x0, phNewContext=0x32539e0, pOutput=0x3253bfc, pfContextAttr=0x3253890, ptsExpiry=0x73ecdc | out: phNewContext=0x32539e0, pOutput=0x3253bfc, pfContextAttr=0x3253890, ptsExpiry=0x73ecdc) returned 0x90312 [0298.312] recv (in: s=0x74c, buf=0x3253c8c, len=5, flags=0 | out: buf=0x3253c8c*) returned 5 [0298.312] recv (in: s=0x74c, buf=0x3253ca5, len=1, flags=0 | out: buf=0x3253ca5*) returned 1 [0298.312] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3253500, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3253d18, Reserved2=0x0, phNewContext=0x32539e0, pOutput=0x3253d2c, pfContextAttr=0x3253890, ptsExpiry=0x73ec3c | out: phNewContext=0x32539e0, pOutput=0x3253d2c, pfContextAttr=0x3253890, ptsExpiry=0x73ec3c) returned 0x90312 [0298.313] recv (in: s=0x74c, buf=0x3253dbc, len=5, flags=0 | out: buf=0x3253dbc*) returned 5 [0298.313] recv (in: s=0x74c, buf=0x3253dd5, len=40, flags=0 | out: buf=0x3253dd5*) returned 40 [0298.313] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3253500, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3253e70, Reserved2=0x0, phNewContext=0x32539e0, pOutput=0x3253e84, pfContextAttr=0x3253890, ptsExpiry=0x73eb9c | out: phNewContext=0x32539e0, pOutput=0x3253e84, pfContextAttr=0x3253890, ptsExpiry=0x73eb9c) returned 0x0 [0298.315] FreeContextBuffer (in: pvContextBuffer=0x9df7f8 | out: pvContextBuffer=0x9df7f8) returned 0x0 [0298.315] QueryContextAttributesW (in: phContext=0x32539e0, ulAttribute=0x4, pBuffer=0x3253f54 | out: pBuffer=0x3253f54) returned 0x0 [0298.315] QueryContextAttributesW (in: phContext=0x32539e0, ulAttribute=0x5a, pBuffer=0x3253f90 | out: pBuffer=0x3253f90) returned 0x0 [0298.315] QueryContextAttributesW (in: phContext=0x32539e0, ulAttribute=0x53, pBuffer=0x3253fdc | out: pBuffer=0x3253fdc) returned 0x0 [0298.317] CertDuplicateCertificateContext (pCertContext=0x9df828) returned 0x9df828 [0298.317] CertDuplicateStore (hCertStore=0x570d008) returned 0x570d008 [0298.317] CertEnumCertificatesInStore (hCertStore=0x570d008, pPrevCertContext=0x0) returned 0x9df918 [0298.319] CertDuplicateCertificateContext (pCertContext=0x9df918) returned 0x9df918 [0298.319] CertEnumCertificatesInStore (hCertStore=0x570d008, pPrevCertContext=0x9df918) returned 0x9df828 [0298.320] CertDuplicateCertificateContext (pCertContext=0x9df828) returned 0x9df828 [0298.320] CertEnumCertificatesInStore (hCertStore=0x570d008, pPrevCertContext=0x9df828) returned 0x0 [0298.320] CertCloseStore (hCertStore=0x570d008, dwFlags=0x0) returned 1 [0298.320] CertFreeCRLContext (pCrlContext=0x9df828) returned 1 [0298.321] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d968 [0298.321] CertAddCRLLinkToStore (in: hCertStore=0x570d968, pCrlContext=0x9df918, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0298.321] CertAddCRLLinkToStore (in: hCertStore=0x570d968, pCrlContext=0x9df828, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0298.322] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e220 [0298.322] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9df828, pTime=0x73ebb0, hAdditionalStore=0x570d968, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0298.323] LocalFree (hMem=0x99e220) returned 0x0 [0298.323] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0298.324] CertDuplicateCertificateContext (pCertContext=0x9df828) returned 0x9df828 [0298.324] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0298.325] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0298.325] CertFreeCertificateChain (pChainContext=0x9dd700) [0298.325] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0298.325] SetLastError (dwErrCode=0x0) [0298.325] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0298.326] CertFreeCertificateChain (pChainContext=0x9dd700) [0298.326] CertFreeCRLContext (pCrlContext=0x9df828) returned 1 [0298.326] EncryptMessage (in: phContext=0x32539e0, fQOP=0x0, pMessage=0x325570c, MessageSeqNo=0x0 | out: pMessage=0x325570c) returned 0x0 [0298.327] CoTaskMemAlloc (cb=0x10) returned 0x9f3a80 [0298.327] WSASend (in: s=0x74c, lpBuffers=0x9f3a80*=((len=0x33, buf=0x3253f00*), (len=0x4f, buf=0x3255628*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0298.327] CoTaskMemFree (pv=0x9f3a80) [0298.327] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0298.328] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0298.361] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0298.362] DecryptMessage (in: phContext=0x32539e0, pMessage=0x3255888, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3255888, pfQOP=0x0) returned 0x0 [0298.363] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0298.364] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0298.364] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0298.364] DecryptMessage (in: phContext=0x32539e0, pMessage=0x325731c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x325731c, pfQOP=0x0) returned 0x0 [0298.365] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0298.365] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0298.365] DecryptMessage (in: phContext=0x32539e0, pMessage=0x325812c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x325812c, pfQOP=0x0) returned 0x0 [0298.365] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0298.365] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0298.365] DecryptMessage (in: phContext=0x32539e0, pMessage=0x3259368, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3259368, pfQOP=0x0) returned 0x0 [0298.366] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0298.366] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0298.366] DecryptMessage (in: phContext=0x32539e0, pMessage=0x325947c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x325947c, pfQOP=0x0) returned 0x0 [0298.367] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0298.367] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0298.367] DecryptMessage (in: phContext=0x32539e0, pMessage=0x325b7e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x325b7e0, pfQOP=0x0) returned 0x0 [0298.367] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0298.367] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0298.367] DecryptMessage (in: phContext=0x32539e0, pMessage=0x325b8f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x325b8f4, pfQOP=0x0) returned 0x0 [0298.368] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0298.368] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0298.368] DecryptMessage (in: phContext=0x32539e0, pMessage=0x325ba08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x325ba08, pfQOP=0x0) returned 0x0 [0298.369] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0298.369] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0298.369] DecryptMessage (in: phContext=0x32539e0, pMessage=0x325ffa4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x325ffa4, pfQOP=0x0) returned 0x0 [0298.369] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0298.369] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0298.370] DecryptMessage (in: phContext=0x32539e0, pMessage=0x32600b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32600b8, pfQOP=0x0) returned 0x0 [0298.370] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0298.370] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0298.370] DecryptMessage (in: phContext=0x32539e0, pMessage=0x32601cc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32601cc, pfQOP=0x0) returned 0x0 [0298.370] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0298.370] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0298.371] DecryptMessage (in: phContext=0x32539e0, pMessage=0x32602e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32602e0, pfQOP=0x0) returned 0x0 [0298.371] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0298.371] recv (in: s=0x74c, buf=0x2fcd311, len=51, flags=0 | out: buf=0x2fcd311*) returned 51 [0298.371] DecryptMessage (in: phContext=0x32539e0, pMessage=0x32603f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32603f4, pfQOP=0x0) returned 0x0 [0298.371] SetEvent (hEvent=0x4a8) returned 1 [0298.372] QueryContextAttributesW (in: phContext=0x32539e0, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0298.372] DeleteSecurityContext (phContext=0x32539e0) returned 0x0 [0298.373] shutdown (s=0x74c, how=2) returned 0 [0298.373] closesocket (s=0x74c) returned 0 [0298.416] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743616931206) returned 1 [0298.416] SetEvent (hEvent=0x4a8) returned 1 [0298.418] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0298.419] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0298.420] WSAConnect (in: s=0x74c, name=0x32637d8*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0298.431] closesocket (s=0x45c) returned 0 [0298.432] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3263838, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3263d18, pOutput=0x3263cb0, pfContextAttr=0x3263bc8, ptsExpiry=0x73ed80 | out: phNewContext=0x3263d18, pOutput=0x3263cb0, pfContextAttr=0x3263bc8, ptsExpiry=0x73ed80) returned 0x90312 [0298.433] FreeContextBuffer (in: pvContextBuffer=0x5726448 | out: pvContextBuffer=0x5726448) returned 0x0 [0298.433] send (s=0x74c, buf=0x3263d2c*, len=366, flags=0) returned 366 [0298.433] recv (in: s=0x74c, buf=0x3263d2c, len=5, flags=0 | out: buf=0x3263d2c*) returned 5 [0298.444] recv (in: s=0x74c, buf=0x3263d31, len=59, flags=0 | out: buf=0x3263d31*) returned 59 [0298.444] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3263838, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3263f20, Reserved2=0x0, phNewContext=0x3263d18, pOutput=0x3263f34, pfContextAttr=0x3263bc8, ptsExpiry=0x73ecdc | out: phNewContext=0x3263d18, pOutput=0x3263f34, pfContextAttr=0x3263bc8, ptsExpiry=0x73ecdc) returned 0x90312 [0298.445] recv (in: s=0x74c, buf=0x3263fc4, len=5, flags=0 | out: buf=0x3263fc4*) returned 5 [0298.445] recv (in: s=0x74c, buf=0x3263fdd, len=1, flags=0 | out: buf=0x3263fdd*) returned 1 [0298.445] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3263838, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x326405c, Reserved2=0x0, phNewContext=0x3263d18, pOutput=0x3264070, pfContextAttr=0x3263bc8, ptsExpiry=0x73ec3c | out: phNewContext=0x3263d18, pOutput=0x3264070, pfContextAttr=0x3263bc8, ptsExpiry=0x73ec3c) returned 0x90312 [0298.446] recv (in: s=0x74c, buf=0x3264100, len=5, flags=0 | out: buf=0x3264100*) returned 5 [0298.446] recv (in: s=0x74c, buf=0x3264119, len=40, flags=0 | out: buf=0x3264119*) returned 40 [0298.446] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3263838, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32641b4, Reserved2=0x0, phNewContext=0x3263d18, pOutput=0x32641c8, pfContextAttr=0x3263bc8, ptsExpiry=0x73eb9c | out: phNewContext=0x3263d18, pOutput=0x32641c8, pfContextAttr=0x3263bc8, ptsExpiry=0x73eb9c) returned 0x0 [0298.448] FreeContextBuffer (in: pvContextBuffer=0x9df258 | out: pvContextBuffer=0x9df258) returned 0x0 [0298.448] QueryContextAttributesW (in: phContext=0x3263d18, ulAttribute=0x4, pBuffer=0x3264298 | out: pBuffer=0x3264298) returned 0x0 [0298.448] QueryContextAttributesW (in: phContext=0x3263d18, ulAttribute=0x5a, pBuffer=0x32642d4 | out: pBuffer=0x32642d4) returned 0x0 [0298.448] QueryContextAttributesW (in: phContext=0x3263d18, ulAttribute=0x53, pBuffer=0x3264320 | out: pBuffer=0x3264320) returned 0x0 [0298.449] CertDuplicateCertificateContext (pCertContext=0x9dec48) returned 0x9dec48 [0298.449] CertDuplicateStore (hCertStore=0x570d260) returned 0x570d260 [0298.450] CertEnumCertificatesInStore (hCertStore=0x570d260, pPrevCertContext=0x0) returned 0x9dea68 [0298.450] CertDuplicateCertificateContext (pCertContext=0x9dea68) returned 0x9dea68 [0298.450] CertEnumCertificatesInStore (hCertStore=0x570d260, pPrevCertContext=0x9dea68) returned 0x9dec48 [0298.451] CertDuplicateCertificateContext (pCertContext=0x9dec48) returned 0x9dec48 [0298.451] CertEnumCertificatesInStore (hCertStore=0x570d260, pPrevCertContext=0x9dec48) returned 0x0 [0298.451] CertCloseStore (hCertStore=0x570d260, dwFlags=0x0) returned 1 [0298.451] CertFreeCRLContext (pCrlContext=0x9dec48) returned 1 [0298.452] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d4b8 [0298.452] CertAddCRLLinkToStore (in: hCertStore=0x570d4b8, pCrlContext=0x9dea68, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0298.452] CertAddCRLLinkToStore (in: hCertStore=0x570d4b8, pCrlContext=0x9dec48, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0298.453] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e420 [0298.453] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9dec48, pTime=0x73ebb0, hAdditionalStore=0x570d4b8, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0298.454] LocalFree (hMem=0x99e420) returned 0x0 [0298.454] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0298.455] CertDuplicateCertificateContext (pCertContext=0x9dec48) returned 0x9dec48 [0298.456] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0298.458] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0298.458] CertFreeCertificateChain (pChainContext=0x9dd700) [0298.458] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0298.458] SetLastError (dwErrCode=0x0) [0298.458] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0298.458] CertFreeCertificateChain (pChainContext=0x9dd700) [0298.458] CertFreeCRLContext (pCrlContext=0x9dec48) returned 1 [0298.459] EncryptMessage (in: phContext=0x3263d18, fQOP=0x0, pMessage=0x3265a44, MessageSeqNo=0x0 | out: pMessage=0x3265a44) returned 0x0 [0298.459] CoTaskMemAlloc (cb=0x10) returned 0x9f3a80 [0298.459] WSASend (in: s=0x74c, lpBuffers=0x9f3a80*=((len=0x33, buf=0x3264244*), (len=0x4f, buf=0x3265960*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0298.459] CoTaskMemFree (pv=0x9f3a80) [0298.460] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0298.460] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0298.475] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0298.475] DecryptMessage (in: phContext=0x3263d18, pMessage=0x3265bc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3265bc0, pfQOP=0x0) returned 0x0 [0298.476] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0298.476] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0298.476] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0298.476] DecryptMessage (in: phContext=0x3263d18, pMessage=0x3267654, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3267654, pfQOP=0x0) returned 0x0 [0298.476] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0298.477] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0298.477] DecryptMessage (in: phContext=0x3263d18, pMessage=0x3268464, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3268464, pfQOP=0x0) returned 0x0 [0298.477] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0298.477] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0298.477] DecryptMessage (in: phContext=0x3263d18, pMessage=0x32696a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32696a0, pfQOP=0x0) returned 0x0 [0298.477] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0298.477] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0298.478] DecryptMessage (in: phContext=0x3263d18, pMessage=0x32697b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32697b4, pfQOP=0x0) returned 0x0 [0298.478] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0298.478] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0298.478] DecryptMessage (in: phContext=0x3263d18, pMessage=0x326bb18, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x326bb18, pfQOP=0x0) returned 0x0 [0298.478] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0298.478] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0298.479] DecryptMessage (in: phContext=0x3263d18, pMessage=0x326bc2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x326bc2c, pfQOP=0x0) returned 0x0 [0298.479] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0298.479] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0298.479] DecryptMessage (in: phContext=0x3263d18, pMessage=0x326bd40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x326bd40, pfQOP=0x0) returned 0x0 [0298.480] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0298.480] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0298.480] DecryptMessage (in: phContext=0x3263d18, pMessage=0x32702dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32702dc, pfQOP=0x0) returned 0x0 [0298.480] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0298.480] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0298.480] DecryptMessage (in: phContext=0x3263d18, pMessage=0x32703f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32703f0, pfQOP=0x0) returned 0x0 [0298.480] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0298.480] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0298.481] DecryptMessage (in: phContext=0x3263d18, pMessage=0x3270504, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3270504, pfQOP=0x0) returned 0x0 [0298.481] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0298.481] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0298.481] DecryptMessage (in: phContext=0x3263d18, pMessage=0x3270618, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3270618, pfQOP=0x0) returned 0x0 [0298.481] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0298.481] recv (in: s=0x74c, buf=0x2fd5381, len=51, flags=0 | out: buf=0x2fd5381*) returned 51 [0298.482] DecryptMessage (in: phContext=0x3263d18, pMessage=0x3270738, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3270738, pfQOP=0x0) returned 0x0 [0298.482] SetEvent (hEvent=0x4a8) returned 1 [0298.482] QueryContextAttributesW (in: phContext=0x3263d18, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0298.482] DeleteSecurityContext (phContext=0x3263d18) returned 0x0 [0298.483] shutdown (s=0x74c, how=2) returned 0 [0298.485] closesocket (s=0x74c) returned 0 [0298.491] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743624409922) returned 1 [0298.491] SetEvent (hEvent=0x4a8) returned 1 [0298.493] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0298.493] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0298.494] WSAConnect (in: s=0x74c, name=0x3273afc*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0298.504] closesocket (s=0x45c) returned 0 [0298.505] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3273b70, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x327405c, pOutput=0x3273ff4, pfContextAttr=0x3273f00, ptsExpiry=0x73ed80 | out: phNewContext=0x327405c, pOutput=0x3273ff4, pfContextAttr=0x3273f00, ptsExpiry=0x73ed80) returned 0x90312 [0298.505] FreeContextBuffer (in: pvContextBuffer=0x5726138 | out: pvContextBuffer=0x5726138) returned 0x0 [0298.505] send (s=0x74c, buf=0x3274070*, len=366, flags=0) returned 366 [0298.506] recv (in: s=0x74c, buf=0x3274070, len=5, flags=0 | out: buf=0x3274070*) returned 5 [0298.516] recv (in: s=0x74c, buf=0x3274075, len=59, flags=0 | out: buf=0x3274075*) returned 59 [0298.516] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3273b70, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3274264, Reserved2=0x0, phNewContext=0x327405c, pOutput=0x3274278, pfContextAttr=0x3273f00, ptsExpiry=0x73ecdc | out: phNewContext=0x327405c, pOutput=0x3274278, pfContextAttr=0x3273f00, ptsExpiry=0x73ecdc) returned 0x90312 [0298.516] recv (in: s=0x74c, buf=0x3274308, len=5, flags=0 | out: buf=0x3274308*) returned 5 [0298.517] recv (in: s=0x74c, buf=0x3274321, len=1, flags=0 | out: buf=0x3274321*) returned 1 [0298.517] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3273b70, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3274394, Reserved2=0x0, phNewContext=0x327405c, pOutput=0x32743a8, pfContextAttr=0x3273f00, ptsExpiry=0x73ec3c | out: phNewContext=0x327405c, pOutput=0x32743a8, pfContextAttr=0x3273f00, ptsExpiry=0x73ec3c) returned 0x90312 [0298.517] recv (in: s=0x74c, buf=0x3274438, len=5, flags=0 | out: buf=0x3274438*) returned 5 [0298.517] recv (in: s=0x74c, buf=0x3274451, len=40, flags=0 | out: buf=0x3274451*) returned 40 [0298.518] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3273b70, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32744ec, Reserved2=0x0, phNewContext=0x327405c, pOutput=0x3274500, pfContextAttr=0x3273f00, ptsExpiry=0x73eb9c | out: phNewContext=0x327405c, pOutput=0x3274500, pfContextAttr=0x3273f00, ptsExpiry=0x73eb9c) returned 0x0 [0298.519] FreeContextBuffer (in: pvContextBuffer=0x9def38 | out: pvContextBuffer=0x9def38) returned 0x0 [0298.519] QueryContextAttributesW (in: phContext=0x327405c, ulAttribute=0x4, pBuffer=0x32745d0 | out: pBuffer=0x32745d0) returned 0x0 [0298.519] QueryContextAttributesW (in: phContext=0x327405c, ulAttribute=0x5a, pBuffer=0x327460c | out: pBuffer=0x327460c) returned 0x0 [0298.519] QueryContextAttributesW (in: phContext=0x327405c, ulAttribute=0x53, pBuffer=0x3274658 | out: pBuffer=0x3274658) returned 0x0 [0298.520] CertDuplicateCertificateContext (pCertContext=0x9df0a8) returned 0x9df0a8 [0298.520] CertDuplicateStore (hCertStore=0x570d080) returned 0x570d080 [0298.520] CertEnumCertificatesInStore (hCertStore=0x570d080, pPrevCertContext=0x0) returned 0x9df2d8 [0298.521] CertDuplicateCertificateContext (pCertContext=0x9df2d8) returned 0x9df2d8 [0298.521] CertEnumCertificatesInStore (hCertStore=0x570d080, pPrevCertContext=0x9df2d8) returned 0x9df0a8 [0298.521] CertDuplicateCertificateContext (pCertContext=0x9df0a8) returned 0x9df0a8 [0298.521] CertEnumCertificatesInStore (hCertStore=0x570d080, pPrevCertContext=0x9df0a8) returned 0x0 [0298.522] CertCloseStore (hCertStore=0x570d080, dwFlags=0x0) returned 1 [0298.522] CertFreeCRLContext (pCrlContext=0x9df0a8) returned 1 [0298.522] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570d2d8 [0298.523] CertAddCRLLinkToStore (in: hCertStore=0x570d2d8, pCrlContext=0x9df2d8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0298.523] CertAddCRLLinkToStore (in: hCertStore=0x570d2d8, pCrlContext=0x9df0a8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0298.523] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e0c0 [0298.524] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9df0a8, pTime=0x73ebb0, hAdditionalStore=0x570d2d8, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0298.524] LocalFree (hMem=0x99e0c0) returned 0x0 [0298.524] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0298.525] CertDuplicateCertificateContext (pCertContext=0x9df0a8) returned 0x9df0a8 [0298.525] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0298.526] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0298.526] CertFreeCertificateChain (pChainContext=0x9dd700) [0298.526] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0298.526] SetLastError (dwErrCode=0x0) [0298.526] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0298.526] CertFreeCertificateChain (pChainContext=0x9dd700) [0298.526] CertFreeCRLContext (pCrlContext=0x9df0a8) returned 1 [0298.527] EncryptMessage (in: phContext=0x327405c, fQOP=0x0, pMessage=0x3275d7c, MessageSeqNo=0x0 | out: pMessage=0x3275d7c) returned 0x0 [0298.527] CoTaskMemAlloc (cb=0x10) returned 0x9f39a8 [0298.527] WSASend (in: s=0x74c, lpBuffers=0x9f39a8*=((len=0x33, buf=0x327457c*), (len=0x4f, buf=0x3275c98*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0298.528] CoTaskMemFree (pv=0x9f39a8) [0298.528] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0298.528] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0298.545] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0298.545] DecryptMessage (in: phContext=0x327405c, pMessage=0x3275ef8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3275ef8, pfQOP=0x0) returned 0x0 [0298.546] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0298.546] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0298.546] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0298.546] DecryptMessage (in: phContext=0x327405c, pMessage=0x327798c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x327798c, pfQOP=0x0) returned 0x0 [0298.547] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0298.547] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0298.547] DecryptMessage (in: phContext=0x327405c, pMessage=0x327879c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x327879c, pfQOP=0x0) returned 0x0 [0298.547] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0298.547] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0298.548] DecryptMessage (in: phContext=0x327405c, pMessage=0x32799d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32799d8, pfQOP=0x0) returned 0x0 [0298.548] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0298.548] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0298.548] DecryptMessage (in: phContext=0x327405c, pMessage=0x3279aec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3279aec, pfQOP=0x0) returned 0x0 [0298.549] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0298.549] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0298.549] DecryptMessage (in: phContext=0x327405c, pMessage=0x327be50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x327be50, pfQOP=0x0) returned 0x0 [0298.549] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0298.549] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0298.550] DecryptMessage (in: phContext=0x327405c, pMessage=0x327bf64, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x327bf64, pfQOP=0x0) returned 0x0 [0298.552] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0298.552] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0298.552] DecryptMessage (in: phContext=0x327405c, pMessage=0x327c078, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x327c078, pfQOP=0x0) returned 0x0 [0298.553] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0298.553] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0298.553] DecryptMessage (in: phContext=0x327405c, pMessage=0x3280614, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3280614, pfQOP=0x0) returned 0x0 [0298.553] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0298.553] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0298.554] DecryptMessage (in: phContext=0x327405c, pMessage=0x3280734, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3280734, pfQOP=0x0) returned 0x0 [0298.554] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0298.554] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0298.554] DecryptMessage (in: phContext=0x327405c, pMessage=0x3280848, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3280848, pfQOP=0x0) returned 0x0 [0298.555] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0298.555] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0298.555] DecryptMessage (in: phContext=0x327405c, pMessage=0x328095c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x328095c, pfQOP=0x0) returned 0x0 [0298.555] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0298.555] recv (in: s=0x74c, buf=0x2fd93b9, len=51, flags=0 | out: buf=0x2fd93b9*) returned 51 [0298.556] DecryptMessage (in: phContext=0x327405c, pMessage=0x3280a70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3280a70, pfQOP=0x0) returned 0x0 [0298.556] SetEvent (hEvent=0x4a8) returned 1 [0298.556] QueryContextAttributesW (in: phContext=0x327405c, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0298.556] DeleteSecurityContext (phContext=0x327405c) returned 0x0 [0298.559] shutdown (s=0x74c, how=2) returned 0 [0298.560] closesocket (s=0x74c) returned 0 [0298.570] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743632312851) returned 1 [0298.570] SetEvent (hEvent=0x4a8) returned 1 [0298.572] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0298.573] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0298.573] WSAConnect (in: s=0x74c, name=0x3283e48*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0298.594] closesocket (s=0x45c) returned 0 [0298.595] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3283ea8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3284394, pOutput=0x328432c, pfContextAttr=0x3284244, ptsExpiry=0x73ed80 | out: phNewContext=0x3284394, pOutput=0x328432c, pfContextAttr=0x3284244, ptsExpiry=0x73ed80) returned 0x90312 [0298.598] FreeContextBuffer (in: pvContextBuffer=0x5725e28 | out: pvContextBuffer=0x5725e28) returned 0x0 [0298.598] send (s=0x74c, buf=0x32843a8*, len=366, flags=0) returned 366 [0298.598] recv (in: s=0x74c, buf=0x32843a8, len=5, flags=0 | out: buf=0x32843a8*) returned 5 [0298.700] recv (in: s=0x74c, buf=0x32843ad, len=59, flags=0 | out: buf=0x32843ad*) returned 59 [0298.701] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3283ea8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x328459c, Reserved2=0x0, phNewContext=0x3284394, pOutput=0x32845b0, pfContextAttr=0x3284244, ptsExpiry=0x73ecdc | out: phNewContext=0x3284394, pOutput=0x32845b0, pfContextAttr=0x3284244, ptsExpiry=0x73ecdc) returned 0x90312 [0298.711] recv (in: s=0x74c, buf=0x3284640, len=5, flags=0 | out: buf=0x3284640*) returned 5 [0298.711] recv (in: s=0x74c, buf=0x3284659, len=1, flags=0 | out: buf=0x3284659*) returned 1 [0298.712] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3283ea8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32846cc, Reserved2=0x0, phNewContext=0x3284394, pOutput=0x32846e0, pfContextAttr=0x3284244, ptsExpiry=0x73ec3c | out: phNewContext=0x3284394, pOutput=0x32846e0, pfContextAttr=0x3284244, ptsExpiry=0x73ec3c) returned 0x90312 [0298.712] recv (in: s=0x74c, buf=0x3284770, len=5, flags=0 | out: buf=0x3284770*) returned 5 [0298.712] recv (in: s=0x74c, buf=0x3284789, len=40, flags=0 | out: buf=0x3284789*) returned 40 [0298.713] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3283ea8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3284824, Reserved2=0x0, phNewContext=0x3284394, pOutput=0x3284838, pfContextAttr=0x3284244, ptsExpiry=0x73eb9c | out: phNewContext=0x3284394, pOutput=0x3284838, pfContextAttr=0x3284244, ptsExpiry=0x73eb9c) returned 0x0 [0298.715] FreeContextBuffer (in: pvContextBuffer=0x9dead8 | out: pvContextBuffer=0x9dead8) returned 0x0 [0298.715] QueryContextAttributesW (in: phContext=0x3284394, ulAttribute=0x4, pBuffer=0x3284908 | out: pBuffer=0x3284908) returned 0x0 [0298.715] QueryContextAttributesW (in: phContext=0x3284394, ulAttribute=0x5a, pBuffer=0x3284944 | out: pBuffer=0x3284944) returned 0x0 [0298.715] QueryContextAttributesW (in: phContext=0x3284394, ulAttribute=0x53, pBuffer=0x3284990 | out: pBuffer=0x3284990) returned 0x0 [0298.717] CertDuplicateCertificateContext (pCertContext=0x9ded88) returned 0x9ded88 [0298.717] CertDuplicateStore (hCertStore=0x570db48) returned 0x570db48 [0298.717] CertEnumCertificatesInStore (hCertStore=0x570db48, pPrevCertContext=0x0) returned 0x9deec8 [0298.718] CertDuplicateCertificateContext (pCertContext=0x9deec8) returned 0x9deec8 [0298.718] CertEnumCertificatesInStore (hCertStore=0x570db48, pPrevCertContext=0x9deec8) returned 0x9ded88 [0298.718] CertDuplicateCertificateContext (pCertContext=0x9ded88) returned 0x9ded88 [0298.719] CertEnumCertificatesInStore (hCertStore=0x570db48, pPrevCertContext=0x9ded88) returned 0x0 [0298.719] CertCloseStore (hCertStore=0x570db48, dwFlags=0x0) returned 1 [0298.719] CertFreeCRLContext (pCrlContext=0x9ded88) returned 1 [0298.720] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570dbc0 [0298.720] CertAddCRLLinkToStore (in: hCertStore=0x570dbc0, pCrlContext=0x9deec8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0298.720] CertAddCRLLinkToStore (in: hCertStore=0x570dbc0, pCrlContext=0x9ded88, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0298.721] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e6c0 [0298.722] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9ded88, pTime=0x73ebb0, hAdditionalStore=0x570dbc0, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0298.731] LocalFree (hMem=0x99e6c0) returned 0x0 [0298.731] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0298.732] CertDuplicateCertificateContext (pCertContext=0x9ded88) returned 0x9ded88 [0298.734] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0298.735] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0298.735] CertFreeCertificateChain (pChainContext=0x9dd700) [0298.735] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0298.735] SetLastError (dwErrCode=0x0) [0298.735] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0298.736] CertFreeCertificateChain (pChainContext=0x9dd700) [0298.736] CertFreeCRLContext (pCrlContext=0x9ded88) returned 1 [0298.737] EncryptMessage (in: phContext=0x3284394, fQOP=0x0, pMessage=0x32860c0, MessageSeqNo=0x0 | out: pMessage=0x32860c0) returned 0x0 [0298.737] CoTaskMemAlloc (cb=0x10) returned 0x9f3948 [0298.737] WSASend (in: s=0x74c, lpBuffers=0x9f3948*=((len=0x33, buf=0x32848b4*), (len=0x4f, buf=0x3285fdc*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0298.963] CoTaskMemFree (pv=0x9f3948) [0298.963] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0298.963] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0298.964] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0298.964] DecryptMessage (in: phContext=0x3284394, pMessage=0x328623c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x328623c, pfQOP=0x0) returned 0x0 [0298.964] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0298.964] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0298.965] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0298.965] DecryptMessage (in: phContext=0x3284394, pMessage=0x3287cc4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3287cc4, pfQOP=0x0) returned 0x0 [0298.965] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0298.965] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0298.965] DecryptMessage (in: phContext=0x3284394, pMessage=0x3288ad4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3288ad4, pfQOP=0x0) returned 0x0 [0298.966] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0298.966] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0298.966] DecryptMessage (in: phContext=0x3284394, pMessage=0x3289d10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3289d10, pfQOP=0x0) returned 0x0 [0298.966] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0298.966] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0298.966] DecryptMessage (in: phContext=0x3284394, pMessage=0x3289e24, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3289e24, pfQOP=0x0) returned 0x0 [0298.967] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0298.967] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0298.967] DecryptMessage (in: phContext=0x3284394, pMessage=0x328c188, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x328c188, pfQOP=0x0) returned 0x0 [0298.968] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0298.968] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0298.968] DecryptMessage (in: phContext=0x3284394, pMessage=0x328c2a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x328c2a8, pfQOP=0x0) returned 0x0 [0298.968] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0298.969] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0298.969] DecryptMessage (in: phContext=0x3284394, pMessage=0x328c3bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x328c3bc, pfQOP=0x0) returned 0x0 [0298.970] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0298.970] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0298.971] DecryptMessage (in: phContext=0x3284394, pMessage=0x3290958, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3290958, pfQOP=0x0) returned 0x0 [0298.971] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0298.971] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0298.971] DecryptMessage (in: phContext=0x3284394, pMessage=0x3290a6c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3290a6c, pfQOP=0x0) returned 0x0 [0298.971] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0298.972] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0298.972] DecryptMessage (in: phContext=0x3284394, pMessage=0x3290b80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3290b80, pfQOP=0x0) returned 0x0 [0298.972] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0298.972] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0298.973] DecryptMessage (in: phContext=0x3284394, pMessage=0x3290c94, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3290c94, pfQOP=0x0) returned 0x0 [0298.973] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0298.976] recv (in: s=0x74c, buf=0x2fd1349, len=29, flags=0 | out: buf=0x2fd1349*) returned 29 [0298.976] DecryptMessage (in: phContext=0x3284394, pMessage=0x3290da8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3290da8, pfQOP=0x0) returned 0x0 [0298.976] SetEvent (hEvent=0x4a8) returned 1 [0298.977] QueryContextAttributesW (in: phContext=0x3284394, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0298.977] DeleteSecurityContext (phContext=0x3284394) returned 0x0 [0298.978] shutdown (s=0x74c, how=2) returned 0 [0298.978] closesocket (s=0x74c) returned 0 [0298.984] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743673712910) returned 1 [0298.984] SetEvent (hEvent=0x4a8) returned 1 [0298.990] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0298.991] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0298.991] WSAConnect (in: s=0x74c, name=0x3294180*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0299.001] closesocket (s=0x45c) returned 0 [0299.002] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32941e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32946cc, pOutput=0x3294658, pfContextAttr=0x3294570, ptsExpiry=0x73ed80 | out: phNewContext=0x32946cc, pOutput=0x3294658, pfContextAttr=0x3294570, ptsExpiry=0x73ed80) returned 0x90312 [0299.002] FreeContextBuffer (in: pvContextBuffer=0x5725e28 | out: pvContextBuffer=0x5725e28) returned 0x0 [0299.002] send (s=0x74c, buf=0x32946e0*, len=366, flags=0) returned 366 [0299.005] recv (in: s=0x74c, buf=0x32946e0, len=5, flags=0 | out: buf=0x32946e0*) returned 5 [0299.012] recv (in: s=0x74c, buf=0x32946e5, len=59, flags=0 | out: buf=0x32946e5*) returned 59 [0299.012] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32941e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32948d4, Reserved2=0x0, phNewContext=0x32946cc, pOutput=0x32948e8, pfContextAttr=0x3294570, ptsExpiry=0x73ecdc | out: phNewContext=0x32946cc, pOutput=0x32948e8, pfContextAttr=0x3294570, ptsExpiry=0x73ecdc) returned 0x90312 [0299.012] recv (in: s=0x74c, buf=0x3294978, len=5, flags=0 | out: buf=0x3294978*) returned 5 [0299.012] recv (in: s=0x74c, buf=0x3294991, len=1, flags=0 | out: buf=0x3294991*) returned 1 [0299.013] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32941e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3294a04, Reserved2=0x0, phNewContext=0x32946cc, pOutput=0x3294a18, pfContextAttr=0x3294570, ptsExpiry=0x73ec3c | out: phNewContext=0x32946cc, pOutput=0x3294a18, pfContextAttr=0x3294570, ptsExpiry=0x73ec3c) returned 0x90312 [0299.013] recv (in: s=0x74c, buf=0x3294aa8, len=5, flags=0 | out: buf=0x3294aa8*) returned 5 [0299.013] recv (in: s=0x74c, buf=0x3294ac1, len=40, flags=0 | out: buf=0x3294ac1*) returned 40 [0299.013] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32941e0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3294b5c, Reserved2=0x0, phNewContext=0x32946cc, pOutput=0x3294b70, pfContextAttr=0x3294570, ptsExpiry=0x73eb9c | out: phNewContext=0x32946cc, pOutput=0x3294b70, pfContextAttr=0x3294570, ptsExpiry=0x73eb9c) returned 0x0 [0299.014] FreeContextBuffer (in: pvContextBuffer=0x9df1b8 | out: pvContextBuffer=0x9df1b8) returned 0x0 [0299.014] QueryContextAttributesW (in: phContext=0x32946cc, ulAttribute=0x4, pBuffer=0x3294c40 | out: pBuffer=0x3294c40) returned 0x0 [0299.015] QueryContextAttributesW (in: phContext=0x32946cc, ulAttribute=0x5a, pBuffer=0x3294c7c | out: pBuffer=0x3294c7c) returned 0x0 [0299.015] QueryContextAttributesW (in: phContext=0x32946cc, ulAttribute=0x53, pBuffer=0x3294cc8 | out: pBuffer=0x3294cc8) returned 0x0 [0299.015] CertDuplicateCertificateContext (pCertContext=0x9def68) returned 0x9def68 [0299.016] CertDuplicateStore (hCertStore=0x570d170) returned 0x570d170 [0299.016] CertEnumCertificatesInStore (hCertStore=0x570d170, pPrevCertContext=0x0) returned 0x9df378 [0299.016] CertDuplicateCertificateContext (pCertContext=0x9df378) returned 0x9df378 [0299.016] CertEnumCertificatesInStore (hCertStore=0x570d170, pPrevCertContext=0x9df378) returned 0x9def68 [0299.017] CertDuplicateCertificateContext (pCertContext=0x9def68) returned 0x9def68 [0299.017] CertEnumCertificatesInStore (hCertStore=0x570d170, pPrevCertContext=0x9def68) returned 0x0 [0299.017] CertCloseStore (hCertStore=0x570d170, dwFlags=0x0) returned 1 [0299.017] CertFreeCRLContext (pCrlContext=0x9def68) returned 1 [0299.018] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x570df08 [0299.018] CertAddCRLLinkToStore (in: hCertStore=0x570df08, pCrlContext=0x9df378, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0299.018] CertAddCRLLinkToStore (in: hCertStore=0x570df08, pCrlContext=0x9def68, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0299.019] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e460 [0299.019] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9def68, pTime=0x73ebb0, hAdditionalStore=0x570df08, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0299.023] LocalFree (hMem=0x99e460) returned 0x0 [0299.023] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0299.023] CertDuplicateCertificateContext (pCertContext=0x9def68) returned 0x9def68 [0299.024] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0299.024] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0299.024] CertFreeCertificateChain (pChainContext=0x9dd700) [0299.024] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0299.025] SetLastError (dwErrCode=0x0) [0299.025] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0299.025] CertFreeCertificateChain (pChainContext=0x9dd700) [0299.025] CertFreeCRLContext (pCrlContext=0x9def68) returned 1 [0299.026] EncryptMessage (in: phContext=0x32946cc, fQOP=0x0, pMessage=0x32963ec, MessageSeqNo=0x0 | out: pMessage=0x32963ec) returned 0x0 [0299.026] CoTaskMemAlloc (cb=0x10) returned 0x9f3a80 [0299.026] WSASend (in: s=0x74c, lpBuffers=0x9f3a80*=((len=0x33, buf=0x3294bec*), (len=0x4f, buf=0x3296308*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0299.026] CoTaskMemFree (pv=0x9f3a80) [0299.027] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0299.027] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0299.047] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0299.047] DecryptMessage (in: phContext=0x32946cc, pMessage=0x3296568, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3296568, pfQOP=0x0) returned 0x0 [0299.047] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0299.048] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0299.048] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0299.048] DecryptMessage (in: phContext=0x32946cc, pMessage=0x3297ffc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3297ffc, pfQOP=0x0) returned 0x0 [0299.048] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0299.048] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0299.049] DecryptMessage (in: phContext=0x32946cc, pMessage=0x3298e0c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3298e0c, pfQOP=0x0) returned 0x0 [0299.049] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0299.049] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0299.049] DecryptMessage (in: phContext=0x32946cc, pMessage=0x329a048, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329a048, pfQOP=0x0) returned 0x0 [0299.049] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0299.049] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0299.049] DecryptMessage (in: phContext=0x32946cc, pMessage=0x329a15c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329a15c, pfQOP=0x0) returned 0x0 [0299.050] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0299.050] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0299.051] DecryptMessage (in: phContext=0x32946cc, pMessage=0x329c4c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329c4c0, pfQOP=0x0) returned 0x0 [0299.051] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0299.051] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0299.051] DecryptMessage (in: phContext=0x32946cc, pMessage=0x329c5d4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329c5d4, pfQOP=0x0) returned 0x0 [0299.051] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0299.051] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0299.051] DecryptMessage (in: phContext=0x32946cc, pMessage=0x329c6e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329c6e8, pfQOP=0x0) returned 0x0 [0299.052] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0299.052] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0299.052] DecryptMessage (in: phContext=0x32946cc, pMessage=0x32a0c84, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a0c84, pfQOP=0x0) returned 0x0 [0299.052] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0299.053] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0299.053] DecryptMessage (in: phContext=0x32946cc, pMessage=0x32a0da4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a0da4, pfQOP=0x0) returned 0x0 [0299.053] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0299.053] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0299.053] DecryptMessage (in: phContext=0x32946cc, pMessage=0x32a0eb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a0eb8, pfQOP=0x0) returned 0x0 [0299.053] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0299.054] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0299.054] DecryptMessage (in: phContext=0x32946cc, pMessage=0x32a0fcc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a0fcc, pfQOP=0x0) returned 0x0 [0299.054] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0299.054] recv (in: s=0x74c, buf=0x2fc52a1, len=51, flags=0 | out: buf=0x2fc52a1*) returned 51 [0299.054] DecryptMessage (in: phContext=0x32946cc, pMessage=0x32a10e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a10e0, pfQOP=0x0) returned 0x0 [0299.054] SetEvent (hEvent=0x4a8) returned 1 [0299.055] QueryContextAttributesW (in: phContext=0x32946cc, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0299.055] DeleteSecurityContext (phContext=0x32946cc) returned 0x0 [0299.101] shutdown (s=0x74c, how=2) returned 0 [0299.102] closesocket (s=0x74c) returned 0 [0299.109] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743686210862) returned 1 [0299.109] SetEvent (hEvent=0x4a8) returned 1 [0299.115] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0299.116] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0299.116] WSAConnect (in: s=0x74c, name=0x32a44c4*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0299.126] closesocket (s=0x45c) returned 0 [0299.129] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32a4524, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32a4a04, pOutput=0x32a499c, pfContextAttr=0x32a48b4, ptsExpiry=0x73ed80 | out: phNewContext=0x32a4a04, pOutput=0x32a499c, pfContextAttr=0x32a48b4, ptsExpiry=0x73ed80) returned 0x90312 [0299.130] FreeContextBuffer (in: pvContextBuffer=0x5726448 | out: pvContextBuffer=0x5726448) returned 0x0 [0299.130] send (s=0x74c, buf=0x32a4a18*, len=366, flags=0) returned 366 [0299.131] recv (in: s=0x74c, buf=0x32a4a18, len=5, flags=0 | out: buf=0x32a4a18*) returned 5 [0299.139] recv (in: s=0x74c, buf=0x32a4a1d, len=59, flags=0 | out: buf=0x32a4a1d*) returned 59 [0299.139] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32a4524, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32a4c0c, Reserved2=0x0, phNewContext=0x32a4a04, pOutput=0x32a4c20, pfContextAttr=0x32a48b4, ptsExpiry=0x73ecdc | out: phNewContext=0x32a4a04, pOutput=0x32a4c20, pfContextAttr=0x32a48b4, ptsExpiry=0x73ecdc) returned 0x90312 [0299.140] recv (in: s=0x74c, buf=0x32a4cb0, len=5, flags=0 | out: buf=0x32a4cb0*) returned 5 [0299.140] recv (in: s=0x74c, buf=0x32a4cc9, len=1, flags=0 | out: buf=0x32a4cc9*) returned 1 [0299.140] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32a4524, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32a4d3c, Reserved2=0x0, phNewContext=0x32a4a04, pOutput=0x32a4d50, pfContextAttr=0x32a48b4, ptsExpiry=0x73ec3c | out: phNewContext=0x32a4a04, pOutput=0x32a4d50, pfContextAttr=0x32a48b4, ptsExpiry=0x73ec3c) returned 0x90312 [0299.141] recv (in: s=0x74c, buf=0x32a4de0, len=5, flags=0 | out: buf=0x32a4de0*) returned 5 [0299.141] recv (in: s=0x74c, buf=0x32a4df9, len=40, flags=0 | out: buf=0x32a4df9*) returned 40 [0299.141] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32a4524, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32a4e94, Reserved2=0x0, phNewContext=0x32a4a04, pOutput=0x32a4ea8, pfContextAttr=0x32a48b4, ptsExpiry=0x73eb9c | out: phNewContext=0x32a4a04, pOutput=0x32a4ea8, pfContextAttr=0x32a48b4, ptsExpiry=0x73eb9c) returned 0x0 [0299.146] FreeContextBuffer (in: pvContextBuffer=0x9df1b8 | out: pvContextBuffer=0x9df1b8) returned 0x0 [0299.146] QueryContextAttributesW (in: phContext=0x32a4a04, ulAttribute=0x4, pBuffer=0x32a4f78 | out: pBuffer=0x32a4f78) returned 0x0 [0299.146] QueryContextAttributesW (in: phContext=0x32a4a04, ulAttribute=0x5a, pBuffer=0x32a4fb4 | out: pBuffer=0x32a4fb4) returned 0x0 [0299.146] QueryContextAttributesW (in: phContext=0x32a4a04, ulAttribute=0x53, pBuffer=0x32a5000 | out: pBuffer=0x32a5000) returned 0x0 [0299.147] CertDuplicateCertificateContext (pCertContext=0x9dee28) returned 0x9dee28 [0299.148] CertDuplicateStore (hCertStore=0x92f758) returned 0x92f758 [0299.148] CertEnumCertificatesInStore (hCertStore=0x92f758, pPrevCertContext=0x0) returned 0x9ded38 [0299.148] CertDuplicateCertificateContext (pCertContext=0x9ded38) returned 0x9ded38 [0299.148] CertEnumCertificatesInStore (hCertStore=0x92f758, pPrevCertContext=0x9ded38) returned 0x9dee28 [0299.149] CertDuplicateCertificateContext (pCertContext=0x9dee28) returned 0x9dee28 [0299.149] CertEnumCertificatesInStore (hCertStore=0x92f758, pPrevCertContext=0x9dee28) returned 0x0 [0299.149] CertCloseStore (hCertStore=0x92f758, dwFlags=0x0) returned 1 [0299.149] CertFreeCRLContext (pCrlContext=0x9dee28) returned 1 [0299.150] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x92f7d0 [0299.150] CertAddCRLLinkToStore (in: hCertStore=0x92f7d0, pCrlContext=0x9ded38, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0299.150] CertAddCRLLinkToStore (in: hCertStore=0x92f7d0, pCrlContext=0x9dee28, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0299.151] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e540 [0299.151] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9dee28, pTime=0x73ebb0, hAdditionalStore=0x92f7d0, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0299.151] LocalFree (hMem=0x99e540) returned 0x0 [0299.152] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0299.152] CertDuplicateCertificateContext (pCertContext=0x9dee28) returned 0x9dee28 [0299.153] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0299.153] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0299.153] CertFreeCertificateChain (pChainContext=0x9dd700) [0299.153] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0299.153] SetLastError (dwErrCode=0x0) [0299.153] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0299.155] CertFreeCertificateChain (pChainContext=0x9dd700) [0299.155] CertFreeCRLContext (pCrlContext=0x9dee28) returned 1 [0299.155] EncryptMessage (in: phContext=0x32a4a04, fQOP=0x0, pMessage=0x32a6730, MessageSeqNo=0x0 | out: pMessage=0x32a6730) returned 0x0 [0299.155] CoTaskMemAlloc (cb=0x10) returned 0x9f39a8 [0299.155] WSASend (in: s=0x74c, lpBuffers=0x9f39a8*=((len=0x33, buf=0x32a4f24*), (len=0x4f, buf=0x32a664c*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0299.161] CoTaskMemFree (pv=0x9f39a8) [0299.161] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0299.161] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0299.173] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0299.173] DecryptMessage (in: phContext=0x32a4a04, pMessage=0x32a68ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a68ac, pfQOP=0x0) returned 0x0 [0299.173] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0299.174] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0299.174] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0299.174] DecryptMessage (in: phContext=0x32a4a04, pMessage=0x32a8340, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a8340, pfQOP=0x0) returned 0x0 [0299.174] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0299.174] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0299.174] DecryptMessage (in: phContext=0x32a4a04, pMessage=0x32a9144, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a9144, pfQOP=0x0) returned 0x0 [0299.175] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0299.175] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0299.175] DecryptMessage (in: phContext=0x32a4a04, pMessage=0x32aa38c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32aa38c, pfQOP=0x0) returned 0x0 [0299.176] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0299.176] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0299.176] DecryptMessage (in: phContext=0x32a4a04, pMessage=0x32aa4a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32aa4a0, pfQOP=0x0) returned 0x0 [0299.176] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0299.176] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0299.177] DecryptMessage (in: phContext=0x32a4a04, pMessage=0x32ac804, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ac804, pfQOP=0x0) returned 0x0 [0299.177] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0299.177] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0299.177] DecryptMessage (in: phContext=0x32a4a04, pMessage=0x32ac918, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ac918, pfQOP=0x0) returned 0x0 [0299.177] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0299.177] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0299.177] DecryptMessage (in: phContext=0x32a4a04, pMessage=0x32aca2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32aca2c, pfQOP=0x0) returned 0x0 [0299.179] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0299.179] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0299.179] DecryptMessage (in: phContext=0x32a4a04, pMessage=0x32b0fc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b0fc8, pfQOP=0x0) returned 0x0 [0299.179] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0299.179] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0299.179] DecryptMessage (in: phContext=0x32a4a04, pMessage=0x32b10dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b10dc, pfQOP=0x0) returned 0x0 [0299.179] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0299.179] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0299.180] DecryptMessage (in: phContext=0x32a4a04, pMessage=0x32b11f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b11f0, pfQOP=0x0) returned 0x0 [0299.180] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0299.180] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0299.180] DecryptMessage (in: phContext=0x32a4a04, pMessage=0x32b1304, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b1304, pfQOP=0x0) returned 0x0 [0299.180] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0299.180] recv (in: s=0x74c, buf=0x2fc92d9, len=29, flags=0 | out: buf=0x2fc92d9*) returned 29 [0299.180] DecryptMessage (in: phContext=0x32a4a04, pMessage=0x32b1418, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b1418, pfQOP=0x0) returned 0x0 [0299.181] SetEvent (hEvent=0x4a8) returned 1 [0299.181] QueryContextAttributesW (in: phContext=0x32a4a04, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0299.181] DeleteSecurityContext (phContext=0x32a4a04) returned 0x0 [0299.182] shutdown (s=0x74c, how=2) returned 0 [0299.182] closesocket (s=0x74c) returned 0 [0299.192] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743694514266) returned 1 [0299.192] SetEvent (hEvent=0x4a8) returned 1 [0299.197] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0299.198] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0299.198] WSAConnect (in: s=0x74c, name=0x32b48a8*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0299.209] closesocket (s=0x45c) returned 0 [0299.210] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32b4908, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32b4de8, pOutput=0x32b4d80, pfContextAttr=0x32b4c98, ptsExpiry=0x73ed80 | out: phNewContext=0x32b4de8, pOutput=0x32b4d80, pfContextAttr=0x32b4c98, ptsExpiry=0x73ed80) returned 0x90312 [0299.211] FreeContextBuffer (in: pvContextBuffer=0x5726a68 | out: pvContextBuffer=0x5726a68) returned 0x0 [0299.211] send (s=0x74c, buf=0x32b4dfc*, len=366, flags=0) returned 366 [0299.211] recv (in: s=0x74c, buf=0x32b4dfc, len=5, flags=0 | out: buf=0x32b4dfc*) returned 5 [0299.233] recv (in: s=0x74c, buf=0x32b4e01, len=59, flags=0 | out: buf=0x32b4e01*) returned 59 [0299.233] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32b4908, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32b4ff0, Reserved2=0x0, phNewContext=0x32b4de8, pOutput=0x32b5004, pfContextAttr=0x32b4c98, ptsExpiry=0x73ecdc | out: phNewContext=0x32b4de8, pOutput=0x32b5004, pfContextAttr=0x32b4c98, ptsExpiry=0x73ecdc) returned 0x90312 [0299.233] recv (in: s=0x74c, buf=0x32b5094, len=5, flags=0 | out: buf=0x32b5094*) returned 5 [0299.233] recv (in: s=0x74c, buf=0x32b50ad, len=1, flags=0 | out: buf=0x32b50ad*) returned 1 [0299.234] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32b4908, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32b5120, Reserved2=0x0, phNewContext=0x32b4de8, pOutput=0x32b5134, pfContextAttr=0x32b4c98, ptsExpiry=0x73ec3c | out: phNewContext=0x32b4de8, pOutput=0x32b5134, pfContextAttr=0x32b4c98, ptsExpiry=0x73ec3c) returned 0x90312 [0299.234] recv (in: s=0x74c, buf=0x32b51c4, len=5, flags=0 | out: buf=0x32b51c4*) returned 5 [0299.234] recv (in: s=0x74c, buf=0x32b51dd, len=40, flags=0 | out: buf=0x32b51dd*) returned 40 [0299.234] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32b4908, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32b5278, Reserved2=0x0, phNewContext=0x32b4de8, pOutput=0x32b528c, pfContextAttr=0x32b4c98, ptsExpiry=0x73eb9c | out: phNewContext=0x32b4de8, pOutput=0x32b528c, pfContextAttr=0x32b4c98, ptsExpiry=0x73eb9c) returned 0x0 [0299.238] FreeContextBuffer (in: pvContextBuffer=0x9de9e8 | out: pvContextBuffer=0x9de9e8) returned 0x0 [0299.238] QueryContextAttributesW (in: phContext=0x32b4de8, ulAttribute=0x4, pBuffer=0x32b535c | out: pBuffer=0x32b535c) returned 0x0 [0299.238] QueryContextAttributesW (in: phContext=0x32b4de8, ulAttribute=0x5a, pBuffer=0x32b5398 | out: pBuffer=0x32b5398) returned 0x0 [0299.238] QueryContextAttributesW (in: phContext=0x32b4de8, ulAttribute=0x53, pBuffer=0x32b53e4 | out: pBuffer=0x32b53e4) returned 0x0 [0299.238] CertDuplicateCertificateContext (pCertContext=0x9df198) returned 0x9df198 [0299.239] CertDuplicateStore (hCertStore=0x92fcf8) returned 0x92fcf8 [0299.239] CertEnumCertificatesInStore (hCertStore=0x92fcf8, pPrevCertContext=0x0) returned 0x9df3c8 [0299.239] CertDuplicateCertificateContext (pCertContext=0x9df3c8) returned 0x9df3c8 [0299.239] CertEnumCertificatesInStore (hCertStore=0x92fcf8, pPrevCertContext=0x9df3c8) returned 0x9df198 [0299.240] CertDuplicateCertificateContext (pCertContext=0x9df198) returned 0x9df198 [0299.240] CertEnumCertificatesInStore (hCertStore=0x92fcf8, pPrevCertContext=0x9df198) returned 0x0 [0299.240] CertCloseStore (hCertStore=0x92fcf8, dwFlags=0x0) returned 1 [0299.240] CertFreeCRLContext (pCrlContext=0x9df198) returned 1 [0299.241] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x92f848 [0299.241] CertAddCRLLinkToStore (in: hCertStore=0x92f848, pCrlContext=0x9df3c8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0299.241] CertAddCRLLinkToStore (in: hCertStore=0x92f848, pCrlContext=0x9df198, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0299.242] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9ca960 [0299.242] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9df198, pTime=0x73ebb0, hAdditionalStore=0x92f848, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0299.242] LocalFree (hMem=0x9ca960) returned 0x0 [0299.243] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0299.243] CertDuplicateCertificateContext (pCertContext=0x9df198) returned 0x9df198 [0299.244] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0299.244] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0299.244] CertFreeCertificateChain (pChainContext=0x9dd700) [0299.244] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0299.244] SetLastError (dwErrCode=0x0) [0299.244] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0299.245] CertFreeCertificateChain (pChainContext=0x9dd700) [0299.245] CertFreeCRLContext (pCrlContext=0x9df198) returned 1 [0299.245] EncryptMessage (in: phContext=0x32b4de8, fQOP=0x0, pMessage=0x32b6b14, MessageSeqNo=0x0 | out: pMessage=0x32b6b14) returned 0x0 [0299.246] CoTaskMemAlloc (cb=0x10) returned 0x9f39a8 [0299.246] WSASend (in: s=0x74c, lpBuffers=0x9f39a8*=((len=0x33, buf=0x32b5308*), (len=0x4f, buf=0x32b6a30*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0299.246] CoTaskMemFree (pv=0x9f39a8) [0299.246] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0299.246] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0299.268] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0299.268] DecryptMessage (in: phContext=0x32b4de8, pMessage=0x32b6c90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b6c90, pfQOP=0x0) returned 0x0 [0299.269] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0299.269] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0299.269] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0299.270] DecryptMessage (in: phContext=0x32b4de8, pMessage=0x32b8724, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b8724, pfQOP=0x0) returned 0x0 [0299.270] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0299.270] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0299.270] DecryptMessage (in: phContext=0x32b4de8, pMessage=0x32b9528, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b9528, pfQOP=0x0) returned 0x0 [0299.270] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0299.271] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0299.271] DecryptMessage (in: phContext=0x32b4de8, pMessage=0x32ba770, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ba770, pfQOP=0x0) returned 0x0 [0299.271] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0299.271] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0299.271] DecryptMessage (in: phContext=0x32b4de8, pMessage=0x32ba884, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ba884, pfQOP=0x0) returned 0x0 [0299.272] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0299.272] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0299.272] DecryptMessage (in: phContext=0x32b4de8, pMessage=0x32bcbe8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32bcbe8, pfQOP=0x0) returned 0x0 [0299.272] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0299.272] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0299.272] DecryptMessage (in: phContext=0x32b4de8, pMessage=0x32bccfc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32bccfc, pfQOP=0x0) returned 0x0 [0299.272] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0299.273] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0299.273] DecryptMessage (in: phContext=0x32b4de8, pMessage=0x32bce10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32bce10, pfQOP=0x0) returned 0x0 [0299.274] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0299.274] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0299.274] DecryptMessage (in: phContext=0x32b4de8, pMessage=0x32c13ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c13ac, pfQOP=0x0) returned 0x0 [0299.274] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0299.274] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0299.275] DecryptMessage (in: phContext=0x32b4de8, pMessage=0x32c14c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c14c0, pfQOP=0x0) returned 0x0 [0299.275] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0299.275] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0299.275] DecryptMessage (in: phContext=0x32b4de8, pMessage=0x32c15d4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c15d4, pfQOP=0x0) returned 0x0 [0299.275] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0299.275] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0299.275] DecryptMessage (in: phContext=0x32b4de8, pMessage=0x32c16e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c16e8, pfQOP=0x0) returned 0x0 [0299.275] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0299.276] recv (in: s=0x74c, buf=0x2fe1429, len=51, flags=0 | out: buf=0x2fe1429*) returned 51 [0299.276] DecryptMessage (in: phContext=0x32b4de8, pMessage=0x32c17fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c17fc, pfQOP=0x0) returned 0x0 [0299.276] SetEvent (hEvent=0x4a8) returned 1 [0299.276] QueryContextAttributesW (in: phContext=0x32b4de8, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0299.276] DeleteSecurityContext (phContext=0x32b4de8) returned 0x0 [0299.280] shutdown (s=0x74c, how=2) returned 0 [0299.281] closesocket (s=0x74c) returned 0 [0299.287] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743704029203) returned 1 [0299.290] SetEvent (hEvent=0x4a8) returned 1 [0299.292] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0299.293] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0299.293] WSAConnect (in: s=0x74c, name=0x32c4c80*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0299.303] closesocket (s=0x45c) returned 0 [0299.305] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32c4ce0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32c51cc, pOutput=0x32c5164, pfContextAttr=0x32c507c, ptsExpiry=0x73ed80 | out: phNewContext=0x32c51cc, pOutput=0x32c5164, pfContextAttr=0x32c507c, ptsExpiry=0x73ed80) returned 0x90312 [0299.306] FreeContextBuffer (in: pvContextBuffer=0x5726448 | out: pvContextBuffer=0x5726448) returned 0x0 [0299.306] send (s=0x74c, buf=0x32c51e0*, len=366, flags=0) returned 366 [0299.307] recv (in: s=0x74c, buf=0x32c51e0, len=5, flags=0 | out: buf=0x32c51e0*) returned 5 [0299.351] recv (in: s=0x74c, buf=0x32c51e5, len=59, flags=0 | out: buf=0x32c51e5*) returned 59 [0299.351] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32c4ce0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32c53d4, Reserved2=0x0, phNewContext=0x32c51cc, pOutput=0x32c53e8, pfContextAttr=0x32c507c, ptsExpiry=0x73ecdc | out: phNewContext=0x32c51cc, pOutput=0x32c53e8, pfContextAttr=0x32c507c, ptsExpiry=0x73ecdc) returned 0x90312 [0299.352] recv (in: s=0x74c, buf=0x32c5478, len=5, flags=0 | out: buf=0x32c5478*) returned 5 [0299.352] recv (in: s=0x74c, buf=0x32c5491, len=1, flags=0 | out: buf=0x32c5491*) returned 1 [0299.352] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32c4ce0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32c5504, Reserved2=0x0, phNewContext=0x32c51cc, pOutput=0x32c5518, pfContextAttr=0x32c507c, ptsExpiry=0x73ec3c | out: phNewContext=0x32c51cc, pOutput=0x32c5518, pfContextAttr=0x32c507c, ptsExpiry=0x73ec3c) returned 0x90312 [0299.352] recv (in: s=0x74c, buf=0x32c55a8, len=5, flags=0 | out: buf=0x32c55a8*) returned 5 [0299.353] recv (in: s=0x74c, buf=0x32c55c1, len=40, flags=0 | out: buf=0x32c55c1*) returned 40 [0299.353] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32c4ce0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32c565c, Reserved2=0x0, phNewContext=0x32c51cc, pOutput=0x32c5670, pfContextAttr=0x32c507c, ptsExpiry=0x73eb9c | out: phNewContext=0x32c51cc, pOutput=0x32c5670, pfContextAttr=0x32c507c, ptsExpiry=0x73eb9c) returned 0x0 [0299.424] FreeContextBuffer (in: pvContextBuffer=0x9de9e8 | out: pvContextBuffer=0x9de9e8) returned 0x0 [0299.424] QueryContextAttributesW (in: phContext=0x32c51cc, ulAttribute=0x4, pBuffer=0x32c5740 | out: pBuffer=0x32c5740) returned 0x0 [0299.425] QueryContextAttributesW (in: phContext=0x32c51cc, ulAttribute=0x5a, pBuffer=0x32c577c | out: pBuffer=0x32c577c) returned 0x0 [0299.429] QueryContextAttributesW (in: phContext=0x32c51cc, ulAttribute=0x53, pBuffer=0x32c57c8 | out: pBuffer=0x32c57c8) returned 0x0 [0299.430] CertDuplicateCertificateContext (pCertContext=0x9df058) returned 0x9df058 [0299.431] CertDuplicateStore (hCertStore=0x92fc08) returned 0x92fc08 [0299.431] CertEnumCertificatesInStore (hCertStore=0x92fc08, pPrevCertContext=0x0) returned 0x9df0f8 [0299.431] CertDuplicateCertificateContext (pCertContext=0x9df0f8) returned 0x9df0f8 [0299.431] CertEnumCertificatesInStore (hCertStore=0x92fc08, pPrevCertContext=0x9df0f8) returned 0x9df058 [0299.432] CertDuplicateCertificateContext (pCertContext=0x9df058) returned 0x9df058 [0299.432] CertEnumCertificatesInStore (hCertStore=0x92fc08, pPrevCertContext=0x9df058) returned 0x0 [0299.432] CertCloseStore (hCertStore=0x92fc08, dwFlags=0x0) returned 1 [0299.432] CertFreeCRLContext (pCrlContext=0x9df058) returned 1 [0299.433] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x92fc80 [0299.433] CertAddCRLLinkToStore (in: hCertStore=0x92fc80, pCrlContext=0x9df0f8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0299.434] CertAddCRLLinkToStore (in: hCertStore=0x92fc80, pCrlContext=0x9df058, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0299.434] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9caa40 [0299.435] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9df058, pTime=0x73ebb0, hAdditionalStore=0x92fc80, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0299.435] LocalFree (hMem=0x9caa40) returned 0x0 [0299.435] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0299.436] CertDuplicateCertificateContext (pCertContext=0x9df058) returned 0x9df058 [0299.436] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0299.437] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0299.437] CertFreeCertificateChain (pChainContext=0x9dd700) [0299.437] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0299.437] SetLastError (dwErrCode=0x0) [0299.437] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0299.437] CertFreeCertificateChain (pChainContext=0x9dd700) [0299.438] CertFreeCRLContext (pCrlContext=0x9df058) returned 1 [0299.438] EncryptMessage (in: phContext=0x32c51cc, fQOP=0x0, pMessage=0x32c6ef8, MessageSeqNo=0x0 | out: pMessage=0x32c6ef8) returned 0x0 [0299.438] CoTaskMemAlloc (cb=0x10) returned 0x9f39a8 [0299.439] WSASend (in: s=0x74c, lpBuffers=0x9f39a8*=((len=0x33, buf=0x32c56ec*), (len=0x4f, buf=0x32c6e14*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0299.439] CoTaskMemFree (pv=0x9f39a8) [0299.440] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0299.440] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0299.850] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0299.850] DecryptMessage (in: phContext=0x32c51cc, pMessage=0x32c7074, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c7074, pfQOP=0x0) returned 0x0 [0299.850] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0299.851] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0299.851] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0299.851] DecryptMessage (in: phContext=0x32c51cc, pMessage=0x32c8afc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c8afc, pfQOP=0x0) returned 0x0 [0299.851] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0299.851] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0299.852] DecryptMessage (in: phContext=0x32c51cc, pMessage=0x32c990c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c990c, pfQOP=0x0) returned 0x0 [0299.852] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0299.852] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0299.852] DecryptMessage (in: phContext=0x32c51cc, pMessage=0x32cab48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32cab48, pfQOP=0x0) returned 0x0 [0299.852] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0299.852] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0299.852] DecryptMessage (in: phContext=0x32c51cc, pMessage=0x32cac5c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32cac5c, pfQOP=0x0) returned 0x0 [0299.853] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0299.853] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0299.853] DecryptMessage (in: phContext=0x32c51cc, pMessage=0x32ccfc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ccfc0, pfQOP=0x0) returned 0x0 [0299.854] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0299.854] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0299.854] DecryptMessage (in: phContext=0x32c51cc, pMessage=0x32cd0e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32cd0e0, pfQOP=0x0) returned 0x0 [0299.854] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0299.854] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0299.854] DecryptMessage (in: phContext=0x32c51cc, pMessage=0x32cd1f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32cd1f4, pfQOP=0x0) returned 0x0 [0299.856] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0299.856] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0299.856] DecryptMessage (in: phContext=0x32c51cc, pMessage=0x32d1790, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d1790, pfQOP=0x0) returned 0x0 [0299.856] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0299.856] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0299.856] DecryptMessage (in: phContext=0x32c51cc, pMessage=0x32d18a4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d18a4, pfQOP=0x0) returned 0x0 [0299.856] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0299.856] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0299.857] DecryptMessage (in: phContext=0x32c51cc, pMessage=0x32d19b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d19b8, pfQOP=0x0) returned 0x0 [0299.857] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0299.857] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0299.857] DecryptMessage (in: phContext=0x32c51cc, pMessage=0x32d1acc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d1acc, pfQOP=0x0) returned 0x0 [0299.857] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0299.857] recv (in: s=0x74c, buf=0x2fc1269, len=29, flags=0 | out: buf=0x2fc1269*) returned 29 [0299.857] DecryptMessage (in: phContext=0x32c51cc, pMessage=0x32d1be0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d1be0, pfQOP=0x0) returned 0x0 [0299.858] SetEvent (hEvent=0x4a8) returned 1 [0299.858] QueryContextAttributesW (in: phContext=0x32c51cc, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0299.859] DeleteSecurityContext (phContext=0x32c51cc) returned 0x0 [0299.860] shutdown (s=0x74c, how=2) returned 0 [0299.860] closesocket (s=0x74c) returned 0 [0299.870] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743762357324) returned 1 [0299.871] SetEvent (hEvent=0x4a8) returned 1 [0299.874] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0299.875] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0299.876] WSAConnect (in: s=0x74c, name=0x32d5018*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0299.887] closesocket (s=0x45c) returned 0 [0299.889] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32d5078, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32d5564, pOutput=0x32d54fc, pfContextAttr=0x32d5408, ptsExpiry=0x73ed80 | out: phNewContext=0x32d5564, pOutput=0x32d54fc, pfContextAttr=0x32d5408, ptsExpiry=0x73ed80) returned 0x90312 [0299.889] FreeContextBuffer (in: pvContextBuffer=0x5726138 | out: pvContextBuffer=0x5726138) returned 0x0 [0299.890] send (s=0x74c, buf=0x32d5578*, len=366, flags=0) returned 366 [0299.890] recv (in: s=0x74c, buf=0x32d5578, len=5, flags=0 | out: buf=0x32d5578*) returned 5 [0299.899] recv (in: s=0x74c, buf=0x32d557d, len=59, flags=0 | out: buf=0x32d557d*) returned 59 [0299.900] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32d5078, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32d576c, Reserved2=0x0, phNewContext=0x32d5564, pOutput=0x32d5780, pfContextAttr=0x32d5408, ptsExpiry=0x73ecdc | out: phNewContext=0x32d5564, pOutput=0x32d5780, pfContextAttr=0x32d5408, ptsExpiry=0x73ecdc) returned 0x90312 [0299.900] recv (in: s=0x74c, buf=0x32d5810, len=5, flags=0 | out: buf=0x32d5810*) returned 5 [0299.901] recv (in: s=0x74c, buf=0x32d5829, len=1, flags=0 | out: buf=0x32d5829*) returned 1 [0299.901] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32d5078, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32d589c, Reserved2=0x0, phNewContext=0x32d5564, pOutput=0x32d58b0, pfContextAttr=0x32d5408, ptsExpiry=0x73ec3c | out: phNewContext=0x32d5564, pOutput=0x32d58b0, pfContextAttr=0x32d5408, ptsExpiry=0x73ec3c) returned 0x90312 [0299.901] recv (in: s=0x74c, buf=0x32d5940, len=5, flags=0 | out: buf=0x32d5940*) returned 5 [0299.901] recv (in: s=0x74c, buf=0x32d5959, len=40, flags=0 | out: buf=0x32d5959*) returned 40 [0299.902] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32d5078, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32d59f4, Reserved2=0x0, phNewContext=0x32d5564, pOutput=0x32d5a08, pfContextAttr=0x32d5408, ptsExpiry=0x73eb9c | out: phNewContext=0x32d5564, pOutput=0x32d5a08, pfContextAttr=0x32d5408, ptsExpiry=0x73eb9c) returned 0x0 [0299.903] FreeContextBuffer (in: pvContextBuffer=0x9df1b8 | out: pvContextBuffer=0x9df1b8) returned 0x0 [0299.903] QueryContextAttributesW (in: phContext=0x32d5564, ulAttribute=0x4, pBuffer=0x32d5ad8 | out: pBuffer=0x32d5ad8) returned 0x0 [0299.903] QueryContextAttributesW (in: phContext=0x32d5564, ulAttribute=0x5a, pBuffer=0x32d5b14 | out: pBuffer=0x32d5b14) returned 0x0 [0299.904] QueryContextAttributesW (in: phContext=0x32d5564, ulAttribute=0x53, pBuffer=0x32d5b60 | out: pBuffer=0x32d5b60) returned 0x0 [0299.904] CertDuplicateCertificateContext (pCertContext=0x9df1e8) returned 0x9df1e8 [0299.905] CertDuplicateStore (hCertStore=0x92f9b0) returned 0x92f9b0 [0299.905] CertEnumCertificatesInStore (hCertStore=0x92f9b0, pPrevCertContext=0x0) returned 0x9df288 [0299.905] CertDuplicateCertificateContext (pCertContext=0x9df288) returned 0x9df288 [0299.905] CertEnumCertificatesInStore (hCertStore=0x92f9b0, pPrevCertContext=0x9df288) returned 0x9df1e8 [0299.906] CertDuplicateCertificateContext (pCertContext=0x9df1e8) returned 0x9df1e8 [0299.906] CertEnumCertificatesInStore (hCertStore=0x92f9b0, pPrevCertContext=0x9df1e8) returned 0x0 [0299.906] CertCloseStore (hCertStore=0x92f9b0, dwFlags=0x0) returned 1 [0299.906] CertFreeCRLContext (pCrlContext=0x9df1e8) returned 1 [0299.907] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x92f8c0 [0299.907] CertAddCRLLinkToStore (in: hCertStore=0x92f8c0, pCrlContext=0x9df288, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0299.907] CertAddCRLLinkToStore (in: hCertStore=0x92f8c0, pCrlContext=0x9df1e8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0299.908] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9caa60 [0299.908] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9df1e8, pTime=0x73ebb0, hAdditionalStore=0x92f8c0, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0299.908] LocalFree (hMem=0x9caa60) returned 0x0 [0299.908] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0299.909] CertDuplicateCertificateContext (pCertContext=0x9df1e8) returned 0x9df1e8 [0299.910] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0299.910] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0299.910] CertFreeCertificateChain (pChainContext=0x9dd700) [0299.910] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0299.912] SetLastError (dwErrCode=0x0) [0299.913] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0299.913] CertFreeCertificateChain (pChainContext=0x9dd700) [0299.913] CertFreeCRLContext (pCrlContext=0x9df1e8) returned 1 [0299.913] EncryptMessage (in: phContext=0x32d5564, fQOP=0x0, pMessage=0x32d7284, MessageSeqNo=0x0 | out: pMessage=0x32d7284) returned 0x0 [0299.914] CoTaskMemAlloc (cb=0x10) returned 0x9f39d8 [0299.914] WSASend (in: s=0x74c, lpBuffers=0x9f39d8*=((len=0x33, buf=0x32d5a84*), (len=0x4f, buf=0x32d71a0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0299.914] CoTaskMemFree (pv=0x9f39d8) [0299.914] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0299.914] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0299.932] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0299.932] DecryptMessage (in: phContext=0x32d5564, pMessage=0x32d7400, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d7400, pfQOP=0x0) returned 0x0 [0299.932] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0299.933] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0299.933] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0299.933] DecryptMessage (in: phContext=0x32d5564, pMessage=0x32d8e94, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d8e94, pfQOP=0x0) returned 0x0 [0299.933] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0299.934] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0299.934] DecryptMessage (in: phContext=0x32d5564, pMessage=0x32d9ca4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d9ca4, pfQOP=0x0) returned 0x0 [0299.934] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0299.934] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0299.934] DecryptMessage (in: phContext=0x32d5564, pMessage=0x32daee0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32daee0, pfQOP=0x0) returned 0x0 [0299.934] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0299.934] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0299.935] DecryptMessage (in: phContext=0x32d5564, pMessage=0x32daff4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32daff4, pfQOP=0x0) returned 0x0 [0299.935] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0299.935] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0299.935] DecryptMessage (in: phContext=0x32d5564, pMessage=0x32dd358, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32dd358, pfQOP=0x0) returned 0x0 [0299.936] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0299.936] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0299.936] DecryptMessage (in: phContext=0x32d5564, pMessage=0x32dd46c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32dd46c, pfQOP=0x0) returned 0x0 [0299.936] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0299.936] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0299.936] DecryptMessage (in: phContext=0x32d5564, pMessage=0x32dd580, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32dd580, pfQOP=0x0) returned 0x0 [0299.937] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0299.937] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0299.937] DecryptMessage (in: phContext=0x32d5564, pMessage=0x32e1b1c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e1b1c, pfQOP=0x0) returned 0x0 [0299.937] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0299.938] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0299.938] DecryptMessage (in: phContext=0x32d5564, pMessage=0x32e1c3c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e1c3c, pfQOP=0x0) returned 0x0 [0299.938] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0299.938] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0299.938] DecryptMessage (in: phContext=0x32d5564, pMessage=0x32e1d50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e1d50, pfQOP=0x0) returned 0x0 [0299.938] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0299.938] recv (in: s=0x74c, buf=0x2fdd3f1, len=1393, flags=0 | out: buf=0x2fdd3f1*) returned 1393 [0299.938] DecryptMessage (in: phContext=0x32d5564, pMessage=0x32e1e64, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e1e64, pfQOP=0x0) returned 0x0 [0299.939] recv (in: s=0x74c, buf=0x2fdd3ec, len=5, flags=0 | out: buf=0x2fdd3ec*) returned 5 [0299.939] recv (in: s=0x74c, buf=0x2fdd3f1, len=51, flags=0 | out: buf=0x2fdd3f1*) returned 51 [0299.940] DecryptMessage (in: phContext=0x32d5564, pMessage=0x32e1f78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e1f78, pfQOP=0x0) returned 0x0 [0299.940] SetEvent (hEvent=0x4a8) returned 1 [0299.940] QueryContextAttributesW (in: phContext=0x32d5564, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0299.945] DeleteSecurityContext (phContext=0x32d5564) returned 0x0 [0299.945] shutdown (s=0x74c, how=2) returned 0 [0299.946] closesocket (s=0x74c) returned 0 [0299.951] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743770423045) returned 1 [0299.980] SetEvent (hEvent=0x4a8) returned 1 [0299.982] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0299.982] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0299.983] WSAConnect (in: s=0x74c, name=0x32e53d0*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0299.998] closesocket (s=0x45c) returned 0 [0299.999] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32e541c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32e58fc, pOutput=0x32e5894, pfContextAttr=0x32e57ac, ptsExpiry=0x73ed80 | out: phNewContext=0x32e58fc, pOutput=0x32e5894, pfContextAttr=0x32e57ac, ptsExpiry=0x73ed80) returned 0x90312 [0299.999] FreeContextBuffer (in: pvContextBuffer=0x57262c0 | out: pvContextBuffer=0x57262c0) returned 0x0 [0299.999] send (s=0x74c, buf=0x32e5910*, len=366, flags=0) returned 366 [0300.000] recv (in: s=0x74c, buf=0x32e5910, len=5, flags=0 | out: buf=0x32e5910*) returned 5 [0300.008] recv (in: s=0x74c, buf=0x32e5915, len=59, flags=0 | out: buf=0x32e5915*) returned 59 [0300.009] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32e541c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32e5b04, Reserved2=0x0, phNewContext=0x32e58fc, pOutput=0x32e5b18, pfContextAttr=0x32e57ac, ptsExpiry=0x73ecdc | out: phNewContext=0x32e58fc, pOutput=0x32e5b18, pfContextAttr=0x32e57ac, ptsExpiry=0x73ecdc) returned 0x90312 [0300.009] recv (in: s=0x74c, buf=0x32e5ba8, len=5, flags=0 | out: buf=0x32e5ba8*) returned 5 [0300.009] recv (in: s=0x74c, buf=0x32e5bc1, len=1, flags=0 | out: buf=0x32e5bc1*) returned 1 [0300.009] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32e541c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32e5c34, Reserved2=0x0, phNewContext=0x32e58fc, pOutput=0x32e5c48, pfContextAttr=0x32e57ac, ptsExpiry=0x73ec3c | out: phNewContext=0x32e58fc, pOutput=0x32e5c48, pfContextAttr=0x32e57ac, ptsExpiry=0x73ec3c) returned 0x90312 [0300.010] recv (in: s=0x74c, buf=0x32e5cd8, len=5, flags=0 | out: buf=0x32e5cd8*) returned 5 [0300.010] recv (in: s=0x74c, buf=0x32e5cf1, len=40, flags=0 | out: buf=0x32e5cf1*) returned 40 [0300.010] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32e541c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32e5d8c, Reserved2=0x0, phNewContext=0x32e58fc, pOutput=0x32e5da0, pfContextAttr=0x32e57ac, ptsExpiry=0x73eb9c | out: phNewContext=0x32e58fc, pOutput=0x32e5da0, pfContextAttr=0x32e57ac, ptsExpiry=0x73eb9c) returned 0x0 [0300.011] FreeContextBuffer (in: pvContextBuffer=0x571e2c8 | out: pvContextBuffer=0x571e2c8) returned 0x0 [0300.011] QueryContextAttributesW (in: phContext=0x32e58fc, ulAttribute=0x4, pBuffer=0x32e5e70 | out: pBuffer=0x32e5e70) returned 0x0 [0300.011] QueryContextAttributesW (in: phContext=0x32e58fc, ulAttribute=0x5a, pBuffer=0x32e5eac | out: pBuffer=0x32e5eac) returned 0x0 [0300.011] QueryContextAttributesW (in: phContext=0x32e58fc, ulAttribute=0x53, pBuffer=0x32e5ef8 | out: pBuffer=0x32e5ef8) returned 0x0 [0300.012] CertDuplicateCertificateContext (pCertContext=0x571dc68) returned 0x571dc68 [0300.012] CertDuplicateStore (hCertStore=0x92fd70) returned 0x92fd70 [0300.013] CertEnumCertificatesInStore (hCertStore=0x92fd70, pPrevCertContext=0x0) returned 0x571e2a8 [0300.013] CertDuplicateCertificateContext (pCertContext=0x571e2a8) returned 0x571e2a8 [0300.013] CertEnumCertificatesInStore (hCertStore=0x92fd70, pPrevCertContext=0x571e2a8) returned 0x571dc68 [0300.014] CertDuplicateCertificateContext (pCertContext=0x571dc68) returned 0x571dc68 [0300.014] CertEnumCertificatesInStore (hCertStore=0x92fd70, pPrevCertContext=0x571dc68) returned 0x0 [0300.014] CertCloseStore (hCertStore=0x92fd70, dwFlags=0x0) returned 1 [0300.014] CertFreeCRLContext (pCrlContext=0x571dc68) returned 1 [0300.014] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x92fa28 [0300.015] CertAddCRLLinkToStore (in: hCertStore=0x92fa28, pCrlContext=0x571e2a8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.015] CertAddCRLLinkToStore (in: hCertStore=0x92fa28, pCrlContext=0x571dc68, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.015] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9cab20 [0300.016] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571dc68, pTime=0x73ebb0, hAdditionalStore=0x92fa28, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0300.016] LocalFree (hMem=0x9cab20) returned 0x0 [0300.016] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0300.017] CertDuplicateCertificateContext (pCertContext=0x571dc68) returned 0x571dc68 [0300.017] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0300.018] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0300.018] CertFreeCertificateChain (pChainContext=0x9dd700) [0300.018] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0300.018] SetLastError (dwErrCode=0x0) [0300.018] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0300.018] CertFreeCertificateChain (pChainContext=0x9dd700) [0300.018] CertFreeCRLContext (pCrlContext=0x571dc68) returned 1 [0300.024] EncryptMessage (in: phContext=0x32e58fc, fQOP=0x0, pMessage=0x32e7628, MessageSeqNo=0x0 | out: pMessage=0x32e7628) returned 0x0 [0300.024] CoTaskMemAlloc (cb=0x10) returned 0x9f3ac8 [0300.024] WSASend (in: s=0x74c, lpBuffers=0x9f3ac8*=((len=0x33, buf=0x32e5e1c*), (len=0x4f, buf=0x32e7544*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0300.025] CoTaskMemFree (pv=0x9f3ac8) [0300.025] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0300.025] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0300.044] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0300.044] DecryptMessage (in: phContext=0x32e58fc, pMessage=0x32e77a4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e77a4, pfQOP=0x0) returned 0x0 [0300.045] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0300.045] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0300.045] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0300.045] DecryptMessage (in: phContext=0x32e58fc, pMessage=0x32e9238, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e9238, pfQOP=0x0) returned 0x0 [0300.046] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0300.046] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0300.046] DecryptMessage (in: phContext=0x32e58fc, pMessage=0x32ea048, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ea048, pfQOP=0x0) returned 0x0 [0300.046] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0300.046] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0300.047] DecryptMessage (in: phContext=0x32e58fc, pMessage=0x32eb284, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32eb284, pfQOP=0x0) returned 0x0 [0300.047] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0300.047] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0300.047] DecryptMessage (in: phContext=0x32e58fc, pMessage=0x32eb398, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32eb398, pfQOP=0x0) returned 0x0 [0300.048] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0300.048] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0300.048] DecryptMessage (in: phContext=0x32e58fc, pMessage=0x32ed6fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ed6fc, pfQOP=0x0) returned 0x0 [0300.048] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0300.048] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0300.048] DecryptMessage (in: phContext=0x32e58fc, pMessage=0x32ed810, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ed810, pfQOP=0x0) returned 0x0 [0300.048] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0300.048] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0300.049] DecryptMessage (in: phContext=0x32e58fc, pMessage=0x32ed924, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ed924, pfQOP=0x0) returned 0x0 [0300.051] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0300.051] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0300.052] DecryptMessage (in: phContext=0x32e58fc, pMessage=0x32f1ec0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f1ec0, pfQOP=0x0) returned 0x0 [0300.052] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0300.052] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0300.052] DecryptMessage (in: phContext=0x32e58fc, pMessage=0x32f1fd4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f1fd4, pfQOP=0x0) returned 0x0 [0300.052] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0300.052] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0300.053] DecryptMessage (in: phContext=0x32e58fc, pMessage=0x32f20e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f20e8, pfQOP=0x0) returned 0x0 [0300.053] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0300.053] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0300.053] DecryptMessage (in: phContext=0x32e58fc, pMessage=0x32f21fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f21fc, pfQOP=0x0) returned 0x0 [0300.053] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0300.053] recv (in: s=0x74c, buf=0x2f8a0a1, len=28, flags=0 | out: buf=0x2f8a0a1*) returned 28 [0300.053] DecryptMessage (in: phContext=0x32e58fc, pMessage=0x32f2310, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f2310, pfQOP=0x0) returned 0x0 [0300.054] SetEvent (hEvent=0x4a8) returned 1 [0300.054] QueryContextAttributesW (in: phContext=0x32e58fc, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0300.054] DeleteSecurityContext (phContext=0x32e58fc) returned 0x0 [0300.055] shutdown (s=0x74c, how=2) returned 0 [0300.056] closesocket (s=0x74c) returned 0 [0300.063] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743781634125) returned 1 [0300.063] SetEvent (hEvent=0x4a8) returned 1 [0300.065] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0300.067] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0300.067] WSAConnect (in: s=0x74c, name=0x32f5768*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0300.077] closesocket (s=0x45c) returned 0 [0300.078] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32f57b4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32f5c94, pOutput=0x32f5c2c, pfContextAttr=0x32f5b44, ptsExpiry=0x73ed80 | out: phNewContext=0x32f5c94, pOutput=0x32f5c2c, pfContextAttr=0x32f5b44, ptsExpiry=0x73ed80) returned 0x90312 [0300.078] FreeContextBuffer (in: pvContextBuffer=0x5725e28 | out: pvContextBuffer=0x5725e28) returned 0x0 [0300.078] send (s=0x74c, buf=0x32f5ca8*, len=366, flags=0) returned 366 [0300.079] recv (in: s=0x74c, buf=0x32f5ca8, len=5, flags=0 | out: buf=0x32f5ca8*) returned 5 [0300.087] recv (in: s=0x74c, buf=0x32f5cad, len=59, flags=0 | out: buf=0x32f5cad*) returned 59 [0300.087] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32f57b4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32f5e9c, Reserved2=0x0, phNewContext=0x32f5c94, pOutput=0x32f5eb0, pfContextAttr=0x32f5b44, ptsExpiry=0x73ecdc | out: phNewContext=0x32f5c94, pOutput=0x32f5eb0, pfContextAttr=0x32f5b44, ptsExpiry=0x73ecdc) returned 0x90312 [0300.088] recv (in: s=0x74c, buf=0x32f5f40, len=5, flags=0 | out: buf=0x32f5f40*) returned 5 [0300.088] recv (in: s=0x74c, buf=0x32f5f59, len=1, flags=0 | out: buf=0x32f5f59*) returned 1 [0300.088] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32f57b4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32f5fcc, Reserved2=0x0, phNewContext=0x32f5c94, pOutput=0x32f5fe0, pfContextAttr=0x32f5b44, ptsExpiry=0x73ec3c | out: phNewContext=0x32f5c94, pOutput=0x32f5fe0, pfContextAttr=0x32f5b44, ptsExpiry=0x73ec3c) returned 0x90312 [0300.088] recv (in: s=0x74c, buf=0x32f6070, len=5, flags=0 | out: buf=0x32f6070*) returned 5 [0300.088] recv (in: s=0x74c, buf=0x32f6089, len=40, flags=0 | out: buf=0x32f6089*) returned 40 [0300.089] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32f57b4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32f6124, Reserved2=0x0, phNewContext=0x32f5c94, pOutput=0x32f6138, pfContextAttr=0x32f5b44, ptsExpiry=0x73eb9c | out: phNewContext=0x32f5c94, pOutput=0x32f6138, pfContextAttr=0x32f5b44, ptsExpiry=0x73eb9c) returned 0x0 [0300.090] FreeContextBuffer (in: pvContextBuffer=0x571de68 | out: pvContextBuffer=0x571de68) returned 0x0 [0300.090] QueryContextAttributesW (in: phContext=0x32f5c94, ulAttribute=0x4, pBuffer=0x32f6208 | out: pBuffer=0x32f6208) returned 0x0 [0300.090] QueryContextAttributesW (in: phContext=0x32f5c94, ulAttribute=0x5a, pBuffer=0x32f6244 | out: pBuffer=0x32f6244) returned 0x0 [0300.090] QueryContextAttributesW (in: phContext=0x32f5c94, ulAttribute=0x53, pBuffer=0x32f6290 | out: pBuffer=0x32f6290) returned 0x0 [0300.091] CertDuplicateCertificateContext (pCertContext=0x571dad8) returned 0x571dad8 [0300.091] CertDuplicateStore (hCertStore=0x92fde8) returned 0x92fde8 [0300.091] CertEnumCertificatesInStore (hCertStore=0x92fde8, pPrevCertContext=0x0) returned 0x571e348 [0300.092] CertDuplicateCertificateContext (pCertContext=0x571e348) returned 0x571e348 [0300.092] CertEnumCertificatesInStore (hCertStore=0x92fde8, pPrevCertContext=0x571e348) returned 0x571dad8 [0300.092] CertDuplicateCertificateContext (pCertContext=0x571dad8) returned 0x571dad8 [0300.092] CertEnumCertificatesInStore (hCertStore=0x92fde8, pPrevCertContext=0x571dad8) returned 0x0 [0300.092] CertCloseStore (hCertStore=0x92fde8, dwFlags=0x0) returned 1 [0300.092] CertFreeCRLContext (pCrlContext=0x571dad8) returned 1 [0300.094] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x92f6e0 [0300.094] CertAddCRLLinkToStore (in: hCertStore=0x92f6e0, pCrlContext=0x571e348, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.094] CertAddCRLLinkToStore (in: hCertStore=0x92f6e0, pCrlContext=0x571dad8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.095] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9ca900 [0300.095] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571dad8, pTime=0x73ebb0, hAdditionalStore=0x92f6e0, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0300.095] LocalFree (hMem=0x9ca900) returned 0x0 [0300.095] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0300.096] CertDuplicateCertificateContext (pCertContext=0x571dad8) returned 0x571dad8 [0300.096] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0300.101] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0300.101] CertFreeCertificateChain (pChainContext=0x9dd700) [0300.101] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0300.101] SetLastError (dwErrCode=0x0) [0300.101] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0300.101] CertFreeCertificateChain (pChainContext=0x9dd700) [0300.101] CertFreeCRLContext (pCrlContext=0x571dad8) returned 1 [0300.102] EncryptMessage (in: phContext=0x32f5c94, fQOP=0x0, pMessage=0x32f79c0, MessageSeqNo=0x0 | out: pMessage=0x32f79c0) returned 0x0 [0300.102] CoTaskMemAlloc (cb=0x10) returned 0x9f3948 [0300.102] WSASend (in: s=0x74c, lpBuffers=0x9f3948*=((len=0x33, buf=0x32f61b4*), (len=0x4f, buf=0x32f78dc*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0300.103] CoTaskMemFree (pv=0x9f3948) [0300.103] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0300.103] recv (in: s=0x74c, buf=0x2f7dff4, len=5, flags=0 | out: buf=0x2f7dff4*) returned 5 [0300.119] recv (in: s=0x74c, buf=0x2f7dff9, len=1393, flags=0 | out: buf=0x2f7dff9*) returned 1393 [0300.120] DecryptMessage (in: phContext=0x32f5c94, pMessage=0x32f7b3c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f7b3c, pfQOP=0x0) returned 0x0 [0300.120] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0300.120] recv (in: s=0x74c, buf=0x2f7dff4, len=5, flags=0 | out: buf=0x2f7dff4*) returned 5 [0300.121] recv (in: s=0x74c, buf=0x2f7dff9, len=1393, flags=0 | out: buf=0x2f7dff9*) returned 1393 [0300.121] DecryptMessage (in: phContext=0x32f5c94, pMessage=0x32f95d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f95d0, pfQOP=0x0) returned 0x0 [0300.121] recv (in: s=0x74c, buf=0x2f7dff4, len=5, flags=0 | out: buf=0x2f7dff4*) returned 5 [0300.121] recv (in: s=0x74c, buf=0x2f7dff9, len=1393, flags=0 | out: buf=0x2f7dff9*) returned 1393 [0300.121] DecryptMessage (in: phContext=0x32f5c94, pMessage=0x32fa3d4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32fa3d4, pfQOP=0x0) returned 0x0 [0300.122] recv (in: s=0x74c, buf=0x2f7dff4, len=5, flags=0 | out: buf=0x2f7dff4*) returned 5 [0300.122] recv (in: s=0x74c, buf=0x2f7dff9, len=1393, flags=0 | out: buf=0x2f7dff9*) returned 1393 [0300.122] DecryptMessage (in: phContext=0x32f5c94, pMessage=0x32fb61c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32fb61c, pfQOP=0x0) returned 0x0 [0300.122] recv (in: s=0x74c, buf=0x2f7dff4, len=5, flags=0 | out: buf=0x2f7dff4*) returned 5 [0300.122] recv (in: s=0x74c, buf=0x2f7dff9, len=1393, flags=0 | out: buf=0x2f7dff9*) returned 1393 [0300.122] DecryptMessage (in: phContext=0x32f5c94, pMessage=0x32fb730, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32fb730, pfQOP=0x0) returned 0x0 [0300.123] recv (in: s=0x74c, buf=0x2f7dff4, len=5, flags=0 | out: buf=0x2f7dff4*) returned 5 [0300.123] recv (in: s=0x74c, buf=0x2f7dff9, len=1393, flags=0 | out: buf=0x2f7dff9*) returned 1393 [0300.123] DecryptMessage (in: phContext=0x32f5c94, pMessage=0x32fda94, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32fda94, pfQOP=0x0) returned 0x0 [0300.123] recv (in: s=0x74c, buf=0x2f7dff4, len=5, flags=0 | out: buf=0x2f7dff4*) returned 5 [0300.123] recv (in: s=0x74c, buf=0x2f7dff9, len=1393, flags=0 | out: buf=0x2f7dff9*) returned 1393 [0300.124] DecryptMessage (in: phContext=0x32f5c94, pMessage=0x32fdba8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32fdba8, pfQOP=0x0) returned 0x0 [0300.124] recv (in: s=0x74c, buf=0x2f7dff4, len=5, flags=0 | out: buf=0x2f7dff4*) returned 5 [0300.124] recv (in: s=0x74c, buf=0x2f7dff9, len=1393, flags=0 | out: buf=0x2f7dff9*) returned 1393 [0300.124] DecryptMessage (in: phContext=0x32f5c94, pMessage=0x32fdcbc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32fdcbc, pfQOP=0x0) returned 0x0 [0300.125] recv (in: s=0x74c, buf=0x2f7dff4, len=5, flags=0 | out: buf=0x2f7dff4*) returned 5 [0300.125] recv (in: s=0x74c, buf=0x2f7dff9, len=1393, flags=0 | out: buf=0x2f7dff9*) returned 1393 [0300.126] DecryptMessage (in: phContext=0x32f5c94, pMessage=0x3302258, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3302258, pfQOP=0x0) returned 0x0 [0300.126] recv (in: s=0x74c, buf=0x2f7dff4, len=5, flags=0 | out: buf=0x2f7dff4*) returned 5 [0300.126] recv (in: s=0x74c, buf=0x2f7dff9, len=1393, flags=0 | out: buf=0x2f7dff9*) returned 1393 [0300.126] DecryptMessage (in: phContext=0x32f5c94, pMessage=0x330236c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x330236c, pfQOP=0x0) returned 0x0 [0300.126] recv (in: s=0x74c, buf=0x2f7dff4, len=5, flags=0 | out: buf=0x2f7dff4*) returned 5 [0300.126] recv (in: s=0x74c, buf=0x2f7dff9, len=1393, flags=0 | out: buf=0x2f7dff9*) returned 1393 [0300.127] DecryptMessage (in: phContext=0x32f5c94, pMessage=0x3302480, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3302480, pfQOP=0x0) returned 0x0 [0300.127] recv (in: s=0x74c, buf=0x2f7dff4, len=5, flags=0 | out: buf=0x2f7dff4*) returned 5 [0300.127] recv (in: s=0x74c, buf=0x2f7dff9, len=1393, flags=0 | out: buf=0x2f7dff9*) returned 1393 [0300.127] DecryptMessage (in: phContext=0x32f5c94, pMessage=0x3302594, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3302594, pfQOP=0x0) returned 0x0 [0300.127] recv (in: s=0x74c, buf=0x2f7dff4, len=5, flags=0 | out: buf=0x2f7dff4*) returned 5 [0300.127] recv (in: s=0x74c, buf=0x2f7dff9, len=51, flags=0 | out: buf=0x2f7dff9*) returned 51 [0300.127] DecryptMessage (in: phContext=0x32f5c94, pMessage=0x33026a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33026a8, pfQOP=0x0) returned 0x0 [0300.128] SetEvent (hEvent=0x4a8) returned 1 [0300.129] QueryContextAttributesW (in: phContext=0x32f5c94, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0300.131] DeleteSecurityContext (phContext=0x32f5c94) returned 0x0 [0300.132] shutdown (s=0x74c, how=2) returned 0 [0300.132] closesocket (s=0x74c) returned 0 [0300.137] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743789054447) returned 1 [0300.138] SetEvent (hEvent=0x4a8) returned 1 [0300.139] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0300.140] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0300.140] WSAConnect (in: s=0x74c, name=0x3305aec*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0300.153] closesocket (s=0x45c) returned 0 [0300.156] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3305b4c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x330602c, pOutput=0x3305fc4, pfContextAttr=0x3305edc, ptsExpiry=0x73ed80 | out: phNewContext=0x330602c, pOutput=0x3305fc4, pfContextAttr=0x3305edc, ptsExpiry=0x73ed80) returned 0x90312 [0300.156] FreeContextBuffer (in: pvContextBuffer=0x5726448 | out: pvContextBuffer=0x5726448) returned 0x0 [0300.156] send (s=0x74c, buf=0x3306040*, len=366, flags=0) returned 366 [0300.157] recv (in: s=0x74c, buf=0x3306040, len=5, flags=0 | out: buf=0x3306040*) returned 5 [0300.166] recv (in: s=0x74c, buf=0x3306045, len=59, flags=0 | out: buf=0x3306045*) returned 59 [0300.166] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3305b4c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3306234, Reserved2=0x0, phNewContext=0x330602c, pOutput=0x3306248, pfContextAttr=0x3305edc, ptsExpiry=0x73ecdc | out: phNewContext=0x330602c, pOutput=0x3306248, pfContextAttr=0x3305edc, ptsExpiry=0x73ecdc) returned 0x90312 [0300.167] recv (in: s=0x74c, buf=0x33062d8, len=5, flags=0 | out: buf=0x33062d8*) returned 5 [0300.167] recv (in: s=0x74c, buf=0x33062f1, len=1, flags=0 | out: buf=0x33062f1*) returned 1 [0300.167] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3305b4c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3306364, Reserved2=0x0, phNewContext=0x330602c, pOutput=0x3306378, pfContextAttr=0x3305edc, ptsExpiry=0x73ec3c | out: phNewContext=0x330602c, pOutput=0x3306378, pfContextAttr=0x3305edc, ptsExpiry=0x73ec3c) returned 0x90312 [0300.168] recv (in: s=0x74c, buf=0x3306408, len=5, flags=0 | out: buf=0x3306408*) returned 5 [0300.168] recv (in: s=0x74c, buf=0x3306421, len=40, flags=0 | out: buf=0x3306421*) returned 40 [0300.168] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3305b4c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33064bc, Reserved2=0x0, phNewContext=0x330602c, pOutput=0x33064d0, pfContextAttr=0x3305edc, ptsExpiry=0x73eb9c | out: phNewContext=0x330602c, pOutput=0x33064d0, pfContextAttr=0x3305edc, ptsExpiry=0x73eb9c) returned 0x0 [0300.170] FreeContextBuffer (in: pvContextBuffer=0x571deb8 | out: pvContextBuffer=0x571deb8) returned 0x0 [0300.170] QueryContextAttributesW (in: phContext=0x330602c, ulAttribute=0x4, pBuffer=0x33065a0 | out: pBuffer=0x33065a0) returned 0x0 [0300.170] QueryContextAttributesW (in: phContext=0x330602c, ulAttribute=0x5a, pBuffer=0x33065dc | out: pBuffer=0x33065dc) returned 0x0 [0300.170] QueryContextAttributesW (in: phContext=0x330602c, ulAttribute=0x53, pBuffer=0x3306628 | out: pBuffer=0x3306628) returned 0x0 [0300.171] CertDuplicateCertificateContext (pCertContext=0x571e0c8) returned 0x571e0c8 [0300.171] CertDuplicateStore (hCertStore=0x92f938) returned 0x92f938 [0300.171] CertEnumCertificatesInStore (hCertStore=0x92f938, pPrevCertContext=0x0) returned 0x571de98 [0300.171] CertDuplicateCertificateContext (pCertContext=0x571de98) returned 0x571de98 [0300.172] CertEnumCertificatesInStore (hCertStore=0x92f938, pPrevCertContext=0x571de98) returned 0x571e0c8 [0300.172] CertDuplicateCertificateContext (pCertContext=0x571e0c8) returned 0x571e0c8 [0300.172] CertEnumCertificatesInStore (hCertStore=0x92f938, pPrevCertContext=0x571e0c8) returned 0x0 [0300.172] CertCloseStore (hCertStore=0x92f938, dwFlags=0x0) returned 1 [0300.172] CertFreeCRLContext (pCrlContext=0x571e0c8) returned 1 [0300.173] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x92faa0 [0300.173] CertAddCRLLinkToStore (in: hCertStore=0x92faa0, pCrlContext=0x571de98, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.173] CertAddCRLLinkToStore (in: hCertStore=0x92faa0, pCrlContext=0x571e0c8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.174] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9ca9e0 [0300.174] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e0c8, pTime=0x73ebb0, hAdditionalStore=0x92faa0, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0300.178] LocalFree (hMem=0x9ca9e0) returned 0x0 [0300.178] CertDuplicateCertificateChain (pChainContext=0x9dd700) returned 0x9dd700 [0300.179] CertDuplicateCertificateContext (pCertContext=0x571e0c8) returned 0x571e0c8 [0300.180] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0300.180] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0300.180] CertFreeCertificateChain (pChainContext=0x9dd700) [0300.180] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9dd700, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0300.180] SetLastError (dwErrCode=0x0) [0300.180] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9dd700, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0300.181] CertFreeCertificateChain (pChainContext=0x9dd700) [0300.181] CertFreeCRLContext (pCrlContext=0x571e0c8) returned 1 [0300.181] EncryptMessage (in: phContext=0x330602c, fQOP=0x0, pMessage=0x3307d58, MessageSeqNo=0x0 | out: pMessage=0x3307d58) returned 0x0 [0300.181] CoTaskMemAlloc (cb=0x10) returned 0x9f39a8 [0300.181] WSASend (in: s=0x74c, lpBuffers=0x9f39a8*=((len=0x33, buf=0x330654c*), (len=0x4f, buf=0x3307c74*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0300.220] CoTaskMemFree (pv=0x9f39a8) [0300.220] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0300.221] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0300.221] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0300.221] DecryptMessage (in: phContext=0x330602c, pMessage=0x3307ed4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3307ed4, pfQOP=0x0) returned 0x0 [0300.510] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0300.510] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0300.510] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0300.510] DecryptMessage (in: phContext=0x330602c, pMessage=0x3309968, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3309968, pfQOP=0x0) returned 0x0 [0300.511] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0300.511] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0300.511] DecryptMessage (in: phContext=0x330602c, pMessage=0x330a76c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x330a76c, pfQOP=0x0) returned 0x0 [0300.511] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0300.511] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0300.512] DecryptMessage (in: phContext=0x330602c, pMessage=0x330b9b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x330b9b4, pfQOP=0x0) returned 0x0 [0300.512] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0300.512] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0300.512] DecryptMessage (in: phContext=0x330602c, pMessage=0x330bac8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x330bac8, pfQOP=0x0) returned 0x0 [0300.512] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0300.513] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0300.513] DecryptMessage (in: phContext=0x330602c, pMessage=0x330de2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x330de2c, pfQOP=0x0) returned 0x0 [0300.513] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0300.513] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0300.513] DecryptMessage (in: phContext=0x330602c, pMessage=0x330df40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x330df40, pfQOP=0x0) returned 0x0 [0300.513] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0300.513] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0300.513] DecryptMessage (in: phContext=0x330602c, pMessage=0x330e054, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x330e054, pfQOP=0x0) returned 0x0 [0300.515] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0300.515] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0300.515] DecryptMessage (in: phContext=0x330602c, pMessage=0x33125f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33125f0, pfQOP=0x0) returned 0x0 [0300.515] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0300.517] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0300.518] DecryptMessage (in: phContext=0x330602c, pMessage=0x3312704, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3312704, pfQOP=0x0) returned 0x0 [0300.518] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0300.518] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0300.518] DecryptMessage (in: phContext=0x330602c, pMessage=0x3312818, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3312818, pfQOP=0x0) returned 0x0 [0300.518] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0300.518] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0300.518] DecryptMessage (in: phContext=0x330602c, pMessage=0x331292c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331292c, pfQOP=0x0) returned 0x0 [0300.519] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0300.519] recv (in: s=0x74c, buf=0x2f82031, len=51, flags=0 | out: buf=0x2f82031*) returned 51 [0300.519] DecryptMessage (in: phContext=0x330602c, pMessage=0x3312a40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3312a40, pfQOP=0x0) returned 0x0 [0300.520] SetEvent (hEvent=0x4a8) returned 1 [0300.520] QueryContextAttributesW (in: phContext=0x330602c, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0300.521] DeleteSecurityContext (phContext=0x330602c) returned 0x0 [0300.522] shutdown (s=0x74c, how=2) returned 0 [0300.523] closesocket (s=0x74c) returned 0 [0300.529] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743828187928) returned 1 [0300.529] SetEvent (hEvent=0x4a8) returned 1 [0300.532] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0300.533] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0300.534] WSAConnect (in: s=0x74c, name=0x3315e58*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0300.545] closesocket (s=0x45c) returned 0 [0300.546] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3315eb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3316398, pOutput=0x3316330, pfContextAttr=0x3316248, ptsExpiry=0x73ed80 | out: phNewContext=0x3316398, pOutput=0x3316330, pfContextAttr=0x3316248, ptsExpiry=0x73ed80) returned 0x90312 [0300.547] FreeContextBuffer (in: pvContextBuffer=0x5725e28 | out: pvContextBuffer=0x5725e28) returned 0x0 [0300.547] send (s=0x74c, buf=0x33163ac*, len=366, flags=0) returned 366 [0300.548] recv (in: s=0x74c, buf=0x33163ac, len=5, flags=0 | out: buf=0x33163ac*) returned 5 [0300.556] recv (in: s=0x74c, buf=0x33163b1, len=59, flags=0 | out: buf=0x33163b1*) returned 59 [0300.556] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3315eb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33165a0, Reserved2=0x0, phNewContext=0x3316398, pOutput=0x33165b4, pfContextAttr=0x3316248, ptsExpiry=0x73ecdc | out: phNewContext=0x3316398, pOutput=0x33165b4, pfContextAttr=0x3316248, ptsExpiry=0x73ecdc) returned 0x90312 [0300.557] recv (in: s=0x74c, buf=0x3316644, len=5, flags=0 | out: buf=0x3316644*) returned 5 [0300.557] recv (in: s=0x74c, buf=0x331665d, len=1, flags=0 | out: buf=0x331665d*) returned 1 [0300.557] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3315eb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33166d0, Reserved2=0x0, phNewContext=0x3316398, pOutput=0x33166e4, pfContextAttr=0x3316248, ptsExpiry=0x73ec3c | out: phNewContext=0x3316398, pOutput=0x33166e4, pfContextAttr=0x3316248, ptsExpiry=0x73ec3c) returned 0x90312 [0300.558] recv (in: s=0x74c, buf=0x3316774, len=5, flags=0 | out: buf=0x3316774*) returned 5 [0300.558] recv (in: s=0x74c, buf=0x331678d, len=40, flags=0 | out: buf=0x331678d*) returned 40 [0300.558] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3315eb8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3316828, Reserved2=0x0, phNewContext=0x3316398, pOutput=0x331683c, pfContextAttr=0x3316248, ptsExpiry=0x73eb9c | out: phNewContext=0x3316398, pOutput=0x331683c, pfContextAttr=0x3316248, ptsExpiry=0x73eb9c) returned 0x0 [0300.560] FreeContextBuffer (in: pvContextBuffer=0x571df58 | out: pvContextBuffer=0x571df58) returned 0x0 [0300.560] QueryContextAttributesW (in: phContext=0x3316398, ulAttribute=0x4, pBuffer=0x331690c | out: pBuffer=0x331690c) returned 0x0 [0300.560] QueryContextAttributesW (in: phContext=0x3316398, ulAttribute=0x5a, pBuffer=0x3316948 | out: pBuffer=0x3316948) returned 0x0 [0300.560] QueryContextAttributesW (in: phContext=0x3316398, ulAttribute=0x53, pBuffer=0x3316994 | out: pBuffer=0x3316994) returned 0x0 [0300.561] CertDuplicateCertificateContext (pCertContext=0x571da38) returned 0x571da38 [0300.561] CertDuplicateStore (hCertStore=0x92fb18) returned 0x92fb18 [0300.561] CertEnumCertificatesInStore (hCertStore=0x92fb18, pPrevCertContext=0x0) returned 0x571db28 [0300.562] CertDuplicateCertificateContext (pCertContext=0x571db28) returned 0x571db28 [0300.562] CertEnumCertificatesInStore (hCertStore=0x92fb18, pPrevCertContext=0x571db28) returned 0x571da38 [0300.562] CertDuplicateCertificateContext (pCertContext=0x571da38) returned 0x571da38 [0300.562] CertEnumCertificatesInStore (hCertStore=0x92fb18, pPrevCertContext=0x571da38) returned 0x0 [0300.562] CertCloseStore (hCertStore=0x92fb18, dwFlags=0x0) returned 1 [0300.562] CertFreeCRLContext (pCrlContext=0x571da38) returned 1 [0300.563] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x92fb90 [0300.563] CertAddCRLLinkToStore (in: hCertStore=0x92fb90, pCrlContext=0x571db28, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.564] CertAddCRLLinkToStore (in: hCertStore=0x92fb90, pCrlContext=0x571da38, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.564] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9caa60 [0300.565] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571da38, pTime=0x73ebb0, hAdditionalStore=0x92fb90, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0300.565] LocalFree (hMem=0x9caa60) returned 0x0 [0300.568] CertDuplicateCertificateChain (pChainContext=0x9e20c0) returned 0x9e20c0 [0300.569] CertDuplicateCertificateContext (pCertContext=0x571da38) returned 0x571da38 [0300.569] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0300.570] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0300.570] CertFreeCertificateChain (pChainContext=0x9e20c0) [0300.570] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e20c0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0300.570] SetLastError (dwErrCode=0x0) [0300.570] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e20c0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0300.571] CertFreeCertificateChain (pChainContext=0x9e20c0) [0300.571] CertFreeCRLContext (pCrlContext=0x571da38) returned 1 [0300.571] EncryptMessage (in: phContext=0x3316398, fQOP=0x0, pMessage=0x33180c4, MessageSeqNo=0x0 | out: pMessage=0x33180c4) returned 0x0 [0300.572] CoTaskMemAlloc (cb=0x10) returned 0x9f3a80 [0300.572] WSASend (in: s=0x74c, lpBuffers=0x9f3a80*=((len=0x33, buf=0x33168b8*), (len=0x4f, buf=0x3317fe0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0300.572] CoTaskMemFree (pv=0x9f3a80) [0300.572] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0300.572] recv (in: s=0x74c, buf=0x2fa9114, len=5, flags=0 | out: buf=0x2fa9114*) returned 5 [0300.595] recv (in: s=0x74c, buf=0x2fa9119, len=1393, flags=0 | out: buf=0x2fa9119*) returned 1393 [0300.595] DecryptMessage (in: phContext=0x3316398, pMessage=0x3318240, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3318240, pfQOP=0x0) returned 0x0 [0300.596] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0300.596] recv (in: s=0x74c, buf=0x2fa9114, len=5, flags=0 | out: buf=0x2fa9114*) returned 5 [0300.596] recv (in: s=0x74c, buf=0x2fa9119, len=1393, flags=0 | out: buf=0x2fa9119*) returned 1393 [0300.596] DecryptMessage (in: phContext=0x3316398, pMessage=0x3319cd4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3319cd4, pfQOP=0x0) returned 0x0 [0300.596] recv (in: s=0x74c, buf=0x2fa9114, len=5, flags=0 | out: buf=0x2fa9114*) returned 5 [0300.596] recv (in: s=0x74c, buf=0x2fa9119, len=1393, flags=0 | out: buf=0x2fa9119*) returned 1393 [0300.596] DecryptMessage (in: phContext=0x3316398, pMessage=0x331aad8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331aad8, pfQOP=0x0) returned 0x0 [0300.599] recv (in: s=0x74c, buf=0x2fa9114, len=5, flags=0 | out: buf=0x2fa9114*) returned 5 [0300.599] recv (in: s=0x74c, buf=0x2fa9119, len=1393, flags=0 | out: buf=0x2fa9119*) returned 1393 [0300.599] DecryptMessage (in: phContext=0x3316398, pMessage=0x331bd20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331bd20, pfQOP=0x0) returned 0x0 [0300.599] recv (in: s=0x74c, buf=0x2fa9114, len=5, flags=0 | out: buf=0x2fa9114*) returned 5 [0300.599] recv (in: s=0x74c, buf=0x2fa9119, len=1393, flags=0 | out: buf=0x2fa9119*) returned 1393 [0300.601] DecryptMessage (in: phContext=0x3316398, pMessage=0x331be34, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331be34, pfQOP=0x0) returned 0x0 [0300.601] recv (in: s=0x74c, buf=0x2fa9114, len=5, flags=0 | out: buf=0x2fa9114*) returned 5 [0300.602] recv (in: s=0x74c, buf=0x2fa9119, len=1393, flags=0 | out: buf=0x2fa9119*) returned 1393 [0300.602] DecryptMessage (in: phContext=0x3316398, pMessage=0x331e198, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331e198, pfQOP=0x0) returned 0x0 [0300.602] recv (in: s=0x74c, buf=0x2fa9114, len=5, flags=0 | out: buf=0x2fa9114*) returned 5 [0300.602] recv (in: s=0x74c, buf=0x2fa9119, len=1393, flags=0 | out: buf=0x2fa9119*) returned 1393 [0300.602] DecryptMessage (in: phContext=0x3316398, pMessage=0x331e2ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331e2ac, pfQOP=0x0) returned 0x0 [0300.602] recv (in: s=0x74c, buf=0x2fa9114, len=5, flags=0 | out: buf=0x2fa9114*) returned 5 [0300.602] recv (in: s=0x74c, buf=0x2fa9119, len=1393, flags=0 | out: buf=0x2fa9119*) returned 1393 [0300.602] DecryptMessage (in: phContext=0x3316398, pMessage=0x331e3c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331e3c0, pfQOP=0x0) returned 0x0 [0300.604] recv (in: s=0x74c, buf=0x2fa9114, len=5, flags=0 | out: buf=0x2fa9114*) returned 5 [0300.604] recv (in: s=0x74c, buf=0x2fa9119, len=1393, flags=0 | out: buf=0x2fa9119*) returned 1393 [0300.604] DecryptMessage (in: phContext=0x3316398, pMessage=0x332295c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332295c, pfQOP=0x0) returned 0x0 [0300.604] recv (in: s=0x74c, buf=0x2fa9114, len=5, flags=0 | out: buf=0x2fa9114*) returned 5 [0300.604] recv (in: s=0x74c, buf=0x2fa9119, len=1393, flags=0 | out: buf=0x2fa9119*) returned 1393 [0300.605] DecryptMessage (in: phContext=0x3316398, pMessage=0x3322a70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3322a70, pfQOP=0x0) returned 0x0 [0300.605] recv (in: s=0x74c, buf=0x2fa9114, len=5, flags=0 | out: buf=0x2fa9114*) returned 5 [0300.605] recv (in: s=0x74c, buf=0x2fa9119, len=1393, flags=0 | out: buf=0x2fa9119*) returned 1393 [0300.605] DecryptMessage (in: phContext=0x3316398, pMessage=0x3322b84, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3322b84, pfQOP=0x0) returned 0x0 [0300.605] recv (in: s=0x74c, buf=0x2fa9114, len=5, flags=0 | out: buf=0x2fa9114*) returned 5 [0300.605] recv (in: s=0x74c, buf=0x2fa9119, len=1393, flags=0 | out: buf=0x2fa9119*) returned 1393 [0300.605] DecryptMessage (in: phContext=0x3316398, pMessage=0x3322c98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3322c98, pfQOP=0x0) returned 0x0 [0300.606] recv (in: s=0x74c, buf=0x2fa9114, len=5, flags=0 | out: buf=0x2fa9114*) returned 5 [0300.606] recv (in: s=0x74c, buf=0x2fa9119, len=51, flags=0 | out: buf=0x2fa9119*) returned 51 [0300.606] DecryptMessage (in: phContext=0x3316398, pMessage=0x3322dac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3322dac, pfQOP=0x0) returned 0x0 [0300.606] SetEvent (hEvent=0x4a8) returned 1 [0300.606] QueryContextAttributesW (in: phContext=0x3316398, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0300.607] DeleteSecurityContext (phContext=0x3316398) returned 0x0 [0300.609] shutdown (s=0x74c, how=2) returned 0 [0300.609] closesocket (s=0x74c) returned 0 [0300.624] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743837697332) returned 1 [0300.624] SetEvent (hEvent=0x4a8) returned 1 [0300.627] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0300.629] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0300.630] WSAConnect (in: s=0x74c, name=0x33261c4*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0300.640] closesocket (s=0x45c) returned 0 [0300.641] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3326224, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3326704, pOutput=0x332669c, pfContextAttr=0x33265b4, ptsExpiry=0x73ed80 | out: phNewContext=0x3326704, pOutput=0x332669c, pfContextAttr=0x33265b4, ptsExpiry=0x73ed80) returned 0x90312 [0300.641] FreeContextBuffer (in: pvContextBuffer=0x57268e0 | out: pvContextBuffer=0x57268e0) returned 0x0 [0300.642] send (s=0x74c, buf=0x3326718*, len=366, flags=0) returned 366 [0300.642] recv (in: s=0x74c, buf=0x3326718, len=5, flags=0 | out: buf=0x3326718*) returned 5 [0300.760] recv (in: s=0x74c, buf=0x332671d, len=59, flags=0 | out: buf=0x332671d*) returned 59 [0300.760] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3326224, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x332690c, Reserved2=0x0, phNewContext=0x3326704, pOutput=0x3326920, pfContextAttr=0x33265b4, ptsExpiry=0x73ecdc | out: phNewContext=0x3326704, pOutput=0x3326920, pfContextAttr=0x33265b4, ptsExpiry=0x73ecdc) returned 0x90312 [0300.760] recv (in: s=0x74c, buf=0x33269b0, len=5, flags=0 | out: buf=0x33269b0*) returned 5 [0300.760] recv (in: s=0x74c, buf=0x33269c9, len=1, flags=0 | out: buf=0x33269c9*) returned 1 [0300.761] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3326224, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3326a3c, Reserved2=0x0, phNewContext=0x3326704, pOutput=0x3326a50, pfContextAttr=0x33265b4, ptsExpiry=0x73ec3c | out: phNewContext=0x3326704, pOutput=0x3326a50, pfContextAttr=0x33265b4, ptsExpiry=0x73ec3c) returned 0x90312 [0300.761] recv (in: s=0x74c, buf=0x3326ae0, len=5, flags=0 | out: buf=0x3326ae0*) returned 5 [0300.761] recv (in: s=0x74c, buf=0x3326af9, len=40, flags=0 | out: buf=0x3326af9*) returned 40 [0300.761] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3326224, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3326b94, Reserved2=0x0, phNewContext=0x3326704, pOutput=0x3326ba8, pfContextAttr=0x33265b4, ptsExpiry=0x73eb9c | out: phNewContext=0x3326704, pOutput=0x3326ba8, pfContextAttr=0x33265b4, ptsExpiry=0x73eb9c) returned 0x0 [0300.763] FreeContextBuffer (in: pvContextBuffer=0x571dd28 | out: pvContextBuffer=0x571dd28) returned 0x0 [0300.763] QueryContextAttributesW (in: phContext=0x3326704, ulAttribute=0x4, pBuffer=0x3326c78 | out: pBuffer=0x3326c78) returned 0x0 [0300.763] QueryContextAttributesW (in: phContext=0x3326704, ulAttribute=0x5a, pBuffer=0x3326cb4 | out: pBuffer=0x3326cb4) returned 0x0 [0300.763] QueryContextAttributesW (in: phContext=0x3326704, ulAttribute=0x53, pBuffer=0x3326d00 | out: pBuffer=0x3326d00) returned 0x0 [0300.763] CertDuplicateCertificateContext (pCertContext=0x571e208) returned 0x571e208 [0300.764] CertDuplicateStore (hCertStore=0x9bbd88) returned 0x9bbd88 [0300.764] CertEnumCertificatesInStore (hCertStore=0x9bbd88, pPrevCertContext=0x0) returned 0x571df38 [0300.764] CertDuplicateCertificateContext (pCertContext=0x571df38) returned 0x571df38 [0300.764] CertEnumCertificatesInStore (hCertStore=0x9bbd88, pPrevCertContext=0x571df38) returned 0x571e208 [0300.765] CertDuplicateCertificateContext (pCertContext=0x571e208) returned 0x571e208 [0300.765] CertEnumCertificatesInStore (hCertStore=0x9bbd88, pPrevCertContext=0x571e208) returned 0x0 [0300.765] CertCloseStore (hCertStore=0x9bbd88, dwFlags=0x0) returned 1 [0300.765] CertFreeCRLContext (pCrlContext=0x571e208) returned 1 [0300.766] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bbb30 [0300.766] CertAddCRLLinkToStore (in: hCertStore=0x9bbb30, pCrlContext=0x571df38, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.766] CertAddCRLLinkToStore (in: hCertStore=0x9bbb30, pCrlContext=0x571e208, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.767] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x571b460 [0300.767] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e208, pTime=0x73ebb0, hAdditionalStore=0x9bbb30, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0300.768] LocalFree (hMem=0x571b460) returned 0x0 [0300.768] CertDuplicateCertificateChain (pChainContext=0x9e2d60) returned 0x9e2d60 [0300.768] CertDuplicateCertificateContext (pCertContext=0x571e208) returned 0x571e208 [0300.769] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0300.772] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0300.772] CertFreeCertificateChain (pChainContext=0x9e2d60) [0300.772] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e2d60, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0300.772] SetLastError (dwErrCode=0x0) [0300.772] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e2d60, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0300.773] CertFreeCertificateChain (pChainContext=0x9e2d60) [0300.773] CertFreeCRLContext (pCrlContext=0x571e208) returned 1 [0300.774] EncryptMessage (in: phContext=0x3326704, fQOP=0x0, pMessage=0x3328430, MessageSeqNo=0x0 | out: pMessage=0x3328430) returned 0x0 [0300.774] CoTaskMemAlloc (cb=0x10) returned 0x9f39a8 [0300.774] WSASend (in: s=0x74c, lpBuffers=0x9f39a8*=((len=0x33, buf=0x3326c24*), (len=0x4f, buf=0x332834c*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0300.774] CoTaskMemFree (pv=0x9f39a8) [0300.774] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0300.775] recv (in: s=0x74c, buf=0x2fad14c, len=5, flags=0 | out: buf=0x2fad14c*) returned 5 [0300.812] recv (in: s=0x74c, buf=0x2fad151, len=1393, flags=0 | out: buf=0x2fad151*) returned 1393 [0300.813] DecryptMessage (in: phContext=0x3326704, pMessage=0x33285ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33285ac, pfQOP=0x0) returned 0x0 [0300.815] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0300.815] recv (in: s=0x74c, buf=0x2fad14c, len=5, flags=0 | out: buf=0x2fad14c*) returned 5 [0300.815] recv (in: s=0x74c, buf=0x2fad151, len=1393, flags=0 | out: buf=0x2fad151*) returned 1393 [0300.815] DecryptMessage (in: phContext=0x3326704, pMessage=0x332a040, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332a040, pfQOP=0x0) returned 0x0 [0300.816] recv (in: s=0x74c, buf=0x2fad14c, len=5, flags=0 | out: buf=0x2fad14c*) returned 5 [0300.817] recv (in: s=0x74c, buf=0x2fad151, len=1393, flags=0 | out: buf=0x2fad151*) returned 1393 [0300.817] DecryptMessage (in: phContext=0x3326704, pMessage=0x332ae44, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332ae44, pfQOP=0x0) returned 0x0 [0300.817] recv (in: s=0x74c, buf=0x2fad14c, len=5, flags=0 | out: buf=0x2fad14c*) returned 5 [0300.817] recv (in: s=0x74c, buf=0x2fad151, len=1393, flags=0 | out: buf=0x2fad151*) returned 1393 [0300.818] DecryptMessage (in: phContext=0x3326704, pMessage=0x332c08c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332c08c, pfQOP=0x0) returned 0x0 [0300.818] recv (in: s=0x74c, buf=0x2fad14c, len=5, flags=0 | out: buf=0x2fad14c*) returned 5 [0300.818] recv (in: s=0x74c, buf=0x2fad151, len=1393, flags=0 | out: buf=0x2fad151*) returned 1393 [0300.818] DecryptMessage (in: phContext=0x3326704, pMessage=0x332c1a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332c1a0, pfQOP=0x0) returned 0x0 [0300.818] recv (in: s=0x74c, buf=0x2fad14c, len=5, flags=0 | out: buf=0x2fad14c*) returned 5 [0300.819] recv (in: s=0x74c, buf=0x2fad151, len=1393, flags=0 | out: buf=0x2fad151*) returned 1393 [0300.819] DecryptMessage (in: phContext=0x3326704, pMessage=0x332e504, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332e504, pfQOP=0x0) returned 0x0 [0300.819] recv (in: s=0x74c, buf=0x2fad14c, len=5, flags=0 | out: buf=0x2fad14c*) returned 5 [0300.819] recv (in: s=0x74c, buf=0x2fad151, len=1393, flags=0 | out: buf=0x2fad151*) returned 1393 [0300.819] DecryptMessage (in: phContext=0x3326704, pMessage=0x332e618, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332e618, pfQOP=0x0) returned 0x0 [0300.819] recv (in: s=0x74c, buf=0x2fad14c, len=5, flags=0 | out: buf=0x2fad14c*) returned 5 [0300.819] recv (in: s=0x74c, buf=0x2fad151, len=1393, flags=0 | out: buf=0x2fad151*) returned 1393 [0300.820] DecryptMessage (in: phContext=0x3326704, pMessage=0x332e72c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332e72c, pfQOP=0x0) returned 0x0 [0300.821] recv (in: s=0x74c, buf=0x2fad14c, len=5, flags=0 | out: buf=0x2fad14c*) returned 5 [0300.821] recv (in: s=0x74c, buf=0x2fad151, len=1393, flags=0 | out: buf=0x2fad151*) returned 1393 [0300.821] DecryptMessage (in: phContext=0x3326704, pMessage=0x3332cc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3332cc8, pfQOP=0x0) returned 0x0 [0300.822] recv (in: s=0x74c, buf=0x2fad14c, len=5, flags=0 | out: buf=0x2fad14c*) returned 5 [0300.822] recv (in: s=0x74c, buf=0x2fad151, len=1393, flags=0 | out: buf=0x2fad151*) returned 1393 [0300.822] DecryptMessage (in: phContext=0x3326704, pMessage=0x3332ddc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3332ddc, pfQOP=0x0) returned 0x0 [0300.822] recv (in: s=0x74c, buf=0x2fad14c, len=5, flags=0 | out: buf=0x2fad14c*) returned 5 [0300.822] recv (in: s=0x74c, buf=0x2fad151, len=1393, flags=0 | out: buf=0x2fad151*) returned 1393 [0300.822] DecryptMessage (in: phContext=0x3326704, pMessage=0x3332ef0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3332ef0, pfQOP=0x0) returned 0x0 [0300.822] recv (in: s=0x74c, buf=0x2fad14c, len=5, flags=0 | out: buf=0x2fad14c*) returned 5 [0300.822] recv (in: s=0x74c, buf=0x2fad151, len=1393, flags=0 | out: buf=0x2fad151*) returned 1393 [0300.823] DecryptMessage (in: phContext=0x3326704, pMessage=0x3333004, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3333004, pfQOP=0x0) returned 0x0 [0300.823] recv (in: s=0x74c, buf=0x2fad14c, len=5, flags=0 | out: buf=0x2fad14c*) returned 5 [0300.823] recv (in: s=0x74c, buf=0x2fad151, len=51, flags=0 | out: buf=0x2fad151*) returned 51 [0300.823] DecryptMessage (in: phContext=0x3326704, pMessage=0x3333118, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3333118, pfQOP=0x0) returned 0x0 [0300.823] SetEvent (hEvent=0x4a8) returned 1 [0300.824] QueryContextAttributesW (in: phContext=0x3326704, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0300.825] DeleteSecurityContext (phContext=0x3326704) returned 0x0 [0300.826] shutdown (s=0x74c, how=2) returned 0 [0300.826] closesocket (s=0x74c) returned 0 [0300.834] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743858682049) returned 1 [0300.834] SetEvent (hEvent=0x4a8) returned 1 [0300.836] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0300.837] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0300.838] WSAConnect (in: s=0x74c, name=0x333651c*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0300.848] closesocket (s=0x45c) returned 0 [0300.849] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3336590, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3336a70, pOutput=0x3336a08, pfContextAttr=0x3336920, ptsExpiry=0x73ed80 | out: phNewContext=0x3336a70, pOutput=0x3336a08, pfContextAttr=0x3336920, ptsExpiry=0x73ed80) returned 0x90312 [0300.850] FreeContextBuffer (in: pvContextBuffer=0x5726758 | out: pvContextBuffer=0x5726758) returned 0x0 [0300.850] send (s=0x74c, buf=0x3336a84*, len=366, flags=0) returned 366 [0300.850] recv (in: s=0x74c, buf=0x3336a84, len=5, flags=0 | out: buf=0x3336a84*) returned 5 [0300.860] recv (in: s=0x74c, buf=0x3336a89, len=59, flags=0 | out: buf=0x3336a89*) returned 59 [0300.860] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3336590, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3336c78, Reserved2=0x0, phNewContext=0x3336a70, pOutput=0x3336c8c, pfContextAttr=0x3336920, ptsExpiry=0x73ecdc | out: phNewContext=0x3336a70, pOutput=0x3336c8c, pfContextAttr=0x3336920, ptsExpiry=0x73ecdc) returned 0x90312 [0300.861] recv (in: s=0x74c, buf=0x3336d1c, len=5, flags=0 | out: buf=0x3336d1c*) returned 5 [0300.861] recv (in: s=0x74c, buf=0x3336d35, len=1, flags=0 | out: buf=0x3336d35*) returned 1 [0300.861] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3336590, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3336da8, Reserved2=0x0, phNewContext=0x3336a70, pOutput=0x3336dbc, pfContextAttr=0x3336920, ptsExpiry=0x73ec3c | out: phNewContext=0x3336a70, pOutput=0x3336dbc, pfContextAttr=0x3336920, ptsExpiry=0x73ec3c) returned 0x90312 [0300.862] recv (in: s=0x74c, buf=0x3336e4c, len=5, flags=0 | out: buf=0x3336e4c*) returned 5 [0300.862] recv (in: s=0x74c, buf=0x3336e65, len=40, flags=0 | out: buf=0x3336e65*) returned 40 [0300.862] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3336590, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3336f00, Reserved2=0x0, phNewContext=0x3336a70, pOutput=0x3336f14, pfContextAttr=0x3336920, ptsExpiry=0x73eb9c | out: phNewContext=0x3336a70, pOutput=0x3336f14, pfContextAttr=0x3336920, ptsExpiry=0x73eb9c) returned 0x0 [0300.865] FreeContextBuffer (in: pvContextBuffer=0x571dd28 | out: pvContextBuffer=0x571dd28) returned 0x0 [0300.865] QueryContextAttributesW (in: phContext=0x3336a70, ulAttribute=0x4, pBuffer=0x3336fe4 | out: pBuffer=0x3336fe4) returned 0x0 [0300.865] QueryContextAttributesW (in: phContext=0x3336a70, ulAttribute=0x5a, pBuffer=0x3337020 | out: pBuffer=0x3337020) returned 0x0 [0300.866] QueryContextAttributesW (in: phContext=0x3336a70, ulAttribute=0x53, pBuffer=0x333706c | out: pBuffer=0x333706c) returned 0x0 [0300.866] CertDuplicateCertificateContext (pCertContext=0x571dd58) returned 0x571dd58 [0300.867] CertDuplicateStore (hCertStore=0x9bc3a0) returned 0x9bc3a0 [0300.867] CertEnumCertificatesInStore (hCertStore=0x9bc3a0, pPrevCertContext=0x0) returned 0x571db78 [0300.867] CertDuplicateCertificateContext (pCertContext=0x571db78) returned 0x571db78 [0300.867] CertEnumCertificatesInStore (hCertStore=0x9bc3a0, pPrevCertContext=0x571db78) returned 0x571dd58 [0300.868] CertDuplicateCertificateContext (pCertContext=0x571dd58) returned 0x571dd58 [0300.868] CertEnumCertificatesInStore (hCertStore=0x9bc3a0, pPrevCertContext=0x571dd58) returned 0x0 [0300.868] CertCloseStore (hCertStore=0x9bc3a0, dwFlags=0x0) returned 1 [0300.868] CertFreeCRLContext (pCrlContext=0x571dd58) returned 1 [0300.869] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bbba8 [0300.869] CertAddCRLLinkToStore (in: hCertStore=0x9bbba8, pCrlContext=0x571db78, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.869] CertAddCRLLinkToStore (in: hCertStore=0x9bbba8, pCrlContext=0x571dd58, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.870] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x571b460 [0300.870] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571dd58, pTime=0x73ebb0, hAdditionalStore=0x9bbba8, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0300.871] LocalFree (hMem=0x571b460) returned 0x0 [0300.871] CertDuplicateCertificateChain (pChainContext=0x9e2710) returned 0x9e2710 [0300.871] CertDuplicateCertificateContext (pCertContext=0x571dd58) returned 0x571dd58 [0300.872] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0300.872] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0300.872] CertFreeCertificateChain (pChainContext=0x9e2710) [0300.872] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e2710, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0300.872] SetLastError (dwErrCode=0x0) [0300.873] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e2710, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0300.873] CertFreeCertificateChain (pChainContext=0x9e2710) [0300.873] CertFreeCRLContext (pCrlContext=0x571dd58) returned 1 [0300.874] EncryptMessage (in: phContext=0x3336a70, fQOP=0x0, pMessage=0x333879c, MessageSeqNo=0x0 | out: pMessage=0x333879c) returned 0x0 [0300.874] CoTaskMemAlloc (cb=0x10) returned 0x9f39a8 [0300.874] WSASend (in: s=0x74c, lpBuffers=0x9f39a8*=((len=0x33, buf=0x3336f90*), (len=0x4f, buf=0x33386b8*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0300.875] CoTaskMemFree (pv=0x9f39a8) [0300.875] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0300.875] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0300.888] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0300.889] DecryptMessage (in: phContext=0x3336a70, pMessage=0x3338918, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3338918, pfQOP=0x0) returned 0x0 [0300.889] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0300.889] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0300.890] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0300.890] DecryptMessage (in: phContext=0x3336a70, pMessage=0x333a3ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333a3ac, pfQOP=0x0) returned 0x0 [0300.890] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0300.890] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0300.890] DecryptMessage (in: phContext=0x3336a70, pMessage=0x333b1b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333b1b0, pfQOP=0x0) returned 0x0 [0300.891] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0300.891] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0300.891] DecryptMessage (in: phContext=0x3336a70, pMessage=0x333c3f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333c3f8, pfQOP=0x0) returned 0x0 [0300.891] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0300.891] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0300.891] DecryptMessage (in: phContext=0x3336a70, pMessage=0x333c50c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333c50c, pfQOP=0x0) returned 0x0 [0300.892] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0300.892] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0300.892] DecryptMessage (in: phContext=0x3336a70, pMessage=0x333e870, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333e870, pfQOP=0x0) returned 0x0 [0300.892] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0300.892] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0300.893] DecryptMessage (in: phContext=0x3336a70, pMessage=0x333e984, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333e984, pfQOP=0x0) returned 0x0 [0300.893] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0300.893] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0300.893] DecryptMessage (in: phContext=0x3336a70, pMessage=0x333ea98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333ea98, pfQOP=0x0) returned 0x0 [0300.895] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0300.895] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0300.895] DecryptMessage (in: phContext=0x3336a70, pMessage=0x3343034, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3343034, pfQOP=0x0) returned 0x0 [0300.895] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0300.895] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0300.896] DecryptMessage (in: phContext=0x3336a70, pMessage=0x3343148, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3343148, pfQOP=0x0) returned 0x0 [0300.896] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0300.896] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0300.896] DecryptMessage (in: phContext=0x3336a70, pMessage=0x334325c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334325c, pfQOP=0x0) returned 0x0 [0300.896] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0300.896] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0300.896] DecryptMessage (in: phContext=0x3336a70, pMessage=0x3343370, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3343370, pfQOP=0x0) returned 0x0 [0300.897] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0300.897] recv (in: s=0x74c, buf=0x2fb1189, len=51, flags=0 | out: buf=0x2fb1189*) returned 51 [0300.897] DecryptMessage (in: phContext=0x3336a70, pMessage=0x3343484, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3343484, pfQOP=0x0) returned 0x0 [0300.897] SetEvent (hEvent=0x4a8) returned 1 [0300.897] QueryContextAttributesW (in: phContext=0x3336a70, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0300.897] DeleteSecurityContext (phContext=0x3336a70) returned 0x0 [0300.898] shutdown (s=0x74c, how=2) returned 0 [0300.898] closesocket (s=0x74c) returned 0 [0300.904] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743865735899) returned 1 [0300.904] SetEvent (hEvent=0x4a8) returned 1 [0300.906] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0300.907] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0300.908] WSAConnect (in: s=0x74c, name=0x334687c*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0300.918] closesocket (s=0x45c) returned 0 [0300.920] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x33468fc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3346ddc, pOutput=0x3346d74, pfContextAttr=0x3346c8c, ptsExpiry=0x73ed80 | out: phNewContext=0x3346ddc, pOutput=0x3346d74, pfContextAttr=0x3346c8c, ptsExpiry=0x73ed80) returned 0x90312 [0300.920] FreeContextBuffer (in: pvContextBuffer=0x57268e0 | out: pvContextBuffer=0x57268e0) returned 0x0 [0300.920] send (s=0x74c, buf=0x3346df0*, len=366, flags=0) returned 366 [0300.921] recv (in: s=0x74c, buf=0x3346df0, len=5, flags=0 | out: buf=0x3346df0*) returned 5 [0300.931] recv (in: s=0x74c, buf=0x3346df5, len=59, flags=0 | out: buf=0x3346df5*) returned 59 [0300.931] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x33468fc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3346fe4, Reserved2=0x0, phNewContext=0x3346ddc, pOutput=0x3346ff8, pfContextAttr=0x3346c8c, ptsExpiry=0x73ecdc | out: phNewContext=0x3346ddc, pOutput=0x3346ff8, pfContextAttr=0x3346c8c, ptsExpiry=0x73ecdc) returned 0x90312 [0300.932] recv (in: s=0x74c, buf=0x3347088, len=5, flags=0 | out: buf=0x3347088*) returned 5 [0300.932] recv (in: s=0x74c, buf=0x33470a1, len=1, flags=0 | out: buf=0x33470a1*) returned 1 [0300.932] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x33468fc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3347114, Reserved2=0x0, phNewContext=0x3346ddc, pOutput=0x3347128, pfContextAttr=0x3346c8c, ptsExpiry=0x73ec3c | out: phNewContext=0x3346ddc, pOutput=0x3347128, pfContextAttr=0x3346c8c, ptsExpiry=0x73ec3c) returned 0x90312 [0300.933] recv (in: s=0x74c, buf=0x33471b8, len=5, flags=0 | out: buf=0x33471b8*) returned 5 [0300.933] recv (in: s=0x74c, buf=0x33471d1, len=40, flags=0 | out: buf=0x33471d1*) returned 40 [0300.933] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x33468fc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x334726c, Reserved2=0x0, phNewContext=0x3346ddc, pOutput=0x3347280, pfContextAttr=0x3346c8c, ptsExpiry=0x73eb9c | out: phNewContext=0x3346ddc, pOutput=0x3347280, pfContextAttr=0x3346c8c, ptsExpiry=0x73eb9c) returned 0x0 [0300.973] FreeContextBuffer (in: pvContextBuffer=0x571df58 | out: pvContextBuffer=0x571df58) returned 0x0 [0300.973] QueryContextAttributesW (in: phContext=0x3346ddc, ulAttribute=0x4, pBuffer=0x3347350 | out: pBuffer=0x3347350) returned 0x0 [0300.973] QueryContextAttributesW (in: phContext=0x3346ddc, ulAttribute=0x5a, pBuffer=0x334738c | out: pBuffer=0x334738c) returned 0x0 [0300.973] QueryContextAttributesW (in: phContext=0x3346ddc, ulAttribute=0x53, pBuffer=0x33473d8 | out: pBuffer=0x33473d8) returned 0x0 [0300.973] CertDuplicateCertificateContext (pCertContext=0x571dc18) returned 0x571dc18 [0300.974] CertDuplicateStore (hCertStore=0x9bbe00) returned 0x9bbe00 [0300.974] CertEnumCertificatesInStore (hCertStore=0x9bbe00, pPrevCertContext=0x0) returned 0x571dcb8 [0300.974] CertDuplicateCertificateContext (pCertContext=0x571dcb8) returned 0x571dcb8 [0300.974] CertEnumCertificatesInStore (hCertStore=0x9bbe00, pPrevCertContext=0x571dcb8) returned 0x571dc18 [0300.975] CertDuplicateCertificateContext (pCertContext=0x571dc18) returned 0x571dc18 [0300.975] CertEnumCertificatesInStore (hCertStore=0x9bbe00, pPrevCertContext=0x571dc18) returned 0x0 [0300.975] CertCloseStore (hCertStore=0x9bbe00, dwFlags=0x0) returned 1 [0300.975] CertFreeCRLContext (pCrlContext=0x571dc18) returned 1 [0300.976] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bbe78 [0300.976] CertAddCRLLinkToStore (in: hCertStore=0x9bbe78, pCrlContext=0x571dcb8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.976] CertAddCRLLinkToStore (in: hCertStore=0x9bbe78, pCrlContext=0x571dc18, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0300.977] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e0a0 [0300.977] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571dc18, pTime=0x73ebb0, hAdditionalStore=0x9bbe78, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0300.977] LocalFree (hMem=0x99e0a0) returned 0x0 [0300.978] CertDuplicateCertificateChain (pChainContext=0x9e2a38) returned 0x9e2a38 [0300.978] CertDuplicateCertificateContext (pCertContext=0x571dc18) returned 0x571dc18 [0300.979] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0300.979] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0300.979] CertFreeCertificateChain (pChainContext=0x9e2a38) [0300.979] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e2a38, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0300.979] SetLastError (dwErrCode=0x0) [0300.979] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e2a38, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0300.980] CertFreeCertificateChain (pChainContext=0x9e2a38) [0300.980] CertFreeCRLContext (pCrlContext=0x571dc18) returned 1 [0300.981] EncryptMessage (in: phContext=0x3346ddc, fQOP=0x0, pMessage=0x3348b08, MessageSeqNo=0x0 | out: pMessage=0x3348b08) returned 0x0 [0300.981] CoTaskMemAlloc (cb=0x10) returned 0x9f3a98 [0300.981] WSASend (in: s=0x74c, lpBuffers=0x9f3a98*=((len=0x33, buf=0x33472fc*), (len=0x4f, buf=0x3348a24*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0300.981] CoTaskMemFree (pv=0x9f3a98) [0300.981] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0300.981] recv (in: s=0x74c, buf=0x2fb51bc, len=5, flags=0 | out: buf=0x2fb51bc*) returned 5 [0301.008] recv (in: s=0x74c, buf=0x2fb51c1, len=1393, flags=0 | out: buf=0x2fb51c1*) returned 1393 [0301.009] DecryptMessage (in: phContext=0x3346ddc, pMessage=0x3348c84, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3348c84, pfQOP=0x0) returned 0x0 [0301.009] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0301.009] recv (in: s=0x74c, buf=0x2fb51bc, len=5, flags=0 | out: buf=0x2fb51bc*) returned 5 [0301.010] recv (in: s=0x74c, buf=0x2fb51c1, len=1393, flags=0 | out: buf=0x2fb51c1*) returned 1393 [0301.010] DecryptMessage (in: phContext=0x3346ddc, pMessage=0x334a70c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334a70c, pfQOP=0x0) returned 0x0 [0301.011] recv (in: s=0x74c, buf=0x2fb51bc, len=5, flags=0 | out: buf=0x2fb51bc*) returned 5 [0301.011] recv (in: s=0x74c, buf=0x2fb51c1, len=1393, flags=0 | out: buf=0x2fb51c1*) returned 1393 [0301.012] DecryptMessage (in: phContext=0x3346ddc, pMessage=0x334b51c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334b51c, pfQOP=0x0) returned 0x0 [0301.012] recv (in: s=0x74c, buf=0x2fb51bc, len=5, flags=0 | out: buf=0x2fb51bc*) returned 5 [0301.012] recv (in: s=0x74c, buf=0x2fb51c1, len=1393, flags=0 | out: buf=0x2fb51c1*) returned 1393 [0301.013] DecryptMessage (in: phContext=0x3346ddc, pMessage=0x334c758, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334c758, pfQOP=0x0) returned 0x0 [0301.013] recv (in: s=0x74c, buf=0x2fb51bc, len=5, flags=0 | out: buf=0x2fb51bc*) returned 5 [0301.013] recv (in: s=0x74c, buf=0x2fb51c1, len=1393, flags=0 | out: buf=0x2fb51c1*) returned 1393 [0301.013] DecryptMessage (in: phContext=0x3346ddc, pMessage=0x334c86c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334c86c, pfQOP=0x0) returned 0x0 [0301.014] recv (in: s=0x74c, buf=0x2fb51bc, len=5, flags=0 | out: buf=0x2fb51bc*) returned 5 [0301.015] recv (in: s=0x74c, buf=0x2fb51c1, len=1393, flags=0 | out: buf=0x2fb51c1*) returned 1393 [0301.016] DecryptMessage (in: phContext=0x3346ddc, pMessage=0x334ebdc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334ebdc, pfQOP=0x0) returned 0x0 [0301.016] recv (in: s=0x74c, buf=0x2fb51bc, len=5, flags=0 | out: buf=0x2fb51bc*) returned 5 [0301.016] recv (in: s=0x74c, buf=0x2fb51c1, len=1393, flags=0 | out: buf=0x2fb51c1*) returned 1393 [0301.016] DecryptMessage (in: phContext=0x3346ddc, pMessage=0x334ecf0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334ecf0, pfQOP=0x0) returned 0x0 [0301.016] recv (in: s=0x74c, buf=0x2fb51bc, len=5, flags=0 | out: buf=0x2fb51bc*) returned 5 [0301.016] recv (in: s=0x74c, buf=0x2fb51c1, len=1393, flags=0 | out: buf=0x2fb51c1*) returned 1393 [0301.016] DecryptMessage (in: phContext=0x3346ddc, pMessage=0x334ee04, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334ee04, pfQOP=0x0) returned 0x0 [0301.018] recv (in: s=0x74c, buf=0x2fb51bc, len=5, flags=0 | out: buf=0x2fb51bc*) returned 5 [0301.018] recv (in: s=0x74c, buf=0x2fb51c1, len=1393, flags=0 | out: buf=0x2fb51c1*) returned 1393 [0301.018] DecryptMessage (in: phContext=0x3346ddc, pMessage=0x33533a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33533a0, pfQOP=0x0) returned 0x0 [0301.023] recv (in: s=0x74c, buf=0x2fb51bc, len=5, flags=0 | out: buf=0x2fb51bc*) returned 5 [0301.023] recv (in: s=0x74c, buf=0x2fb51c1, len=1393, flags=0 | out: buf=0x2fb51c1*) returned 1393 [0301.023] DecryptMessage (in: phContext=0x3346ddc, pMessage=0x33534b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33534b4, pfQOP=0x0) returned 0x0 [0301.023] recv (in: s=0x74c, buf=0x2fb51bc, len=5, flags=0 | out: buf=0x2fb51bc*) returned 5 [0301.024] recv (in: s=0x74c, buf=0x2fb51c1, len=1393, flags=0 | out: buf=0x2fb51c1*) returned 1393 [0301.024] DecryptMessage (in: phContext=0x3346ddc, pMessage=0x33535c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33535c8, pfQOP=0x0) returned 0x0 [0301.024] recv (in: s=0x74c, buf=0x2fb51bc, len=5, flags=0 | out: buf=0x2fb51bc*) returned 5 [0301.024] recv (in: s=0x74c, buf=0x2fb51c1, len=1393, flags=0 | out: buf=0x2fb51c1*) returned 1393 [0301.024] DecryptMessage (in: phContext=0x3346ddc, pMessage=0x33536dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33536dc, pfQOP=0x0) returned 0x0 [0301.024] recv (in: s=0x74c, buf=0x2fb51bc, len=5, flags=0 | out: buf=0x2fb51bc*) returned 5 [0301.024] recv (in: s=0x74c, buf=0x2fb51c1, len=51, flags=0 | out: buf=0x2fb51c1*) returned 51 [0301.025] DecryptMessage (in: phContext=0x3346ddc, pMessage=0x33537f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33537f0, pfQOP=0x0) returned 0x0 [0301.025] SetEvent (hEvent=0x4a8) returned 1 [0301.025] QueryContextAttributesW (in: phContext=0x3346ddc, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0301.025] DeleteSecurityContext (phContext=0x3346ddc) returned 0x0 [0301.026] shutdown (s=0x74c, how=2) returned 0 [0301.026] closesocket (s=0x74c) returned 0 [0301.032] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743878508765) returned 1 [0301.032] SetEvent (hEvent=0x4a8) returned 1 [0301.036] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0301.037] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0301.037] WSAConnect (in: s=0x74c, name=0x3356bcc*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0301.047] closesocket (s=0x45c) returned 0 [0301.048] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3356c40, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x335712c, pOutput=0x33570c4, pfContextAttr=0x3356fdc, ptsExpiry=0x73ed80 | out: phNewContext=0x335712c, pOutput=0x33570c4, pfContextAttr=0x3356fdc, ptsExpiry=0x73ed80) returned 0x90312 [0301.048] FreeContextBuffer (in: pvContextBuffer=0x57262c0 | out: pvContextBuffer=0x57262c0) returned 0x0 [0301.048] send (s=0x74c, buf=0x3357140*, len=366, flags=0) returned 366 [0301.049] recv (in: s=0x74c, buf=0x3357140, len=5, flags=0 | out: buf=0x3357140*) returned 5 [0301.059] recv (in: s=0x74c, buf=0x3357145, len=59, flags=0 | out: buf=0x3357145*) returned 59 [0301.059] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3356c40, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3357334, Reserved2=0x0, phNewContext=0x335712c, pOutput=0x3357348, pfContextAttr=0x3356fdc, ptsExpiry=0x73ecdc | out: phNewContext=0x335712c, pOutput=0x3357348, pfContextAttr=0x3356fdc, ptsExpiry=0x73ecdc) returned 0x90312 [0301.060] recv (in: s=0x74c, buf=0x33573d8, len=5, flags=0 | out: buf=0x33573d8*) returned 5 [0301.060] recv (in: s=0x74c, buf=0x33573f1, len=1, flags=0 | out: buf=0x33573f1*) returned 1 [0301.060] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3356c40, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3357464, Reserved2=0x0, phNewContext=0x335712c, pOutput=0x3357478, pfContextAttr=0x3356fdc, ptsExpiry=0x73ec3c | out: phNewContext=0x335712c, pOutput=0x3357478, pfContextAttr=0x3356fdc, ptsExpiry=0x73ec3c) returned 0x90312 [0301.061] recv (in: s=0x74c, buf=0x3357508, len=5, flags=0 | out: buf=0x3357508*) returned 5 [0301.061] recv (in: s=0x74c, buf=0x3357521, len=40, flags=0 | out: buf=0x3357521*) returned 40 [0301.061] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3356c40, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33575bc, Reserved2=0x0, phNewContext=0x335712c, pOutput=0x33575d0, pfContextAttr=0x3356fdc, ptsExpiry=0x73eb9c | out: phNewContext=0x335712c, pOutput=0x33575d0, pfContextAttr=0x3356fdc, ptsExpiry=0x73eb9c) returned 0x0 [0301.062] FreeContextBuffer (in: pvContextBuffer=0x571e0e8 | out: pvContextBuffer=0x571e0e8) returned 0x0 [0301.062] QueryContextAttributesW (in: phContext=0x335712c, ulAttribute=0x4, pBuffer=0x33576a0 | out: pBuffer=0x33576a0) returned 0x0 [0301.062] QueryContextAttributesW (in: phContext=0x335712c, ulAttribute=0x5a, pBuffer=0x33576dc | out: pBuffer=0x33576dc) returned 0x0 [0301.062] QueryContextAttributesW (in: phContext=0x335712c, ulAttribute=0x53, pBuffer=0x3357728 | out: pBuffer=0x3357728) returned 0x0 [0301.063] CertDuplicateCertificateContext (pCertContext=0x571e028) returned 0x571e028 [0301.064] CertDuplicateStore (hCertStore=0x9bb7e8) returned 0x9bb7e8 [0301.064] CertEnumCertificatesInStore (hCertStore=0x9bb7e8, pPrevCertContext=0x0) returned 0x571e118 [0301.064] CertDuplicateCertificateContext (pCertContext=0x571e118) returned 0x571e118 [0301.064] CertEnumCertificatesInStore (hCertStore=0x9bb7e8, pPrevCertContext=0x571e118) returned 0x571e028 [0301.065] CertDuplicateCertificateContext (pCertContext=0x571e028) returned 0x571e028 [0301.065] CertEnumCertificatesInStore (hCertStore=0x9bb7e8, pPrevCertContext=0x571e028) returned 0x0 [0301.065] CertCloseStore (hCertStore=0x9bb7e8, dwFlags=0x0) returned 1 [0301.065] CertFreeCRLContext (pCrlContext=0x571e028) returned 1 [0301.068] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bb860 [0301.069] CertAddCRLLinkToStore (in: hCertStore=0x9bb860, pCrlContext=0x571e118, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0301.069] CertAddCRLLinkToStore (in: hCertStore=0x9bb860, pCrlContext=0x571e028, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0301.069] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d4ea8 [0301.070] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e028, pTime=0x73ebb0, hAdditionalStore=0x9bb860, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0301.070] LocalFree (hMem=0x9d4ea8) returned 0x0 [0301.070] CertDuplicateCertificateChain (pChainContext=0x9e1d98) returned 0x9e1d98 [0301.071] CertDuplicateCertificateContext (pCertContext=0x571e028) returned 0x571e028 [0301.071] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0301.072] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0301.072] CertFreeCertificateChain (pChainContext=0x9e1d98) [0301.072] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e1d98, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0301.072] SetLastError (dwErrCode=0x0) [0301.072] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e1d98, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0301.072] CertFreeCertificateChain (pChainContext=0x9e1d98) [0301.072] CertFreeCRLContext (pCrlContext=0x571e028) returned 1 [0301.073] EncryptMessage (in: phContext=0x335712c, fQOP=0x0, pMessage=0x3358e4c, MessageSeqNo=0x0 | out: pMessage=0x3358e4c) returned 0x0 [0301.073] CoTaskMemAlloc (cb=0x10) returned 0x9f39a8 [0301.073] WSASend (in: s=0x74c, lpBuffers=0x9f39a8*=((len=0x33, buf=0x335764c*), (len=0x4f, buf=0x3358d68*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0301.074] CoTaskMemFree (pv=0x9f39a8) [0301.074] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0301.074] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0301.091] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0301.092] DecryptMessage (in: phContext=0x335712c, pMessage=0x3358fd4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3358fd4, pfQOP=0x0) returned 0x0 [0301.092] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0301.092] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0301.093] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0301.093] DecryptMessage (in: phContext=0x335712c, pMessage=0x335aa5c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335aa5c, pfQOP=0x0) returned 0x0 [0301.093] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0301.093] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0301.094] DecryptMessage (in: phContext=0x335712c, pMessage=0x335b86c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335b86c, pfQOP=0x0) returned 0x0 [0301.094] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0301.094] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0301.094] DecryptMessage (in: phContext=0x335712c, pMessage=0x335caa8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335caa8, pfQOP=0x0) returned 0x0 [0301.094] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0301.094] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0301.095] DecryptMessage (in: phContext=0x335712c, pMessage=0x335cbbc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335cbbc, pfQOP=0x0) returned 0x0 [0301.095] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0301.095] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0301.096] DecryptMessage (in: phContext=0x335712c, pMessage=0x335ef20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335ef20, pfQOP=0x0) returned 0x0 [0301.096] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0301.096] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0301.096] DecryptMessage (in: phContext=0x335712c, pMessage=0x335f034, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335f034, pfQOP=0x0) returned 0x0 [0301.096] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0301.096] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0301.096] DecryptMessage (in: phContext=0x335712c, pMessage=0x335f148, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335f148, pfQOP=0x0) returned 0x0 [0301.099] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0301.099] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0301.100] DecryptMessage (in: phContext=0x335712c, pMessage=0x33636f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33636f0, pfQOP=0x0) returned 0x0 [0301.100] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0301.100] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0301.100] DecryptMessage (in: phContext=0x335712c, pMessage=0x3363804, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3363804, pfQOP=0x0) returned 0x0 [0301.100] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0301.100] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0301.101] DecryptMessage (in: phContext=0x335712c, pMessage=0x3363918, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3363918, pfQOP=0x0) returned 0x0 [0301.101] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0301.101] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0301.101] DecryptMessage (in: phContext=0x335712c, pMessage=0x3363a2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3363a2c, pfQOP=0x0) returned 0x0 [0301.101] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0301.102] recv (in: s=0x74c, buf=0x2fb91f9, len=29, flags=0 | out: buf=0x2fb91f9*) returned 29 [0301.102] DecryptMessage (in: phContext=0x335712c, pMessage=0x3363b40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3363b40, pfQOP=0x0) returned 0x0 [0301.102] SetEvent (hEvent=0x4a8) returned 1 [0301.102] QueryContextAttributesW (in: phContext=0x335712c, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0301.102] DeleteSecurityContext (phContext=0x335712c) returned 0x0 [0301.103] shutdown (s=0x74c, how=2) returned 0 [0301.104] closesocket (s=0x74c) returned 0 [0301.112] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743886532511) returned 1 [0301.114] SetEvent (hEvent=0x4a8) returned 1 [0301.140] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0301.142] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0301.143] WSAConnect (in: s=0x74c, name=0x33a78bc*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0301.154] closesocket (s=0x45c) returned 0 [0301.155] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x33a7908, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x33a7de8, pOutput=0x33a7d80, pfContextAttr=0x33a7c98, ptsExpiry=0x73ed80 | out: phNewContext=0x33a7de8, pOutput=0x33a7d80, pfContextAttr=0x33a7c98, ptsExpiry=0x73ed80) returned 0x90312 [0301.156] FreeContextBuffer (in: pvContextBuffer=0x5725ca0 | out: pvContextBuffer=0x5725ca0) returned 0x0 [0301.156] send (s=0x74c, buf=0x33a7dfc*, len=366, flags=0) returned 366 [0301.156] recv (in: s=0x74c, buf=0x33a7dfc, len=5, flags=0 | out: buf=0x33a7dfc*) returned 5 [0301.166] recv (in: s=0x74c, buf=0x33a7e01, len=59, flags=0 | out: buf=0x33a7e01*) returned 59 [0301.167] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x33a7908, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33a7ff0, Reserved2=0x0, phNewContext=0x33a7de8, pOutput=0x33a8004, pfContextAttr=0x33a7c98, ptsExpiry=0x73ecdc | out: phNewContext=0x33a7de8, pOutput=0x33a8004, pfContextAttr=0x33a7c98, ptsExpiry=0x73ecdc) returned 0x90312 [0301.167] recv (in: s=0x74c, buf=0x33a8094, len=5, flags=0 | out: buf=0x33a8094*) returned 5 [0301.167] recv (in: s=0x74c, buf=0x33a80ad, len=1, flags=0 | out: buf=0x33a80ad*) returned 1 [0301.168] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x33a7908, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33a8120, Reserved2=0x0, phNewContext=0x33a7de8, pOutput=0x33a8134, pfContextAttr=0x33a7c98, ptsExpiry=0x73ec3c | out: phNewContext=0x33a7de8, pOutput=0x33a8134, pfContextAttr=0x33a7c98, ptsExpiry=0x73ec3c) returned 0x90312 [0301.168] recv (in: s=0x74c, buf=0x33a81c4, len=5, flags=0 | out: buf=0x33a81c4*) returned 5 [0301.168] recv (in: s=0x74c, buf=0x33a81dd, len=40, flags=0 | out: buf=0x33a81dd*) returned 40 [0301.169] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x33a7908, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33a8278, Reserved2=0x0, phNewContext=0x33a7de8, pOutput=0x33a828c, pfContextAttr=0x33a7c98, ptsExpiry=0x73eb9c | out: phNewContext=0x33a7de8, pOutput=0x33a828c, pfContextAttr=0x33a7c98, ptsExpiry=0x73eb9c) returned 0x0 [0301.170] FreeContextBuffer (in: pvContextBuffer=0x571e818 | out: pvContextBuffer=0x571e818) returned 0x0 [0301.170] QueryContextAttributesW (in: phContext=0x33a7de8, ulAttribute=0x4, pBuffer=0x33a835c | out: pBuffer=0x33a835c) returned 0x0 [0301.170] QueryContextAttributesW (in: phContext=0x33a7de8, ulAttribute=0x5a, pBuffer=0x33a8398 | out: pBuffer=0x33a8398) returned 0x0 [0301.170] QueryContextAttributesW (in: phContext=0x33a7de8, ulAttribute=0x53, pBuffer=0x33a83e4 | out: pBuffer=0x33a83e4) returned 0x0 [0301.171] CertDuplicateCertificateContext (pCertContext=0x571e758) returned 0x571e758 [0301.172] CertDuplicateStore (hCertStore=0x9bbd10) returned 0x9bbd10 [0301.172] CertEnumCertificatesInStore (hCertStore=0x9bbd10, pPrevCertContext=0x0) returned 0x571e4d8 [0301.172] CertDuplicateCertificateContext (pCertContext=0x571e4d8) returned 0x571e4d8 [0301.172] CertEnumCertificatesInStore (hCertStore=0x9bbd10, pPrevCertContext=0x571e4d8) returned 0x571e758 [0301.173] CertDuplicateCertificateContext (pCertContext=0x571e758) returned 0x571e758 [0301.173] CertEnumCertificatesInStore (hCertStore=0x9bbd10, pPrevCertContext=0x571e758) returned 0x0 [0301.174] CertCloseStore (hCertStore=0x9bbd10, dwFlags=0x0) returned 1 [0301.174] CertFreeCRLContext (pCrlContext=0x571e758) returned 1 [0301.177] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bc0d0 [0301.177] CertAddCRLLinkToStore (in: hCertStore=0x9bc0d0, pCrlContext=0x571e4d8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0301.177] CertAddCRLLinkToStore (in: hCertStore=0x9bc0d0, pCrlContext=0x571e758, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0301.178] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d4da8 [0301.178] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e758, pTime=0x73ebb0, hAdditionalStore=0x9bc0d0, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0301.178] LocalFree (hMem=0x9d4da8) returned 0x0 [0301.178] CertDuplicateCertificateChain (pChainContext=0x9e20c0) returned 0x9e20c0 [0301.179] CertDuplicateCertificateContext (pCertContext=0x571e758) returned 0x571e758 [0301.179] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0301.180] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0301.180] CertFreeCertificateChain (pChainContext=0x9e20c0) [0301.180] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e20c0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0301.180] SetLastError (dwErrCode=0x0) [0301.180] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e20c0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0301.181] CertFreeCertificateChain (pChainContext=0x9e20c0) [0301.181] CertFreeCRLContext (pCrlContext=0x571e758) returned 1 [0301.182] EncryptMessage (in: phContext=0x33a7de8, fQOP=0x0, pMessage=0x33a9b14, MessageSeqNo=0x0 | out: pMessage=0x33a9b14) returned 0x0 [0301.182] CoTaskMemAlloc (cb=0x10) returned 0x9f3948 [0301.182] WSASend (in: s=0x74c, lpBuffers=0x9f3948*=((len=0x33, buf=0x33a8308*), (len=0x4f, buf=0x33a9a30*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0301.182] CoTaskMemFree (pv=0x9f3948) [0301.182] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0301.183] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0301.199] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0301.199] DecryptMessage (in: phContext=0x33a7de8, pMessage=0x33a9c90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33a9c90, pfQOP=0x0) returned 0x0 [0301.199] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0301.199] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0301.199] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0301.200] DecryptMessage (in: phContext=0x33a7de8, pMessage=0x33ab724, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33ab724, pfQOP=0x0) returned 0x0 [0301.200] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0301.200] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0301.201] DecryptMessage (in: phContext=0x33a7de8, pMessage=0x33ac528, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33ac528, pfQOP=0x0) returned 0x0 [0301.201] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0301.201] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0301.201] DecryptMessage (in: phContext=0x33a7de8, pMessage=0x33ad770, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33ad770, pfQOP=0x0) returned 0x0 [0301.202] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0301.202] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0301.202] DecryptMessage (in: phContext=0x33a7de8, pMessage=0x33ad884, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33ad884, pfQOP=0x0) returned 0x0 [0301.203] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0301.203] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0301.203] DecryptMessage (in: phContext=0x33a7de8, pMessage=0x33afbe8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33afbe8, pfQOP=0x0) returned 0x0 [0301.203] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0301.203] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0301.203] DecryptMessage (in: phContext=0x33a7de8, pMessage=0x33afcfc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33afcfc, pfQOP=0x0) returned 0x0 [0301.204] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0301.204] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0301.204] DecryptMessage (in: phContext=0x33a7de8, pMessage=0x33afe10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33afe10, pfQOP=0x0) returned 0x0 [0301.205] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0301.205] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0301.206] DecryptMessage (in: phContext=0x33a7de8, pMessage=0x33b43ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33b43ac, pfQOP=0x0) returned 0x0 [0301.206] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0301.207] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0301.207] DecryptMessage (in: phContext=0x33a7de8, pMessage=0x33b44c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33b44c0, pfQOP=0x0) returned 0x0 [0301.207] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0301.208] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0301.208] DecryptMessage (in: phContext=0x33a7de8, pMessage=0x33b45d4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33b45d4, pfQOP=0x0) returned 0x0 [0301.208] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0301.209] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0301.209] DecryptMessage (in: phContext=0x33a7de8, pMessage=0x33b46e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33b46e8, pfQOP=0x0) returned 0x0 [0301.210] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0301.210] recv (in: s=0x74c, buf=0x2fbd231, len=29, flags=0 | out: buf=0x2fbd231*) returned 29 [0301.210] DecryptMessage (in: phContext=0x33a7de8, pMessage=0x33b47fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33b47fc, pfQOP=0x0) returned 0x0 [0301.210] SetEvent (hEvent=0x4a8) returned 1 [0301.210] QueryContextAttributesW (in: phContext=0x33a7de8, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0301.211] DeleteSecurityContext (phContext=0x33a7de8) returned 0x0 [0301.211] shutdown (s=0x74c, how=2) returned 0 [0301.212] closesocket (s=0x74c) returned 0 [0301.217] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743896983111) returned 1 [0301.217] SetEvent (hEvent=0x4a8) returned 1 [0301.218] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0301.219] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0301.220] WSAConnect (in: s=0x74c, name=0x33b7bc0*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0301.526] closesocket (s=0x45c) returned 0 [0301.527] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x33b7c34, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x33b8120, pOutput=0x33b80b8, pfContextAttr=0x33b7fd0, ptsExpiry=0x73ed80 | out: phNewContext=0x33b8120, pOutput=0x33b80b8, pfContextAttr=0x33b7fd0, ptsExpiry=0x73ed80) returned 0x90312 [0301.528] FreeContextBuffer (in: pvContextBuffer=0x57265d0 | out: pvContextBuffer=0x57265d0) returned 0x0 [0301.528] send (s=0x74c, buf=0x33b8134*, len=366, flags=0) returned 366 [0301.528] recv (in: s=0x74c, buf=0x33b8134, len=5, flags=0 | out: buf=0x33b8134*) returned 5 [0301.537] recv (in: s=0x74c, buf=0x33b8139, len=59, flags=0 | out: buf=0x33b8139*) returned 59 [0301.538] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x33b7c34, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33b8328, Reserved2=0x0, phNewContext=0x33b8120, pOutput=0x33b833c, pfContextAttr=0x33b7fd0, ptsExpiry=0x73ecdc | out: phNewContext=0x33b8120, pOutput=0x33b833c, pfContextAttr=0x33b7fd0, ptsExpiry=0x73ecdc) returned 0x90312 [0301.538] recv (in: s=0x74c, buf=0x33b83cc, len=5, flags=0 | out: buf=0x33b83cc*) returned 5 [0301.538] recv (in: s=0x74c, buf=0x33b83e5, len=1, flags=0 | out: buf=0x33b83e5*) returned 1 [0301.539] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x33b7c34, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33b8458, Reserved2=0x0, phNewContext=0x33b8120, pOutput=0x33b846c, pfContextAttr=0x33b7fd0, ptsExpiry=0x73ec3c | out: phNewContext=0x33b8120, pOutput=0x33b846c, pfContextAttr=0x33b7fd0, ptsExpiry=0x73ec3c) returned 0x90312 [0301.539] recv (in: s=0x74c, buf=0x33b84fc, len=5, flags=0 | out: buf=0x33b84fc*) returned 5 [0301.539] recv (in: s=0x74c, buf=0x33b8515, len=40, flags=0 | out: buf=0x33b8515*) returned 40 [0301.540] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x33b7c34, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33b85b0, Reserved2=0x0, phNewContext=0x33b8120, pOutput=0x33b85c4, pfContextAttr=0x33b7fd0, ptsExpiry=0x73eb9c | out: phNewContext=0x33b8120, pOutput=0x33b85c4, pfContextAttr=0x33b7fd0, ptsExpiry=0x73eb9c) returned 0x0 [0301.541] FreeContextBuffer (in: pvContextBuffer=0x571e408 | out: pvContextBuffer=0x571e408) returned 0x0 [0301.541] QueryContextAttributesW (in: phContext=0x33b8120, ulAttribute=0x4, pBuffer=0x33b8694 | out: pBuffer=0x33b8694) returned 0x0 [0301.541] QueryContextAttributesW (in: phContext=0x33b8120, ulAttribute=0x5a, pBuffer=0x33b86d0 | out: pBuffer=0x33b86d0) returned 0x0 [0301.542] QueryContextAttributesW (in: phContext=0x33b8120, ulAttribute=0x53, pBuffer=0x33b871c | out: pBuffer=0x33b871c) returned 0x0 [0301.542] CertDuplicateCertificateContext (pCertContext=0x571e438) returned 0x571e438 [0301.543] CertDuplicateStore (hCertStore=0x9bb8d8) returned 0x9bb8d8 [0301.543] CertEnumCertificatesInStore (hCertStore=0x9bb8d8, pPrevCertContext=0x0) returned 0x571e528 [0301.543] CertDuplicateCertificateContext (pCertContext=0x571e528) returned 0x571e528 [0301.543] CertEnumCertificatesInStore (hCertStore=0x9bb8d8, pPrevCertContext=0x571e528) returned 0x571e438 [0301.544] CertDuplicateCertificateContext (pCertContext=0x571e438) returned 0x571e438 [0301.544] CertEnumCertificatesInStore (hCertStore=0x9bb8d8, pPrevCertContext=0x571e438) returned 0x0 [0301.544] CertCloseStore (hCertStore=0x9bb8d8, dwFlags=0x0) returned 1 [0301.544] CertFreeCRLContext (pCrlContext=0x571e438) returned 1 [0301.545] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bb950 [0301.546] CertAddCRLLinkToStore (in: hCertStore=0x9bb950, pCrlContext=0x571e528, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0301.546] CertAddCRLLinkToStore (in: hCertStore=0x9bb950, pCrlContext=0x571e438, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0301.547] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d4ee8 [0301.547] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e438, pTime=0x73ebb0, hAdditionalStore=0x9bb950, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0301.547] LocalFree (hMem=0x9d4ee8) returned 0x0 [0301.548] CertDuplicateCertificateChain (pChainContext=0x9e1a70) returned 0x9e1a70 [0301.548] CertDuplicateCertificateContext (pCertContext=0x571e438) returned 0x571e438 [0301.549] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0301.549] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0301.549] CertFreeCertificateChain (pChainContext=0x9e1a70) [0301.549] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e1a70, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0301.550] SetLastError (dwErrCode=0x0) [0301.552] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e1a70, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0301.552] CertFreeCertificateChain (pChainContext=0x9e1a70) [0301.553] CertFreeCRLContext (pCrlContext=0x571e438) returned 1 [0301.554] EncryptMessage (in: phContext=0x33b8120, fQOP=0x0, pMessage=0x33b9e4c, MessageSeqNo=0x0 | out: pMessage=0x33b9e4c) returned 0x0 [0301.554] CoTaskMemAlloc (cb=0x10) returned 0x9f3948 [0301.554] WSASend (in: s=0x74c, lpBuffers=0x9f3948*=((len=0x33, buf=0x33b8640*), (len=0x4f, buf=0x33b9d68*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0301.555] CoTaskMemFree (pv=0x9f3948) [0301.555] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0301.555] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0301.572] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0301.572] DecryptMessage (in: phContext=0x33b8120, pMessage=0x33b9fc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33b9fc8, pfQOP=0x0) returned 0x0 [0301.572] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0301.573] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0301.573] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0301.573] DecryptMessage (in: phContext=0x33b8120, pMessage=0x33bba50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33bba50, pfQOP=0x0) returned 0x0 [0301.574] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0301.574] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0301.574] DecryptMessage (in: phContext=0x33b8120, pMessage=0x33bc860, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33bc860, pfQOP=0x0) returned 0x0 [0301.574] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0301.574] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0301.574] DecryptMessage (in: phContext=0x33b8120, pMessage=0x33bda9c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33bda9c, pfQOP=0x0) returned 0x0 [0301.575] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0301.575] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0301.575] DecryptMessage (in: phContext=0x33b8120, pMessage=0x33bdbb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33bdbb0, pfQOP=0x0) returned 0x0 [0301.575] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0301.576] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0301.576] DecryptMessage (in: phContext=0x33b8120, pMessage=0x33bff14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33bff14, pfQOP=0x0) returned 0x0 [0301.576] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0301.576] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0301.577] DecryptMessage (in: phContext=0x33b8120, pMessage=0x33c0034, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33c0034, pfQOP=0x0) returned 0x0 [0301.577] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0301.577] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0301.577] DecryptMessage (in: phContext=0x33b8120, pMessage=0x33c0148, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33c0148, pfQOP=0x0) returned 0x0 [0301.579] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0301.579] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0301.579] DecryptMessage (in: phContext=0x33b8120, pMessage=0x33c46e4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33c46e4, pfQOP=0x0) returned 0x0 [0301.579] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0301.580] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0301.580] DecryptMessage (in: phContext=0x33b8120, pMessage=0x33c47f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33c47f8, pfQOP=0x0) returned 0x0 [0301.580] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0301.580] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0301.580] DecryptMessage (in: phContext=0x33b8120, pMessage=0x33c490c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33c490c, pfQOP=0x0) returned 0x0 [0301.580] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0301.581] recv (in: s=0x74c, buf=0x31617d5, len=1393, flags=0 | out: buf=0x31617d5*) returned 1393 [0301.581] DecryptMessage (in: phContext=0x33b8120, pMessage=0x33c4a20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33c4a20, pfQOP=0x0) returned 0x0 [0301.581] recv (in: s=0x74c, buf=0x31617d0, len=5, flags=0 | out: buf=0x31617d0*) returned 5 [0301.582] recv (in: s=0x74c, buf=0x31617d5, len=51, flags=0 | out: buf=0x31617d5*) returned 51 [0301.582] DecryptMessage (in: phContext=0x33b8120, pMessage=0x33c4b34, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33c4b34, pfQOP=0x0) returned 0x0 [0301.582] SetEvent (hEvent=0x4a8) returned 1 [0301.583] QueryContextAttributesW (in: phContext=0x33b8120, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0301.583] DeleteSecurityContext (phContext=0x33b8120) returned 0x0 [0301.584] shutdown (s=0x74c, how=2) returned 0 [0301.584] closesocket (s=0x74c) returned 0 [0301.590] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743934354915) returned 1 [0301.591] SetEvent (hEvent=0x4a8) returned 1 [0301.593] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0301.593] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0301.594] WSAConnect (in: s=0x74c, name=0x33c7f0c*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0301.604] closesocket (s=0x45c) returned 0 [0301.605] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x33c7f6c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x33c844c, pOutput=0x33c83e4, pfContextAttr=0x33c82fc, ptsExpiry=0x73ed80 | out: phNewContext=0x33c844c, pOutput=0x33c83e4, pfContextAttr=0x33c82fc, ptsExpiry=0x73ed80) returned 0x90312 [0301.606] FreeContextBuffer (in: pvContextBuffer=0x5726a68 | out: pvContextBuffer=0x5726a68) returned 0x0 [0301.606] send (s=0x74c, buf=0x33c846c*, len=366, flags=0) returned 366 [0301.607] recv (in: s=0x74c, buf=0x33c846c, len=5, flags=0 | out: buf=0x33c846c*) returned 5 [0301.618] recv (in: s=0x74c, buf=0x33c8471, len=59, flags=0 | out: buf=0x33c8471*) returned 59 [0301.618] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x33c7f6c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33c8660, Reserved2=0x0, phNewContext=0x33c844c, pOutput=0x33c8674, pfContextAttr=0x33c82fc, ptsExpiry=0x73ecdc | out: phNewContext=0x33c844c, pOutput=0x33c8674, pfContextAttr=0x33c82fc, ptsExpiry=0x73ecdc) returned 0x90312 [0301.619] recv (in: s=0x74c, buf=0x33c8704, len=5, flags=0 | out: buf=0x33c8704*) returned 5 [0301.619] recv (in: s=0x74c, buf=0x33c871d, len=1, flags=0 | out: buf=0x33c871d*) returned 1 [0301.619] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x33c7f6c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33c8790, Reserved2=0x0, phNewContext=0x33c844c, pOutput=0x33c87a4, pfContextAttr=0x33c82fc, ptsExpiry=0x73ec3c | out: phNewContext=0x33c844c, pOutput=0x33c87a4, pfContextAttr=0x33c82fc, ptsExpiry=0x73ec3c) returned 0x90312 [0301.620] recv (in: s=0x74c, buf=0x33c8834, len=5, flags=0 | out: buf=0x33c8834*) returned 5 [0301.620] recv (in: s=0x74c, buf=0x33c884d, len=40, flags=0 | out: buf=0x33c884d*) returned 40 [0301.620] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x33c7f6c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33c88e8, Reserved2=0x0, phNewContext=0x33c844c, pOutput=0x33c88fc, pfContextAttr=0x33c82fc, ptsExpiry=0x73eb9c | out: phNewContext=0x33c844c, pOutput=0x33c88fc, pfContextAttr=0x33c82fc, ptsExpiry=0x73eb9c) returned 0x0 [0301.622] FreeContextBuffer (in: pvContextBuffer=0x967d00 | out: pvContextBuffer=0x967d00) returned 0x0 [0301.622] QueryContextAttributesW (in: phContext=0x33c844c, ulAttribute=0x4, pBuffer=0x33c89cc | out: pBuffer=0x33c89cc) returned 0x0 [0301.622] QueryContextAttributesW (in: phContext=0x33c844c, ulAttribute=0x5a, pBuffer=0x33c8a08 | out: pBuffer=0x33c8a08) returned 0x0 [0301.622] QueryContextAttributesW (in: phContext=0x33c844c, ulAttribute=0x53, pBuffer=0x33c8a54 | out: pBuffer=0x33c8a54) returned 0x0 [0301.623] CertDuplicateCertificateContext (pCertContext=0x967ba0) returned 0x967ba0 [0301.623] CertDuplicateStore (hCertStore=0x9bc418) returned 0x9bc418 [0301.623] CertEnumCertificatesInStore (hCertStore=0x9bc418, pPrevCertContext=0x0) returned 0x967e20 [0301.624] CertDuplicateCertificateContext (pCertContext=0x967e20) returned 0x967e20 [0301.624] CertEnumCertificatesInStore (hCertStore=0x9bc418, pPrevCertContext=0x967e20) returned 0x967ba0 [0301.624] CertDuplicateCertificateContext (pCertContext=0x967ba0) returned 0x967ba0 [0301.625] CertEnumCertificatesInStore (hCertStore=0x9bc418, pPrevCertContext=0x967ba0) returned 0x0 [0301.625] CertCloseStore (hCertStore=0x9bc418, dwFlags=0x0) returned 1 [0301.625] CertFreeCRLContext (pCrlContext=0x967ba0) returned 1 [0301.626] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bbc20 [0301.626] CertAddCRLLinkToStore (in: hCertStore=0x9bbc20, pCrlContext=0x967e20, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0301.626] CertAddCRLLinkToStore (in: hCertStore=0x9bbc20, pCrlContext=0x967ba0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0301.627] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d4d88 [0301.627] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x967ba0, pTime=0x73ebb0, hAdditionalStore=0x9bbc20, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0301.628] LocalFree (hMem=0x9d4d88) returned 0x0 [0301.629] CertDuplicateCertificateChain (pChainContext=0x9e1a70) returned 0x9e1a70 [0301.629] CertDuplicateCertificateContext (pCertContext=0x967ba0) returned 0x967ba0 [0301.630] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0301.630] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0301.631] CertFreeCertificateChain (pChainContext=0x9e1a70) [0301.631] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e1a70, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0301.631] SetLastError (dwErrCode=0x0) [0301.631] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e1a70, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0301.631] CertFreeCertificateChain (pChainContext=0x9e1a70) [0301.631] CertFreeCRLContext (pCrlContext=0x967ba0) returned 1 [0301.632] EncryptMessage (in: phContext=0x33c844c, fQOP=0x0, pMessage=0x33ca178, MessageSeqNo=0x0 | out: pMessage=0x33ca178) returned 0x0 [0301.632] CoTaskMemAlloc (cb=0x10) returned 0x9f39d8 [0301.632] WSASend (in: s=0x74c, lpBuffers=0x9f39d8*=((len=0x33, buf=0x33c8978*), (len=0x4f, buf=0x33ca094*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0301.634] CoTaskMemFree (pv=0x9f39d8) [0301.634] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0301.634] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0301.654] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0301.654] DecryptMessage (in: phContext=0x33c844c, pMessage=0x33ca2f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33ca2f4, pfQOP=0x0) returned 0x0 [0301.655] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0301.655] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0301.655] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0301.655] DecryptMessage (in: phContext=0x33c844c, pMessage=0x33cbd88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33cbd88, pfQOP=0x0) returned 0x0 [0301.656] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0301.656] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0301.656] DecryptMessage (in: phContext=0x33c844c, pMessage=0x33ccb98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33ccb98, pfQOP=0x0) returned 0x0 [0301.657] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0301.657] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0301.657] DecryptMessage (in: phContext=0x33c844c, pMessage=0x33cddd4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33cddd4, pfQOP=0x0) returned 0x0 [0301.657] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0301.657] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0301.657] DecryptMessage (in: phContext=0x33c844c, pMessage=0x33cdee8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33cdee8, pfQOP=0x0) returned 0x0 [0301.658] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0301.658] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0301.658] DecryptMessage (in: phContext=0x33c844c, pMessage=0x33d024c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33d024c, pfQOP=0x0) returned 0x0 [0301.658] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0301.659] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0301.659] DecryptMessage (in: phContext=0x33c844c, pMessage=0x33d0360, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33d0360, pfQOP=0x0) returned 0x0 [0301.659] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0301.660] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0301.660] DecryptMessage (in: phContext=0x33c844c, pMessage=0x33d0474, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33d0474, pfQOP=0x0) returned 0x0 [0301.662] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0301.662] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0301.662] DecryptMessage (in: phContext=0x33c844c, pMessage=0x33d4a10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33d4a10, pfQOP=0x0) returned 0x0 [0301.662] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0301.662] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0301.663] DecryptMessage (in: phContext=0x33c844c, pMessage=0x33d4b30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33d4b30, pfQOP=0x0) returned 0x0 [0301.663] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0301.663] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0301.663] DecryptMessage (in: phContext=0x33c844c, pMessage=0x33d4c44, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33d4c44, pfQOP=0x0) returned 0x0 [0301.664] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0301.664] recv (in: s=0x74c, buf=0x315d791, len=1393, flags=0 | out: buf=0x315d791*) returned 1393 [0301.664] DecryptMessage (in: phContext=0x33c844c, pMessage=0x33d4d58, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33d4d58, pfQOP=0x0) returned 0x0 [0301.664] recv (in: s=0x74c, buf=0x315d78c, len=5, flags=0 | out: buf=0x315d78c*) returned 5 [0301.664] recv (in: s=0x74c, buf=0x315d791, len=29, flags=0 | out: buf=0x315d791*) returned 29 [0301.664] DecryptMessage (in: phContext=0x33c844c, pMessage=0x33d4e6c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33d4e6c, pfQOP=0x0) returned 0x0 [0301.665] SetEvent (hEvent=0x4a8) returned 1 [0301.665] QueryContextAttributesW (in: phContext=0x33c844c, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0301.665] DeleteSecurityContext (phContext=0x33c844c) returned 0x0 [0301.666] shutdown (s=0x74c, how=2) returned 0 [0301.667] closesocket (s=0x74c) returned 0 [0301.673] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743942832399) returned 1 [0301.783] SetEvent (hEvent=0x4a8) returned 1 [0301.785] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0301.786] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0301.786] WSAConnect (in: s=0x74c, name=0x33d8244*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0301.800] closesocket (s=0x45c) returned 0 [0301.801] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x33d82a4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x33d8784, pOutput=0x33d871c, pfContextAttr=0x33d8634, ptsExpiry=0x73ed80 | out: phNewContext=0x33d8784, pOutput=0x33d871c, pfContextAttr=0x33d8634, ptsExpiry=0x73ed80) returned 0x90312 [0301.802] FreeContextBuffer (in: pvContextBuffer=0x5726448 | out: pvContextBuffer=0x5726448) returned 0x0 [0301.802] send (s=0x74c, buf=0x33d8798*, len=366, flags=0) returned 366 [0301.803] recv (in: s=0x74c, buf=0x33d8798, len=5, flags=0 | out: buf=0x33d8798*) returned 5 [0301.811] recv (in: s=0x74c, buf=0x33d879d, len=59, flags=0 | out: buf=0x33d879d*) returned 59 [0301.811] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x33d82a4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33d898c, Reserved2=0x0, phNewContext=0x33d8784, pOutput=0x33d89a0, pfContextAttr=0x33d8634, ptsExpiry=0x73ecdc | out: phNewContext=0x33d8784, pOutput=0x33d89a0, pfContextAttr=0x33d8634, ptsExpiry=0x73ecdc) returned 0x90312 [0301.812] recv (in: s=0x74c, buf=0x33d8a30, len=5, flags=0 | out: buf=0x33d8a30*) returned 5 [0301.812] recv (in: s=0x74c, buf=0x33d8a49, len=1, flags=0 | out: buf=0x33d8a49*) returned 1 [0301.813] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x33d82a4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33d8abc, Reserved2=0x0, phNewContext=0x33d8784, pOutput=0x33d8ad0, pfContextAttr=0x33d8634, ptsExpiry=0x73ec3c | out: phNewContext=0x33d8784, pOutput=0x33d8ad0, pfContextAttr=0x33d8634, ptsExpiry=0x73ec3c) returned 0x90312 [0301.813] recv (in: s=0x74c, buf=0x33d8b6c, len=5, flags=0 | out: buf=0x33d8b6c*) returned 5 [0301.813] recv (in: s=0x74c, buf=0x33d8b85, len=40, flags=0 | out: buf=0x33d8b85*) returned 40 [0301.813] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x33d82a4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33d8c20, Reserved2=0x0, phNewContext=0x33d8784, pOutput=0x33d8c34, pfContextAttr=0x33d8634, ptsExpiry=0x73eb9c | out: phNewContext=0x33d8784, pOutput=0x33d8c34, pfContextAttr=0x33d8634, ptsExpiry=0x73eb9c) returned 0x0 [0301.822] FreeContextBuffer (in: pvContextBuffer=0x967b20 | out: pvContextBuffer=0x967b20) returned 0x0 [0301.822] QueryContextAttributesW (in: phContext=0x33d8784, ulAttribute=0x4, pBuffer=0x33d8d04 | out: pBuffer=0x33d8d04) returned 0x0 [0301.822] QueryContextAttributesW (in: phContext=0x33d8784, ulAttribute=0x5a, pBuffer=0x33d8d40 | out: pBuffer=0x33d8d40) returned 0x0 [0301.822] QueryContextAttributesW (in: phContext=0x33d8784, ulAttribute=0x53, pBuffer=0x33d8d8c | out: pBuffer=0x33d8d8c) returned 0x0 [0301.823] CertDuplicateCertificateContext (pCertContext=0x967ec0) returned 0x967ec0 [0301.824] CertDuplicateStore (hCertStore=0x9bba40) returned 0x9bba40 [0301.824] CertEnumCertificatesInStore (hCertStore=0x9bba40, pPrevCertContext=0x0) returned 0x967d30 [0301.825] CertDuplicateCertificateContext (pCertContext=0x967d30) returned 0x967d30 [0301.825] CertEnumCertificatesInStore (hCertStore=0x9bba40, pPrevCertContext=0x967d30) returned 0x967ec0 [0301.825] CertDuplicateCertificateContext (pCertContext=0x967ec0) returned 0x967ec0 [0301.825] CertEnumCertificatesInStore (hCertStore=0x9bba40, pPrevCertContext=0x967ec0) returned 0x0 [0301.825] CertCloseStore (hCertStore=0x9bba40, dwFlags=0x0) returned 1 [0301.825] CertFreeCRLContext (pCrlContext=0x967ec0) returned 1 [0301.827] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bbab8 [0301.827] CertAddCRLLinkToStore (in: hCertStore=0x9bbab8, pCrlContext=0x967d30, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0301.827] CertAddCRLLinkToStore (in: hCertStore=0x9bbab8, pCrlContext=0x967ec0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0301.828] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d4f08 [0301.828] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x967ec0, pTime=0x73ebb0, hAdditionalStore=0x9bbab8, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0301.828] LocalFree (hMem=0x9d4f08) returned 0x0 [0301.829] CertDuplicateCertificateChain (pChainContext=0x9e33b0) returned 0x9e33b0 [0301.829] CertDuplicateCertificateContext (pCertContext=0x967ec0) returned 0x967ec0 [0301.830] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0301.830] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0301.830] CertFreeCertificateChain (pChainContext=0x9e33b0) [0301.831] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e33b0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0301.831] SetLastError (dwErrCode=0x0) [0301.831] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e33b0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0301.832] CertFreeCertificateChain (pChainContext=0x9e33b0) [0301.832] CertFreeCRLContext (pCrlContext=0x967ec0) returned 1 [0301.833] EncryptMessage (in: phContext=0x33d8784, fQOP=0x0, pMessage=0x33da4b0, MessageSeqNo=0x0 | out: pMessage=0x33da4b0) returned 0x0 [0301.833] CoTaskMemAlloc (cb=0x10) returned 0x9f3948 [0301.833] WSASend (in: s=0x74c, lpBuffers=0x9f3948*=((len=0x33, buf=0x33d8cb0*), (len=0x4f, buf=0x33da3cc*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0301.834] CoTaskMemFree (pv=0x9f3948) [0301.834] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0301.834] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0301.858] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0301.859] DecryptMessage (in: phContext=0x33d8784, pMessage=0x33da62c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33da62c, pfQOP=0x0) returned 0x0 [0301.859] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0301.860] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0301.860] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0301.860] DecryptMessage (in: phContext=0x33d8784, pMessage=0x33dc0c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33dc0c0, pfQOP=0x0) returned 0x0 [0301.861] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0301.861] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0301.861] DecryptMessage (in: phContext=0x33d8784, pMessage=0x33dced0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33dced0, pfQOP=0x0) returned 0x0 [0301.861] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0301.861] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0301.861] DecryptMessage (in: phContext=0x33d8784, pMessage=0x33de10c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33de10c, pfQOP=0x0) returned 0x0 [0301.862] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0301.862] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0301.862] DecryptMessage (in: phContext=0x33d8784, pMessage=0x33de220, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33de220, pfQOP=0x0) returned 0x0 [0301.863] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0301.863] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0301.863] DecryptMessage (in: phContext=0x33d8784, pMessage=0x33e0584, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33e0584, pfQOP=0x0) returned 0x0 [0301.864] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0301.864] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0301.864] DecryptMessage (in: phContext=0x33d8784, pMessage=0x33e0698, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33e0698, pfQOP=0x0) returned 0x0 [0301.864] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0301.864] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0301.864] DecryptMessage (in: phContext=0x33d8784, pMessage=0x33e07ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33e07ac, pfQOP=0x0) returned 0x0 [0301.866] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0301.866] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0301.866] DecryptMessage (in: phContext=0x33d8784, pMessage=0x33e4d48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33e4d48, pfQOP=0x0) returned 0x0 [0301.867] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0301.867] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0301.867] DecryptMessage (in: phContext=0x33d8784, pMessage=0x33e4e5c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33e4e5c, pfQOP=0x0) returned 0x0 [0301.867] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0301.867] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0301.867] DecryptMessage (in: phContext=0x33d8784, pMessage=0x33e4f70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33e4f70, pfQOP=0x0) returned 0x0 [0301.868] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0301.868] recv (in: s=0x74c, buf=0x3165819, len=1393, flags=0 | out: buf=0x3165819*) returned 1393 [0301.868] DecryptMessage (in: phContext=0x33d8784, pMessage=0x33e5084, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33e5084, pfQOP=0x0) returned 0x0 [0301.868] recv (in: s=0x74c, buf=0x3165814, len=5, flags=0 | out: buf=0x3165814*) returned 5 [0301.868] recv (in: s=0x74c, buf=0x3165819, len=29, flags=0 | out: buf=0x3165819*) returned 29 [0301.869] DecryptMessage (in: phContext=0x33d8784, pMessage=0x33e5198, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33e5198, pfQOP=0x0) returned 0x0 [0301.869] SetEvent (hEvent=0x4a8) returned 1 [0301.869] QueryContextAttributesW (in: phContext=0x33d8784, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0301.870] DeleteSecurityContext (phContext=0x33d8784) returned 0x0 [0301.870] shutdown (s=0x74c, how=2) returned 0 [0301.871] closesocket (s=0x74c) returned 0 [0301.877] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743963029784) returned 1 [0301.877] SetEvent (hEvent=0x4a8) returned 1 [0301.880] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0301.881] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0301.881] WSAConnect (in: s=0x74c, name=0x33e857c*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0301.892] closesocket (s=0x45c) returned 0 [0301.893] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x33e85dc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x33e8abc, pOutput=0x33e8a54, pfContextAttr=0x33e896c, ptsExpiry=0x73ed80 | out: phNewContext=0x33e8abc, pOutput=0x33e8a54, pfContextAttr=0x33e896c, ptsExpiry=0x73ed80) returned 0x90312 [0301.893] FreeContextBuffer (in: pvContextBuffer=0x5725e28 | out: pvContextBuffer=0x5725e28) returned 0x0 [0301.893] send (s=0x74c, buf=0x33e8ad0*, len=366, flags=0) returned 366 [0301.952] recv (in: s=0x74c, buf=0x33e8ad0, len=5, flags=0 | out: buf=0x33e8ad0*) returned 5 [0301.953] recv (in: s=0x74c, buf=0x33e8ad5, len=59, flags=0 | out: buf=0x33e8ad5*) returned 59 [0301.953] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x33e85dc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33e8cc4, Reserved2=0x0, phNewContext=0x33e8abc, pOutput=0x33e8cd8, pfContextAttr=0x33e896c, ptsExpiry=0x73ecdc | out: phNewContext=0x33e8abc, pOutput=0x33e8cd8, pfContextAttr=0x33e896c, ptsExpiry=0x73ecdc) returned 0x90312 [0301.954] recv (in: s=0x74c, buf=0x33e8d68, len=5, flags=0 | out: buf=0x33e8d68*) returned 5 [0301.954] recv (in: s=0x74c, buf=0x33e8d81, len=1, flags=0 | out: buf=0x33e8d81*) returned 1 [0301.954] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x33e85dc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33e8df4, Reserved2=0x0, phNewContext=0x33e8abc, pOutput=0x33e8e08, pfContextAttr=0x33e896c, ptsExpiry=0x73ec3c | out: phNewContext=0x33e8abc, pOutput=0x33e8e08, pfContextAttr=0x33e896c, ptsExpiry=0x73ec3c) returned 0x90312 [0301.954] recv (in: s=0x74c, buf=0x33e8e98, len=5, flags=0 | out: buf=0x33e8e98*) returned 5 [0301.955] recv (in: s=0x74c, buf=0x33e8eb1, len=40, flags=0 | out: buf=0x33e8eb1*) returned 40 [0301.955] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x33e85dc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33e8f4c, Reserved2=0x0, phNewContext=0x33e8abc, pOutput=0x33e8f60, pfContextAttr=0x33e896c, ptsExpiry=0x73eb9c | out: phNewContext=0x33e8abc, pOutput=0x33e8f60, pfContextAttr=0x33e896c, ptsExpiry=0x73eb9c) returned 0x0 [0301.957] FreeContextBuffer (in: pvContextBuffer=0x967a80 | out: pvContextBuffer=0x967a80) returned 0x0 [0301.957] QueryContextAttributesW (in: phContext=0x33e8abc, ulAttribute=0x4, pBuffer=0x33e9030 | out: pBuffer=0x33e9030) returned 0x0 [0301.957] QueryContextAttributesW (in: phContext=0x33e8abc, ulAttribute=0x5a, pBuffer=0x33e906c | out: pBuffer=0x33e906c) returned 0x0 [0301.957] QueryContextAttributesW (in: phContext=0x33e8abc, ulAttribute=0x53, pBuffer=0x33e90b8 | out: pBuffer=0x33e90b8) returned 0x0 [0301.958] CertDuplicateCertificateContext (pCertContext=0x967ab0) returned 0x967ab0 [0301.958] CertDuplicateStore (hCertStore=0x9bc490) returned 0x9bc490 [0301.959] CertEnumCertificatesInStore (hCertStore=0x9bc490, pPrevCertContext=0x0) returned 0x967b50 [0301.959] CertDuplicateCertificateContext (pCertContext=0x967b50) returned 0x967b50 [0301.960] CertEnumCertificatesInStore (hCertStore=0x9bc490, pPrevCertContext=0x967b50) returned 0x967ab0 [0301.960] CertDuplicateCertificateContext (pCertContext=0x967ab0) returned 0x967ab0 [0301.960] CertEnumCertificatesInStore (hCertStore=0x9bc490, pPrevCertContext=0x967ab0) returned 0x0 [0301.960] CertCloseStore (hCertStore=0x9bc490, dwFlags=0x0) returned 1 [0301.960] CertFreeCRLContext (pCrlContext=0x967ab0) returned 1 [0301.961] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bc238 [0301.962] CertAddCRLLinkToStore (in: hCertStore=0x9bc238, pCrlContext=0x967b50, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0301.962] CertAddCRLLinkToStore (in: hCertStore=0x9bc238, pCrlContext=0x967ab0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0301.962] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d5068 [0301.963] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x967ab0, pTime=0x73ebb0, hAdditionalStore=0x9bc238, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0301.963] LocalFree (hMem=0x9d5068) returned 0x0 [0301.963] CertDuplicateCertificateChain (pChainContext=0x9e2a38) returned 0x9e2a38 [0301.964] CertDuplicateCertificateContext (pCertContext=0x967ab0) returned 0x967ab0 [0301.965] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0301.965] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0301.965] CertFreeCertificateChain (pChainContext=0x9e2a38) [0301.965] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e2a38, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0301.965] SetLastError (dwErrCode=0x0) [0301.966] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e2a38, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0301.966] CertFreeCertificateChain (pChainContext=0x9e2a38) [0301.966] CertFreeCRLContext (pCrlContext=0x967ab0) returned 1 [0301.967] EncryptMessage (in: phContext=0x33e8abc, fQOP=0x0, pMessage=0x33ea7e8, MessageSeqNo=0x0 | out: pMessage=0x33ea7e8) returned 0x0 [0301.967] CoTaskMemAlloc (cb=0x10) returned 0x9f3ac8 [0301.967] WSASend (in: s=0x74c, lpBuffers=0x9f3ac8*=((len=0x33, buf=0x33e8fdc*), (len=0x4f, buf=0x33ea704*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0301.968] CoTaskMemFree (pv=0x9f3ac8) [0301.968] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0301.968] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0302.059] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0302.059] DecryptMessage (in: phContext=0x33e8abc, pMessage=0x33ea964, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33ea964, pfQOP=0x0) returned 0x0 [0302.060] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0302.060] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0302.060] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0302.061] DecryptMessage (in: phContext=0x33e8abc, pMessage=0x33ec3f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33ec3f8, pfQOP=0x0) returned 0x0 [0302.061] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0302.061] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0302.062] DecryptMessage (in: phContext=0x33e8abc, pMessage=0x33ed208, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33ed208, pfQOP=0x0) returned 0x0 [0302.062] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0302.062] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0302.062] DecryptMessage (in: phContext=0x33e8abc, pMessage=0x33ee444, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33ee444, pfQOP=0x0) returned 0x0 [0302.062] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0302.063] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0302.063] DecryptMessage (in: phContext=0x33e8abc, pMessage=0x33ee558, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33ee558, pfQOP=0x0) returned 0x0 [0302.063] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0302.063] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0302.064] DecryptMessage (in: phContext=0x33e8abc, pMessage=0x33f08bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33f08bc, pfQOP=0x0) returned 0x0 [0302.064] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0302.064] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0302.064] DecryptMessage (in: phContext=0x33e8abc, pMessage=0x33f09d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33f09d0, pfQOP=0x0) returned 0x0 [0302.064] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0302.064] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0302.065] DecryptMessage (in: phContext=0x33e8abc, pMessage=0x33f0ae4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33f0ae4, pfQOP=0x0) returned 0x0 [0302.071] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0302.071] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0302.071] DecryptMessage (in: phContext=0x33e8abc, pMessage=0x33f5080, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33f5080, pfQOP=0x0) returned 0x0 [0302.072] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0302.072] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0302.072] DecryptMessage (in: phContext=0x33e8abc, pMessage=0x33f5194, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33f5194, pfQOP=0x0) returned 0x0 [0302.072] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0302.072] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0302.072] DecryptMessage (in: phContext=0x33e8abc, pMessage=0x33f52a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33f52a8, pfQOP=0x0) returned 0x0 [0302.073] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0302.073] recv (in: s=0x74c, buf=0x3149531, len=1393, flags=0 | out: buf=0x3149531*) returned 1393 [0302.073] DecryptMessage (in: phContext=0x33e8abc, pMessage=0x33f53bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33f53bc, pfQOP=0x0) returned 0x0 [0302.073] recv (in: s=0x74c, buf=0x314952c, len=5, flags=0 | out: buf=0x314952c*) returned 5 [0302.073] recv (in: s=0x74c, buf=0x3149531, len=51, flags=0 | out: buf=0x3149531*) returned 51 [0302.073] DecryptMessage (in: phContext=0x33e8abc, pMessage=0x33f54d0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33f54d0, pfQOP=0x0) returned 0x0 [0302.074] SetEvent (hEvent=0x4a8) returned 1 [0302.074] QueryContextAttributesW (in: phContext=0x33e8abc, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0302.074] DeleteSecurityContext (phContext=0x33e8abc) returned 0x0 [0302.075] shutdown (s=0x74c, how=2) returned 0 [0302.076] closesocket (s=0x74c) returned 0 [0302.085] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2743983771165) returned 1 [0302.085] SetEvent (hEvent=0x4a8) returned 1 [0302.087] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0302.088] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0302.088] WSAConnect (in: s=0x74c, name=0x33f88b4*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0302.102] closesocket (s=0x45c) returned 0 [0302.103] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x33f8914, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x33f8df4, pOutput=0x33f8d8c, pfContextAttr=0x33f8ca4, ptsExpiry=0x73ed80 | out: phNewContext=0x33f8df4, pOutput=0x33f8d8c, pfContextAttr=0x33f8ca4, ptsExpiry=0x73ed80) returned 0x90312 [0302.103] FreeContextBuffer (in: pvContextBuffer=0x57265d0 | out: pvContextBuffer=0x57265d0) returned 0x0 [0302.104] send (s=0x74c, buf=0x33f8e08*, len=366, flags=0) returned 366 [0302.104] recv (in: s=0x74c, buf=0x33f8e08, len=5, flags=0 | out: buf=0x33f8e08*) returned 5 [0302.114] recv (in: s=0x74c, buf=0x33f8e0d, len=59, flags=0 | out: buf=0x33f8e0d*) returned 59 [0302.115] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x33f8914, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33f8ffc, Reserved2=0x0, phNewContext=0x33f8df4, pOutput=0x33f9010, pfContextAttr=0x33f8ca4, ptsExpiry=0x73ecdc | out: phNewContext=0x33f8df4, pOutput=0x33f9010, pfContextAttr=0x33f8ca4, ptsExpiry=0x73ecdc) returned 0x90312 [0302.115] recv (in: s=0x74c, buf=0x33f90a0, len=5, flags=0 | out: buf=0x33f90a0*) returned 5 [0302.115] recv (in: s=0x74c, buf=0x33f90b9, len=1, flags=0 | out: buf=0x33f90b9*) returned 1 [0302.116] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x33f8914, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33f912c, Reserved2=0x0, phNewContext=0x33f8df4, pOutput=0x33f9140, pfContextAttr=0x33f8ca4, ptsExpiry=0x73ec3c | out: phNewContext=0x33f8df4, pOutput=0x33f9140, pfContextAttr=0x33f8ca4, ptsExpiry=0x73ec3c) returned 0x90312 [0302.116] recv (in: s=0x74c, buf=0x33f91d0, len=5, flags=0 | out: buf=0x33f91d0*) returned 5 [0302.116] recv (in: s=0x74c, buf=0x33f91e9, len=40, flags=0 | out: buf=0x33f91e9*) returned 40 [0302.117] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x33f8914, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33f9284, Reserved2=0x0, phNewContext=0x33f8df4, pOutput=0x33f9298, pfContextAttr=0x33f8ca4, ptsExpiry=0x73eb9c | out: phNewContext=0x33f8df4, pOutput=0x33f9298, pfContextAttr=0x33f8ca4, ptsExpiry=0x73eb9c) returned 0x0 [0302.118] FreeContextBuffer (in: pvContextBuffer=0x571e688 | out: pvContextBuffer=0x571e688) returned 0x0 [0302.118] QueryContextAttributesW (in: phContext=0x33f8df4, ulAttribute=0x4, pBuffer=0x33f9368 | out: pBuffer=0x33f9368) returned 0x0 [0302.118] QueryContextAttributesW (in: phContext=0x33f8df4, ulAttribute=0x5a, pBuffer=0x33f93a4 | out: pBuffer=0x33f93a4) returned 0x0 [0302.118] QueryContextAttributesW (in: phContext=0x33f8df4, ulAttribute=0x53, pBuffer=0x33f93f0 | out: pBuffer=0x33f93f0) returned 0x0 [0302.119] CertDuplicateCertificateContext (pCertContext=0x571e6b8) returned 0x571e6b8 [0302.120] CertDuplicateStore (hCertStore=0x9bc148) returned 0x9bc148 [0302.120] CertEnumCertificatesInStore (hCertStore=0x9bc148, pPrevCertContext=0x0) returned 0x9fd248 [0302.120] CertDuplicateCertificateContext (pCertContext=0x9fd248) returned 0x9fd248 [0302.120] CertEnumCertificatesInStore (hCertStore=0x9bc148, pPrevCertContext=0x9fd248) returned 0x571e6b8 [0302.121] CertDuplicateCertificateContext (pCertContext=0x571e6b8) returned 0x571e6b8 [0302.121] CertEnumCertificatesInStore (hCertStore=0x9bc148, pPrevCertContext=0x571e6b8) returned 0x0 [0302.121] CertCloseStore (hCertStore=0x9bc148, dwFlags=0x0) returned 1 [0302.121] CertFreeCRLContext (pCrlContext=0x571e6b8) returned 1 [0302.123] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bb680 [0302.123] CertAddCRLLinkToStore (in: hCertStore=0x9bb680, pCrlContext=0x9fd248, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.123] CertAddCRLLinkToStore (in: hCertStore=0x9bb680, pCrlContext=0x571e6b8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.124] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d5408 [0302.124] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x571e6b8, pTime=0x73ebb0, hAdditionalStore=0x9bb680, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0302.124] LocalFree (hMem=0x9d5408) returned 0x0 [0302.125] CertDuplicateCertificateChain (pChainContext=0x9e2a38) returned 0x9e2a38 [0302.125] CertDuplicateCertificateContext (pCertContext=0x571e6b8) returned 0x571e6b8 [0302.126] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0302.126] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0302.126] CertFreeCertificateChain (pChainContext=0x9e2a38) [0302.127] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e2a38, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0302.127] SetLastError (dwErrCode=0x0) [0302.127] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e2a38, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0302.127] CertFreeCertificateChain (pChainContext=0x9e2a38) [0302.213] CertFreeCRLContext (pCrlContext=0x571e6b8) returned 1 [0302.213] EncryptMessage (in: phContext=0x33f8df4, fQOP=0x0, pMessage=0x33fab20, MessageSeqNo=0x0 | out: pMessage=0x33fab20) returned 0x0 [0302.213] CoTaskMemAlloc (cb=0x10) returned 0x9f3948 [0302.213] WSASend (in: s=0x74c, lpBuffers=0x9f3948*=((len=0x33, buf=0x33f9314*), (len=0x4f, buf=0x33faa3c*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0302.214] CoTaskMemFree (pv=0x9f3948) [0302.214] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0302.214] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0302.230] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0302.230] DecryptMessage (in: phContext=0x33f8df4, pMessage=0x33fac9c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33fac9c, pfQOP=0x0) returned 0x0 [0302.233] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0302.233] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0302.233] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0302.233] DecryptMessage (in: phContext=0x33f8df4, pMessage=0x33fc730, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33fc730, pfQOP=0x0) returned 0x0 [0302.233] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0302.234] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0302.234] DecryptMessage (in: phContext=0x33f8df4, pMessage=0x33fd534, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33fd534, pfQOP=0x0) returned 0x0 [0302.234] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0302.234] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0302.234] DecryptMessage (in: phContext=0x33f8df4, pMessage=0x33fe77c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33fe77c, pfQOP=0x0) returned 0x0 [0302.235] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0302.235] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0302.235] DecryptMessage (in: phContext=0x33f8df4, pMessage=0x33fe890, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33fe890, pfQOP=0x0) returned 0x0 [0302.235] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0302.235] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0302.236] DecryptMessage (in: phContext=0x33f8df4, pMessage=0x3400bf4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3400bf4, pfQOP=0x0) returned 0x0 [0302.236] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0302.236] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0302.236] DecryptMessage (in: phContext=0x33f8df4, pMessage=0x3400d08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3400d08, pfQOP=0x0) returned 0x0 [0302.236] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0302.236] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0302.236] DecryptMessage (in: phContext=0x33f8df4, pMessage=0x3400e1c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3400e1c, pfQOP=0x0) returned 0x0 [0302.239] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0302.239] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0302.240] DecryptMessage (in: phContext=0x33f8df4, pMessage=0x34053b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x34053b8, pfQOP=0x0) returned 0x0 [0302.240] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0302.240] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0302.240] DecryptMessage (in: phContext=0x33f8df4, pMessage=0x34054cc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x34054cc, pfQOP=0x0) returned 0x0 [0302.240] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0302.240] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0302.240] DecryptMessage (in: phContext=0x33f8df4, pMessage=0x34055e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x34055e0, pfQOP=0x0) returned 0x0 [0302.240] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0302.241] recv (in: s=0x74c, buf=0x316d8a1, len=1393, flags=0 | out: buf=0x316d8a1*) returned 1393 [0302.241] DecryptMessage (in: phContext=0x33f8df4, pMessage=0x34056f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x34056f4, pfQOP=0x0) returned 0x0 [0302.241] recv (in: s=0x74c, buf=0x316d89c, len=5, flags=0 | out: buf=0x316d89c*) returned 5 [0302.241] recv (in: s=0x74c, buf=0x316d8a1, len=29, flags=0 | out: buf=0x316d8a1*) returned 29 [0302.241] DecryptMessage (in: phContext=0x33f8df4, pMessage=0x3405808, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3405808, pfQOP=0x0) returned 0x0 [0302.241] SetEvent (hEvent=0x4a8) returned 1 [0302.242] QueryContextAttributesW (in: phContext=0x33f8df4, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0302.242] DeleteSecurityContext (phContext=0x33f8df4) returned 0x0 [0302.242] shutdown (s=0x74c, how=2) returned 0 [0302.244] closesocket (s=0x74c) returned 0 [0302.250] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744000319358) returned 1 [0302.250] SetEvent (hEvent=0x4a8) returned 1 [0302.252] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0302.252] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0302.255] WSAConnect (in: s=0x74c, name=0x3408bd8*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0302.266] closesocket (s=0x45c) returned 0 [0302.267] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3408c4c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x340912c, pOutput=0x34090c4, pfContextAttr=0x3408fdc, ptsExpiry=0x73ed80 | out: phNewContext=0x340912c, pOutput=0x34090c4, pfContextAttr=0x3408fdc, ptsExpiry=0x73ed80) returned 0x90312 [0302.268] FreeContextBuffer (in: pvContextBuffer=0x5726448 | out: pvContextBuffer=0x5726448) returned 0x0 [0302.268] send (s=0x74c, buf=0x3409140*, len=366, flags=0) returned 366 [0302.271] recv (in: s=0x74c, buf=0x3409140, len=5, flags=0 | out: buf=0x3409140*) returned 5 [0302.280] recv (in: s=0x74c, buf=0x3409145, len=59, flags=0 | out: buf=0x3409145*) returned 59 [0302.280] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3408c4c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3409334, Reserved2=0x0, phNewContext=0x340912c, pOutput=0x3409348, pfContextAttr=0x3408fdc, ptsExpiry=0x73ecdc | out: phNewContext=0x340912c, pOutput=0x3409348, pfContextAttr=0x3408fdc, ptsExpiry=0x73ecdc) returned 0x90312 [0302.281] recv (in: s=0x74c, buf=0x34093d8, len=5, flags=0 | out: buf=0x34093d8*) returned 5 [0302.281] recv (in: s=0x74c, buf=0x34093f1, len=1, flags=0 | out: buf=0x34093f1*) returned 1 [0302.281] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3408c4c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3409464, Reserved2=0x0, phNewContext=0x340912c, pOutput=0x3409478, pfContextAttr=0x3408fdc, ptsExpiry=0x73ec3c | out: phNewContext=0x340912c, pOutput=0x3409478, pfContextAttr=0x3408fdc, ptsExpiry=0x73ec3c) returned 0x90312 [0302.282] recv (in: s=0x74c, buf=0x3409508, len=5, flags=0 | out: buf=0x3409508*) returned 5 [0302.282] recv (in: s=0x74c, buf=0x3409521, len=40, flags=0 | out: buf=0x3409521*) returned 40 [0302.283] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3408c4c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x34095bc, Reserved2=0x0, phNewContext=0x340912c, pOutput=0x34095d0, pfContextAttr=0x3408fdc, ptsExpiry=0x73eb9c | out: phNewContext=0x340912c, pOutput=0x34095d0, pfContextAttr=0x3408fdc, ptsExpiry=0x73eb9c) returned 0x0 [0302.284] FreeContextBuffer (in: pvContextBuffer=0x9b8ba0 | out: pvContextBuffer=0x9b8ba0) returned 0x0 [0302.285] QueryContextAttributesW (in: phContext=0x340912c, ulAttribute=0x4, pBuffer=0x34096a0 | out: pBuffer=0x34096a0) returned 0x0 [0302.285] QueryContextAttributesW (in: phContext=0x340912c, ulAttribute=0x5a, pBuffer=0x34096dc | out: pBuffer=0x34096dc) returned 0x0 [0302.285] QueryContextAttributesW (in: phContext=0x340912c, ulAttribute=0x53, pBuffer=0x3409728 | out: pBuffer=0x3409728) returned 0x0 [0302.286] CertDuplicateCertificateContext (pCertContext=0x9b8270) returned 0x9b8270 [0302.286] CertDuplicateStore (hCertStore=0x9bb6f8) returned 0x9bb6f8 [0302.286] CertEnumCertificatesInStore (hCertStore=0x9bb6f8, pPrevCertContext=0x0) returned 0x9b8860 [0302.287] CertDuplicateCertificateContext (pCertContext=0x9b8860) returned 0x9b8860 [0302.287] CertEnumCertificatesInStore (hCertStore=0x9bb6f8, pPrevCertContext=0x9b8860) returned 0x9b8270 [0302.288] CertDuplicateCertificateContext (pCertContext=0x9b8270) returned 0x9b8270 [0302.288] CertEnumCertificatesInStore (hCertStore=0x9bb6f8, pPrevCertContext=0x9b8270) returned 0x0 [0302.288] CertCloseStore (hCertStore=0x9bb6f8, dwFlags=0x0) returned 1 [0302.288] CertFreeCRLContext (pCrlContext=0x9b8270) returned 1 [0302.289] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bb9c8 [0302.289] CertAddCRLLinkToStore (in: hCertStore=0x9bb9c8, pCrlContext=0x9b8860, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.290] CertAddCRLLinkToStore (in: hCertStore=0x9bb9c8, pCrlContext=0x9b8270, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.290] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d5228 [0302.291] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b8270, pTime=0x73ebb0, hAdditionalStore=0x9bb9c8, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0302.291] LocalFree (hMem=0x9d5228) returned 0x0 [0302.292] CertDuplicateCertificateChain (pChainContext=0x9e33b0) returned 0x9e33b0 [0302.293] CertDuplicateCertificateContext (pCertContext=0x9b8270) returned 0x9b8270 [0302.293] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0302.294] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0302.294] CertFreeCertificateChain (pChainContext=0x9e33b0) [0302.294] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e33b0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0302.294] SetLastError (dwErrCode=0x0) [0302.294] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e33b0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0302.295] CertFreeCertificateChain (pChainContext=0x9e33b0) [0302.295] CertFreeCRLContext (pCrlContext=0x9b8270) returned 1 [0302.296] EncryptMessage (in: phContext=0x340912c, fQOP=0x0, pMessage=0x340ae58, MessageSeqNo=0x0 | out: pMessage=0x340ae58) returned 0x0 [0302.296] CoTaskMemAlloc (cb=0x10) returned 0x9f3a80 [0302.296] WSASend (in: s=0x74c, lpBuffers=0x9f3a80*=((len=0x33, buf=0x340964c*), (len=0x4f, buf=0x340ad74*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0302.297] CoTaskMemFree (pv=0x9f3a80) [0302.297] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0302.297] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0302.314] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0302.314] DecryptMessage (in: phContext=0x340912c, pMessage=0x340afd4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x340afd4, pfQOP=0x0) returned 0x0 [0302.315] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0302.317] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0302.317] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0302.317] DecryptMessage (in: phContext=0x340912c, pMessage=0x340ca68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x340ca68, pfQOP=0x0) returned 0x0 [0302.318] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0302.318] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0302.318] DecryptMessage (in: phContext=0x340912c, pMessage=0x340d86c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x340d86c, pfQOP=0x0) returned 0x0 [0302.319] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0302.319] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0302.319] DecryptMessage (in: phContext=0x340912c, pMessage=0x340eab4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x340eab4, pfQOP=0x0) returned 0x0 [0302.319] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0302.320] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0302.320] DecryptMessage (in: phContext=0x340912c, pMessage=0x340ebc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x340ebc8, pfQOP=0x0) returned 0x0 [0302.321] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0302.322] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0302.322] DecryptMessage (in: phContext=0x340912c, pMessage=0x3410f2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3410f2c, pfQOP=0x0) returned 0x0 [0302.322] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0302.322] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0302.322] DecryptMessage (in: phContext=0x340912c, pMessage=0x3411040, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3411040, pfQOP=0x0) returned 0x0 [0302.323] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0302.323] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0302.323] DecryptMessage (in: phContext=0x340912c, pMessage=0x3411154, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3411154, pfQOP=0x0) returned 0x0 [0302.324] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0302.324] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0302.324] DecryptMessage (in: phContext=0x340912c, pMessage=0x34156f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x34156f0, pfQOP=0x0) returned 0x0 [0302.324] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0302.325] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0302.325] DecryptMessage (in: phContext=0x340912c, pMessage=0x3415804, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3415804, pfQOP=0x0) returned 0x0 [0302.325] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0302.325] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0302.325] DecryptMessage (in: phContext=0x340912c, pMessage=0x3415918, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3415918, pfQOP=0x0) returned 0x0 [0302.325] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0302.326] recv (in: s=0x74c, buf=0x31515b9, len=1393, flags=0 | out: buf=0x31515b9*) returned 1393 [0302.326] DecryptMessage (in: phContext=0x340912c, pMessage=0x3415a2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3415a2c, pfQOP=0x0) returned 0x0 [0302.326] recv (in: s=0x74c, buf=0x31515b4, len=5, flags=0 | out: buf=0x31515b4*) returned 5 [0302.326] recv (in: s=0x74c, buf=0x31515b9, len=29, flags=0 | out: buf=0x31515b9*) returned 29 [0302.326] DecryptMessage (in: phContext=0x340912c, pMessage=0x3415b40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3415b40, pfQOP=0x0) returned 0x0 [0302.327] SetEvent (hEvent=0x4a8) returned 1 [0302.327] QueryContextAttributesW (in: phContext=0x340912c, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0302.327] DeleteSecurityContext (phContext=0x340912c) returned 0x0 [0302.328] shutdown (s=0x74c, how=2) returned 0 [0302.331] closesocket (s=0x74c) returned 0 [0302.339] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744009252479) returned 1 [0302.340] SetEvent (hEvent=0x4a8) returned 1 [0302.344] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0302.345] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0302.345] WSAConnect (in: s=0x74c, name=0x3418f24*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0302.357] closesocket (s=0x45c) returned 0 [0302.358] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3418f84, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3419464, pOutput=0x34193fc, pfContextAttr=0x3419314, ptsExpiry=0x73ed80 | out: phNewContext=0x3419464, pOutput=0x34193fc, pfContextAttr=0x3419314, ptsExpiry=0x73ed80) returned 0x90312 [0302.359] FreeContextBuffer (in: pvContextBuffer=0x5726a68 | out: pvContextBuffer=0x5726a68) returned 0x0 [0302.359] send (s=0x74c, buf=0x3419478*, len=366, flags=0) returned 366 [0302.359] recv (in: s=0x74c, buf=0x3419478, len=5, flags=0 | out: buf=0x3419478*) returned 5 [0302.369] recv (in: s=0x74c, buf=0x341947d, len=59, flags=0 | out: buf=0x341947d*) returned 59 [0302.370] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3418f84, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x341966c, Reserved2=0x0, phNewContext=0x3419464, pOutput=0x3419680, pfContextAttr=0x3419314, ptsExpiry=0x73ecdc | out: phNewContext=0x3419464, pOutput=0x3419680, pfContextAttr=0x3419314, ptsExpiry=0x73ecdc) returned 0x90312 [0302.370] recv (in: s=0x74c, buf=0x3419710, len=5, flags=0 | out: buf=0x3419710*) returned 5 [0302.370] recv (in: s=0x74c, buf=0x3419729, len=1, flags=0 | out: buf=0x3419729*) returned 1 [0302.370] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3418f84, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x341979c, Reserved2=0x0, phNewContext=0x3419464, pOutput=0x34197b0, pfContextAttr=0x3419314, ptsExpiry=0x73ec3c | out: phNewContext=0x3419464, pOutput=0x34197b0, pfContextAttr=0x3419314, ptsExpiry=0x73ec3c) returned 0x90312 [0302.371] recv (in: s=0x74c, buf=0x3419840, len=5, flags=0 | out: buf=0x3419840*) returned 5 [0302.371] recv (in: s=0x74c, buf=0x3419859, len=40, flags=0 | out: buf=0x3419859*) returned 40 [0302.371] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3418f84, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x34198f4, Reserved2=0x0, phNewContext=0x3419464, pOutput=0x3419908, pfContextAttr=0x3419314, ptsExpiry=0x73eb9c | out: phNewContext=0x3419464, pOutput=0x3419908, pfContextAttr=0x3419314, ptsExpiry=0x73eb9c) returned 0x0 [0302.372] FreeContextBuffer (in: pvContextBuffer=0x9b8b50 | out: pvContextBuffer=0x9b8b50) returned 0x0 [0302.372] QueryContextAttributesW (in: phContext=0x3419464, ulAttribute=0x4, pBuffer=0x34199d8 | out: pBuffer=0x34199d8) returned 0x0 [0302.372] QueryContextAttributesW (in: phContext=0x3419464, ulAttribute=0x5a, pBuffer=0x3419a14 | out: pBuffer=0x3419a14) returned 0x0 [0302.372] QueryContextAttributesW (in: phContext=0x3419464, ulAttribute=0x53, pBuffer=0x3419a60 | out: pBuffer=0x3419a60) returned 0x0 [0302.373] CertDuplicateCertificateContext (pCertContext=0x9b8ae0) returned 0x9b8ae0 [0302.373] CertDuplicateStore (hCertStore=0x9bbc98) returned 0x9bbc98 [0302.373] CertEnumCertificatesInStore (hCertStore=0x9bbc98, pPrevCertContext=0x0) returned 0x9b8720 [0302.374] CertDuplicateCertificateContext (pCertContext=0x9b8720) returned 0x9b8720 [0302.374] CertEnumCertificatesInStore (hCertStore=0x9bbc98, pPrevCertContext=0x9b8720) returned 0x9b8ae0 [0302.374] CertDuplicateCertificateContext (pCertContext=0x9b8ae0) returned 0x9b8ae0 [0302.374] CertEnumCertificatesInStore (hCertStore=0x9bbc98, pPrevCertContext=0x9b8ae0) returned 0x0 [0302.374] CertCloseStore (hCertStore=0x9bbc98, dwFlags=0x0) returned 1 [0302.375] CertFreeCRLContext (pCrlContext=0x9b8ae0) returned 1 [0302.375] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bb770 [0302.375] CertAddCRLLinkToStore (in: hCertStore=0x9bb770, pCrlContext=0x9b8720, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.376] CertAddCRLLinkToStore (in: hCertStore=0x9bb770, pCrlContext=0x9b8ae0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.376] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d5348 [0302.376] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b8ae0, pTime=0x73ebb0, hAdditionalStore=0x9bb770, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0302.377] LocalFree (hMem=0x9d5348) returned 0x0 [0302.377] CertDuplicateCertificateChain (pChainContext=0x9e2a38) returned 0x9e2a38 [0302.377] CertDuplicateCertificateContext (pCertContext=0x9b8ae0) returned 0x9b8ae0 [0302.378] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0302.379] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0302.379] CertFreeCertificateChain (pChainContext=0x9e2a38) [0302.379] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e2a38, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0302.379] SetLastError (dwErrCode=0x0) [0302.379] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e2a38, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0302.380] CertFreeCertificateChain (pChainContext=0x9e2a38) [0302.380] CertFreeCRLContext (pCrlContext=0x9b8ae0) returned 1 [0302.380] EncryptMessage (in: phContext=0x3419464, fQOP=0x0, pMessage=0x341b190, MessageSeqNo=0x0 | out: pMessage=0x341b190) returned 0x0 [0302.380] CoTaskMemAlloc (cb=0x10) returned 0x9f3a80 [0302.380] WSASend (in: s=0x74c, lpBuffers=0x9f3a80*=((len=0x33, buf=0x3419984*), (len=0x4f, buf=0x341b0ac*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0302.381] CoTaskMemFree (pv=0x9f3a80) [0302.381] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0302.381] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0302.407] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0302.407] DecryptMessage (in: phContext=0x3419464, pMessage=0x341b30c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x341b30c, pfQOP=0x0) returned 0x0 [0302.408] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0302.408] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0302.408] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0302.409] DecryptMessage (in: phContext=0x3419464, pMessage=0x341cda0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x341cda0, pfQOP=0x0) returned 0x0 [0302.409] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0302.409] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0302.409] DecryptMessage (in: phContext=0x3419464, pMessage=0x341dba4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x341dba4, pfQOP=0x0) returned 0x0 [0302.410] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0302.410] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0302.410] DecryptMessage (in: phContext=0x3419464, pMessage=0x341edec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x341edec, pfQOP=0x0) returned 0x0 [0302.410] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0302.410] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0302.410] DecryptMessage (in: phContext=0x3419464, pMessage=0x341ef00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x341ef00, pfQOP=0x0) returned 0x0 [0302.411] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0302.412] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0302.412] DecryptMessage (in: phContext=0x3419464, pMessage=0x3421264, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3421264, pfQOP=0x0) returned 0x0 [0302.412] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0302.412] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0302.412] DecryptMessage (in: phContext=0x3419464, pMessage=0x3421378, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3421378, pfQOP=0x0) returned 0x0 [0302.412] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0302.412] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0302.413] DecryptMessage (in: phContext=0x3419464, pMessage=0x342148c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x342148c, pfQOP=0x0) returned 0x0 [0302.413] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0302.413] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0302.414] DecryptMessage (in: phContext=0x3419464, pMessage=0x3425a28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3425a28, pfQOP=0x0) returned 0x0 [0302.414] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0302.414] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0302.414] DecryptMessage (in: phContext=0x3419464, pMessage=0x3425b3c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3425b3c, pfQOP=0x0) returned 0x0 [0302.414] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0302.414] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0302.414] DecryptMessage (in: phContext=0x3419464, pMessage=0x3425c50, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3425c50, pfQOP=0x0) returned 0x0 [0302.414] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0302.415] recv (in: s=0x74c, buf=0x3155709, len=1393, flags=0 | out: buf=0x3155709*) returned 1393 [0302.415] DecryptMessage (in: phContext=0x3419464, pMessage=0x3425d64, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3425d64, pfQOP=0x0) returned 0x0 [0302.415] recv (in: s=0x74c, buf=0x3155704, len=5, flags=0 | out: buf=0x3155704*) returned 5 [0302.415] recv (in: s=0x74c, buf=0x3155709, len=51, flags=0 | out: buf=0x3155709*) returned 51 [0302.415] DecryptMessage (in: phContext=0x3419464, pMessage=0x3425e78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3425e78, pfQOP=0x0) returned 0x0 [0302.415] SetEvent (hEvent=0x4a8) returned 1 [0302.416] QueryContextAttributesW (in: phContext=0x3419464, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0302.416] DeleteSecurityContext (phContext=0x3419464) returned 0x0 [0302.416] shutdown (s=0x74c, how=2) returned 0 [0302.417] closesocket (s=0x74c) returned 0 [0302.422] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744017506160) returned 1 [0302.422] SetEvent (hEvent=0x4a8) returned 1 [0302.424] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0302.426] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0302.426] WSAConnect (in: s=0x74c, name=0x3429270*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0302.436] closesocket (s=0x45c) returned 0 [0302.437] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x34292bc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x342979c, pOutput=0x3429734, pfContextAttr=0x342964c, ptsExpiry=0x73ed80 | out: phNewContext=0x342979c, pOutput=0x3429734, pfContextAttr=0x342964c, ptsExpiry=0x73ed80) returned 0x90312 [0302.437] FreeContextBuffer (in: pvContextBuffer=0x57265d0 | out: pvContextBuffer=0x57265d0) returned 0x0 [0302.437] send (s=0x74c, buf=0x34297b0*, len=366, flags=0) returned 366 [0302.438] recv (in: s=0x74c, buf=0x34297b0, len=5, flags=0 | out: buf=0x34297b0*) returned 5 [0302.447] recv (in: s=0x74c, buf=0x34297b5, len=59, flags=0 | out: buf=0x34297b5*) returned 59 [0302.447] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x34292bc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x34299a4, Reserved2=0x0, phNewContext=0x342979c, pOutput=0x34299b8, pfContextAttr=0x342964c, ptsExpiry=0x73ecdc | out: phNewContext=0x342979c, pOutput=0x34299b8, pfContextAttr=0x342964c, ptsExpiry=0x73ecdc) returned 0x90312 [0302.448] recv (in: s=0x74c, buf=0x3429a48, len=5, flags=0 | out: buf=0x3429a48*) returned 5 [0302.448] recv (in: s=0x74c, buf=0x3429a61, len=1, flags=0 | out: buf=0x3429a61*) returned 1 [0302.448] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x34292bc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3429ad4, Reserved2=0x0, phNewContext=0x342979c, pOutput=0x3429ae8, pfContextAttr=0x342964c, ptsExpiry=0x73ec3c | out: phNewContext=0x342979c, pOutput=0x3429ae8, pfContextAttr=0x342964c, ptsExpiry=0x73ec3c) returned 0x90312 [0302.449] recv (in: s=0x74c, buf=0x3429b78, len=5, flags=0 | out: buf=0x3429b78*) returned 5 [0302.449] recv (in: s=0x74c, buf=0x3429b91, len=40, flags=0 | out: buf=0x3429b91*) returned 40 [0302.449] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x34292bc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3429c2c, Reserved2=0x0, phNewContext=0x342979c, pOutput=0x3429c40, pfContextAttr=0x342964c, ptsExpiry=0x73eb9c | out: phNewContext=0x342979c, pOutput=0x3429c40, pfContextAttr=0x342964c, ptsExpiry=0x73eb9c) returned 0x0 [0302.451] FreeContextBuffer (in: pvContextBuffer=0x9b8a10 | out: pvContextBuffer=0x9b8a10) returned 0x0 [0302.451] QueryContextAttributesW (in: phContext=0x342979c, ulAttribute=0x4, pBuffer=0x3429d10 | out: pBuffer=0x3429d10) returned 0x0 [0302.451] QueryContextAttributesW (in: phContext=0x342979c, ulAttribute=0x5a, pBuffer=0x3429d4c | out: pBuffer=0x3429d4c) returned 0x0 [0302.451] QueryContextAttributesW (in: phContext=0x342979c, ulAttribute=0x53, pBuffer=0x3429d98 | out: pBuffer=0x3429d98) returned 0x0 [0302.451] CertDuplicateCertificateContext (pCertContext=0x9b88b0) returned 0x9b88b0 [0302.452] CertDuplicateStore (hCertStore=0x9bbef0) returned 0x9bbef0 [0302.452] CertEnumCertificatesInStore (hCertStore=0x9bbef0, pPrevCertContext=0x0) returned 0x9b89f0 [0302.452] CertDuplicateCertificateContext (pCertContext=0x9b89f0) returned 0x9b89f0 [0302.452] CertEnumCertificatesInStore (hCertStore=0x9bbef0, pPrevCertContext=0x9b89f0) returned 0x9b88b0 [0302.453] CertDuplicateCertificateContext (pCertContext=0x9b88b0) returned 0x9b88b0 [0302.453] CertEnumCertificatesInStore (hCertStore=0x9bbef0, pPrevCertContext=0x9b88b0) returned 0x0 [0302.453] CertCloseStore (hCertStore=0x9bbef0, dwFlags=0x0) returned 1 [0302.453] CertFreeCRLContext (pCrlContext=0x9b88b0) returned 1 [0302.454] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bc508 [0302.454] CertAddCRLLinkToStore (in: hCertStore=0x9bc508, pCrlContext=0x9b89f0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.454] CertAddCRLLinkToStore (in: hCertStore=0x9bc508, pCrlContext=0x9b88b0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.455] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d5428 [0302.455] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b88b0, pTime=0x73ebb0, hAdditionalStore=0x9bc508, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0302.455] LocalFree (hMem=0x9d5428) returned 0x0 [0302.456] CertDuplicateCertificateChain (pChainContext=0x9e20c0) returned 0x9e20c0 [0302.457] CertDuplicateCertificateContext (pCertContext=0x9b88b0) returned 0x9b88b0 [0302.457] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0302.457] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0302.458] CertFreeCertificateChain (pChainContext=0x9e20c0) [0302.458] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e20c0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0302.458] SetLastError (dwErrCode=0x0) [0302.458] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e20c0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0302.469] CertFreeCertificateChain (pChainContext=0x9e20c0) [0302.469] CertFreeCRLContext (pCrlContext=0x9b88b0) returned 1 [0302.469] EncryptMessage (in: phContext=0x32937d4, fQOP=0x0, pMessage=0x3294bfc, MessageSeqNo=0x0 | out: pMessage=0x3294bfc) returned 0x0 [0302.469] CoTaskMemAlloc (cb=0x10) returned 0x9f39d8 [0302.469] WSASend (in: s=0x74c, lpBuffers=0x9f39d8*=((len=0x33, buf=0x329398c*), (len=0x4f, buf=0x3294b18*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0302.470] CoTaskMemFree (pv=0x9f39d8) [0302.470] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0302.470] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0302.510] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0302.510] DecryptMessage (in: phContext=0x32937d4, pMessage=0x3294eb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3294eb8, pfQOP=0x0) returned 0x0 [0302.514] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0302.515] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0302.515] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0302.515] DecryptMessage (in: phContext=0x32937d4, pMessage=0x3297540, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3297540, pfQOP=0x0) returned 0x0 [0302.515] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0302.515] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0302.515] DecryptMessage (in: phContext=0x32937d4, pMessage=0x3298350, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3298350, pfQOP=0x0) returned 0x0 [0302.516] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0302.516] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0302.516] DecryptMessage (in: phContext=0x32937d4, pMessage=0x329958c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329958c, pfQOP=0x0) returned 0x0 [0302.516] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0302.516] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0302.516] DecryptMessage (in: phContext=0x32937d4, pMessage=0x32996a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32996a0, pfQOP=0x0) returned 0x0 [0302.517] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0302.517] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0302.517] DecryptMessage (in: phContext=0x32937d4, pMessage=0x329ba04, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329ba04, pfQOP=0x0) returned 0x0 [0302.517] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0302.517] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0302.517] DecryptMessage (in: phContext=0x32937d4, pMessage=0x329bb18, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329bb18, pfQOP=0x0) returned 0x0 [0302.517] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0302.518] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0302.518] DecryptMessage (in: phContext=0x32937d4, pMessage=0x329bc2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x329bc2c, pfQOP=0x0) returned 0x0 [0302.518] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0302.518] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0302.518] DecryptMessage (in: phContext=0x32937d4, pMessage=0x32a01c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a01c8, pfQOP=0x0) returned 0x0 [0302.518] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0302.519] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0302.519] DecryptMessage (in: phContext=0x32937d4, pMessage=0x32a02dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a02dc, pfQOP=0x0) returned 0x0 [0302.519] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0302.519] recv (in: s=0x74c, buf=0x316985d, len=1393, flags=0 | out: buf=0x316985d*) returned 1393 [0302.520] DecryptMessage (in: phContext=0x32937d4, pMessage=0x32a03f0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a03f0, pfQOP=0x0) returned 0x0 [0302.520] recv (in: s=0x74c, buf=0x3169858, len=5, flags=0 | out: buf=0x3169858*) returned 5 [0302.520] recv (in: s=0x74c, buf=0x316985d, len=1377, flags=0 | out: buf=0x316985d*) returned 1377 [0302.520] DecryptMessage (in: phContext=0x32937d4, pMessage=0x32a0504, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a0504, pfQOP=0x0) returned 0x0 [0302.520] SetEvent (hEvent=0x4a8) returned 1 [0302.520] QueryContextAttributesW (in: phContext=0x32937d4, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0302.521] DeleteSecurityContext (phContext=0x32937d4) returned 0x0 [0302.521] shutdown (s=0x74c, how=2) returned 0 [0302.522] closesocket (s=0x74c) returned 0 [0302.529] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744028222632) returned 1 [0302.529] SetEvent (hEvent=0x4a8) returned 1 [0302.531] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0302.531] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0302.532] WSAConnect (in: s=0x74c, name=0x32a40b4*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0302.557] closesocket (s=0x45c) returned 0 [0302.558] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32a4114, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32a45f4, pOutput=0x32a458c, pfContextAttr=0x32a44a4, ptsExpiry=0x73ed80 | out: phNewContext=0x32a45f4, pOutput=0x32a458c, pfContextAttr=0x32a44a4, ptsExpiry=0x73ed80) returned 0x90312 [0302.558] FreeContextBuffer (in: pvContextBuffer=0x57268e0 | out: pvContextBuffer=0x57268e0) returned 0x0 [0302.558] send (s=0x74c, buf=0x32a4614*, len=366, flags=0) returned 366 [0302.559] recv (in: s=0x74c, buf=0x32a4614, len=5, flags=0 | out: buf=0x32a4614*) returned 5 [0302.584] recv (in: s=0x74c, buf=0x32a4619, len=59, flags=0 | out: buf=0x32a4619*) returned 59 [0302.584] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32a4114, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32a4808, Reserved2=0x0, phNewContext=0x32a45f4, pOutput=0x32a481c, pfContextAttr=0x32a44a4, ptsExpiry=0x73ecdc | out: phNewContext=0x32a45f4, pOutput=0x32a481c, pfContextAttr=0x32a44a4, ptsExpiry=0x73ecdc) returned 0x90312 [0302.585] recv (in: s=0x74c, buf=0x32a48ac, len=5, flags=0 | out: buf=0x32a48ac*) returned 5 [0302.585] recv (in: s=0x74c, buf=0x32a48c5, len=1, flags=0 | out: buf=0x32a48c5*) returned 1 [0302.585] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32a4114, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32a4938, Reserved2=0x0, phNewContext=0x32a45f4, pOutput=0x32a494c, pfContextAttr=0x32a44a4, ptsExpiry=0x73ec3c | out: phNewContext=0x32a45f4, pOutput=0x32a494c, pfContextAttr=0x32a44a4, ptsExpiry=0x73ec3c) returned 0x90312 [0302.585] recv (in: s=0x74c, buf=0x32a49dc, len=5, flags=0 | out: buf=0x32a49dc*) returned 5 [0302.585] recv (in: s=0x74c, buf=0x32a49f5, len=40, flags=0 | out: buf=0x32a49f5*) returned 40 [0302.586] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32a4114, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32a4a90, Reserved2=0x0, phNewContext=0x32a45f4, pOutput=0x32a4aa4, pfContextAttr=0x32a44a4, ptsExpiry=0x73eb9c | out: phNewContext=0x32a45f4, pOutput=0x32a4aa4, pfContextAttr=0x32a44a4, ptsExpiry=0x73eb9c) returned 0x0 [0302.587] FreeContextBuffer (in: pvContextBuffer=0x9b82e0 | out: pvContextBuffer=0x9b82e0) returned 0x0 [0302.587] QueryContextAttributesW (in: phContext=0x32a45f4, ulAttribute=0x4, pBuffer=0x32a4b74 | out: pBuffer=0x32a4b74) returned 0x0 [0302.587] QueryContextAttributesW (in: phContext=0x32a45f4, ulAttribute=0x5a, pBuffer=0x32a4bb0 | out: pBuffer=0x32a4bb0) returned 0x0 [0302.587] QueryContextAttributesW (in: phContext=0x32a45f4, ulAttribute=0x53, pBuffer=0x32a4bfc | out: pBuffer=0x32a4bfc) returned 0x0 [0302.588] CertDuplicateCertificateContext (pCertContext=0x9b87c0) returned 0x9b87c0 [0302.588] CertDuplicateStore (hCertStore=0x9bb770) returned 0x9bb770 [0302.588] CertEnumCertificatesInStore (hCertStore=0x9bb770, pPrevCertContext=0x0) returned 0x9b8a40 [0302.589] CertDuplicateCertificateContext (pCertContext=0x9b8a40) returned 0x9b8a40 [0302.589] CertEnumCertificatesInStore (hCertStore=0x9bb770, pPrevCertContext=0x9b8a40) returned 0x9b87c0 [0302.589] CertDuplicateCertificateContext (pCertContext=0x9b87c0) returned 0x9b87c0 [0302.589] CertEnumCertificatesInStore (hCertStore=0x9bb770, pPrevCertContext=0x9b87c0) returned 0x0 [0302.589] CertCloseStore (hCertStore=0x9bb770, dwFlags=0x0) returned 1 [0302.590] CertFreeCRLContext (pCrlContext=0x9b87c0) returned 1 [0302.590] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bbc98 [0302.590] CertAddCRLLinkToStore (in: hCertStore=0x9bbc98, pCrlContext=0x9b8a40, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.591] CertAddCRLLinkToStore (in: hCertStore=0x9bbc98, pCrlContext=0x9b87c0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.591] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d4da8 [0302.592] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b87c0, pTime=0x73ebb0, hAdditionalStore=0x9bbc98, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0302.592] LocalFree (hMem=0x9d4da8) returned 0x0 [0302.592] CertDuplicateCertificateChain (pChainContext=0x9e2d60) returned 0x9e2d60 [0302.592] CertDuplicateCertificateContext (pCertContext=0x9b87c0) returned 0x9b87c0 [0302.593] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0302.593] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0302.593] CertFreeCertificateChain (pChainContext=0x9e2d60) [0302.594] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e2d60, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0302.594] SetLastError (dwErrCode=0x0) [0302.594] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e2d60, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0302.594] CertFreeCertificateChain (pChainContext=0x9e2d60) [0302.594] CertFreeCRLContext (pCrlContext=0x9b87c0) returned 1 [0302.595] EncryptMessage (in: phContext=0x32a45f4, fQOP=0x0, pMessage=0x32a6320, MessageSeqNo=0x0 | out: pMessage=0x32a6320) returned 0x0 [0302.595] CoTaskMemAlloc (cb=0x10) returned 0x9f3a80 [0302.595] WSASend (in: s=0x74c, lpBuffers=0x9f3a80*=((len=0x33, buf=0x32a4b20*), (len=0x4f, buf=0x32a623c*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0302.595] CoTaskMemFree (pv=0x9f3a80) [0302.595] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0302.596] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0302.622] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0302.622] DecryptMessage (in: phContext=0x32a45f4, pMessage=0x32a649c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a649c, pfQOP=0x0) returned 0x0 [0302.623] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0302.623] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0302.623] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0302.623] DecryptMessage (in: phContext=0x32a45f4, pMessage=0x32a7f30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a7f30, pfQOP=0x0) returned 0x0 [0302.624] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0302.624] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0302.624] DecryptMessage (in: phContext=0x32a45f4, pMessage=0x32a8d40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a8d40, pfQOP=0x0) returned 0x0 [0302.624] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0302.624] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0302.624] DecryptMessage (in: phContext=0x32a45f4, pMessage=0x32a9f7c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32a9f7c, pfQOP=0x0) returned 0x0 [0302.625] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0302.625] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0302.625] DecryptMessage (in: phContext=0x32a45f4, pMessage=0x32aa090, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32aa090, pfQOP=0x0) returned 0x0 [0302.625] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0302.625] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0302.625] DecryptMessage (in: phContext=0x32a45f4, pMessage=0x32ac3f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ac3f4, pfQOP=0x0) returned 0x0 [0302.626] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0302.626] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0302.626] DecryptMessage (in: phContext=0x32a45f4, pMessage=0x32ac508, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ac508, pfQOP=0x0) returned 0x0 [0302.626] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0302.626] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0302.626] DecryptMessage (in: phContext=0x32a45f4, pMessage=0x32ac61c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ac61c, pfQOP=0x0) returned 0x0 [0302.627] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0302.627] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0302.627] DecryptMessage (in: phContext=0x32a45f4, pMessage=0x32b0bb8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b0bb8, pfQOP=0x0) returned 0x0 [0302.627] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0302.627] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0302.627] DecryptMessage (in: phContext=0x32a45f4, pMessage=0x32b0ccc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b0ccc, pfQOP=0x0) returned 0x0 [0302.628] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0302.628] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0302.628] DecryptMessage (in: phContext=0x32a45f4, pMessage=0x32b0dec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b0dec, pfQOP=0x0) returned 0x0 [0302.628] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0302.628] recv (in: s=0x74c, buf=0x2fbd231, len=1393, flags=0 | out: buf=0x2fbd231*) returned 1393 [0302.628] DecryptMessage (in: phContext=0x32a45f4, pMessage=0x32b0f00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b0f00, pfQOP=0x0) returned 0x0 [0302.629] recv (in: s=0x74c, buf=0x2fbd22c, len=5, flags=0 | out: buf=0x2fbd22c*) returned 5 [0302.629] recv (in: s=0x74c, buf=0x2fbd231, len=50, flags=0 | out: buf=0x2fbd231*) returned 50 [0302.629] DecryptMessage (in: phContext=0x32a45f4, pMessage=0x32b1014, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b1014, pfQOP=0x0) returned 0x0 [0302.629] SetEvent (hEvent=0x4a8) returned 1 [0302.629] QueryContextAttributesW (in: phContext=0x32a45f4, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0302.630] DeleteSecurityContext (phContext=0x32a45f4) returned 0x0 [0302.630] shutdown (s=0x74c, how=2) returned 0 [0302.630] closesocket (s=0x74c) returned 0 [0302.635] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744038838924) returned 1 [0302.635] SetEvent (hEvent=0x4a8) returned 1 [0302.637] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0302.638] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0302.638] WSAConnect (in: s=0x74c, name=0x32b43d8*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0302.648] closesocket (s=0x45c) returned 0 [0302.649] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32b444c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32b492c, pOutput=0x32b48c4, pfContextAttr=0x32b47dc, ptsExpiry=0x73ed80 | out: phNewContext=0x32b492c, pOutput=0x32b48c4, pfContextAttr=0x32b47dc, ptsExpiry=0x73ed80) returned 0x90312 [0302.650] FreeContextBuffer (in: pvContextBuffer=0x5726138 | out: pvContextBuffer=0x5726138) returned 0x0 [0302.650] send (s=0x74c, buf=0x32b4940*, len=366, flags=0) returned 366 [0302.651] recv (in: s=0x74c, buf=0x32b4940, len=5, flags=0 | out: buf=0x32b4940*) returned 5 [0302.660] recv (in: s=0x74c, buf=0x32b4945, len=59, flags=0 | out: buf=0x32b4945*) returned 59 [0302.661] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32b444c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32b4b34, Reserved2=0x0, phNewContext=0x32b492c, pOutput=0x32b4b48, pfContextAttr=0x32b47dc, ptsExpiry=0x73ecdc | out: phNewContext=0x32b492c, pOutput=0x32b4b48, pfContextAttr=0x32b47dc, ptsExpiry=0x73ecdc) returned 0x90312 [0302.661] recv (in: s=0x74c, buf=0x32b4bd8, len=5, flags=0 | out: buf=0x32b4bd8*) returned 5 [0302.661] recv (in: s=0x74c, buf=0x32b4bf1, len=1, flags=0 | out: buf=0x32b4bf1*) returned 1 [0302.661] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32b444c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32b4c64, Reserved2=0x0, phNewContext=0x32b492c, pOutput=0x32b4c78, pfContextAttr=0x32b47dc, ptsExpiry=0x73ec3c | out: phNewContext=0x32b492c, pOutput=0x32b4c78, pfContextAttr=0x32b47dc, ptsExpiry=0x73ec3c) returned 0x90312 [0302.662] recv (in: s=0x74c, buf=0x32b4d08, len=5, flags=0 | out: buf=0x32b4d08*) returned 5 [0302.662] recv (in: s=0x74c, buf=0x32b4d2d, len=40, flags=0 | out: buf=0x32b4d2d*) returned 40 [0302.662] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32b444c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32b4dc8, Reserved2=0x0, phNewContext=0x32b492c, pOutput=0x32b4ddc, pfContextAttr=0x32b47dc, ptsExpiry=0x73eb9c | out: phNewContext=0x32b492c, pOutput=0x32b4ddc, pfContextAttr=0x32b47dc, ptsExpiry=0x73eb9c) returned 0x0 [0302.664] FreeContextBuffer (in: pvContextBuffer=0x9b8920 | out: pvContextBuffer=0x9b8920) returned 0x0 [0302.664] QueryContextAttributesW (in: phContext=0x32b492c, ulAttribute=0x4, pBuffer=0x32b4eac | out: pBuffer=0x32b4eac) returned 0x0 [0302.664] QueryContextAttributesW (in: phContext=0x32b492c, ulAttribute=0x5a, pBuffer=0x32b4ee8 | out: pBuffer=0x32b4ee8) returned 0x0 [0302.664] QueryContextAttributesW (in: phContext=0x32b492c, ulAttribute=0x53, pBuffer=0x32b4f34 | out: pBuffer=0x32b4f34) returned 0x0 [0302.664] CertDuplicateCertificateContext (pCertContext=0x9b8b80) returned 0x9b8b80 [0302.665] CertDuplicateStore (hCertStore=0x9bb680) returned 0x9bb680 [0302.665] CertEnumCertificatesInStore (hCertStore=0x9bb680, pPrevCertContext=0x0) returned 0x9b8860 [0302.665] CertDuplicateCertificateContext (pCertContext=0x9b8860) returned 0x9b8860 [0302.665] CertEnumCertificatesInStore (hCertStore=0x9bb680, pPrevCertContext=0x9b8860) returned 0x9b8b80 [0302.666] CertDuplicateCertificateContext (pCertContext=0x9b8b80) returned 0x9b8b80 [0302.666] CertEnumCertificatesInStore (hCertStore=0x9bb680, pPrevCertContext=0x9b8b80) returned 0x0 [0302.666] CertCloseStore (hCertStore=0x9bb680, dwFlags=0x0) returned 1 [0302.666] CertFreeCRLContext (pCrlContext=0x9b8b80) returned 1 [0302.667] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bbf68 [0302.667] CertAddCRLLinkToStore (in: hCertStore=0x9bbf68, pCrlContext=0x9b8860, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.667] CertAddCRLLinkToStore (in: hCertStore=0x9bbf68, pCrlContext=0x9b8b80, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.668] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d4d88 [0302.668] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b8b80, pTime=0x73ebb0, hAdditionalStore=0x9bbf68, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0302.669] LocalFree (hMem=0x9d4d88) returned 0x0 [0302.669] CertDuplicateCertificateChain (pChainContext=0x9e36d8) returned 0x9e36d8 [0302.669] CertDuplicateCertificateContext (pCertContext=0x9b8b80) returned 0x9b8b80 [0302.670] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0302.670] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0302.670] CertFreeCertificateChain (pChainContext=0x9e36d8) [0302.670] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e36d8, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0302.670] SetLastError (dwErrCode=0x0) [0302.671] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e36d8, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0302.671] CertFreeCertificateChain (pChainContext=0x9e36d8) [0302.671] CertFreeCRLContext (pCrlContext=0x9b8b80) returned 1 [0302.672] EncryptMessage (in: phContext=0x32b492c, fQOP=0x0, pMessage=0x32b6658, MessageSeqNo=0x0 | out: pMessage=0x32b6658) returned 0x0 [0302.672] CoTaskMemAlloc (cb=0x10) returned 0x9f39a8 [0302.672] WSASend (in: s=0x74c, lpBuffers=0x9f39a8*=((len=0x33, buf=0x32b4e58*), (len=0x4f, buf=0x32b6574*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0302.673] CoTaskMemFree (pv=0x9f39a8) [0302.673] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0302.673] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0302.754] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0302.754] DecryptMessage (in: phContext=0x32b492c, pMessage=0x32b67d4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b67d4, pfQOP=0x0) returned 0x0 [0302.755] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0302.755] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0302.755] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0302.755] DecryptMessage (in: phContext=0x32b492c, pMessage=0x32b8268, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b8268, pfQOP=0x0) returned 0x0 [0302.756] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0302.756] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0302.756] DecryptMessage (in: phContext=0x32b492c, pMessage=0x32b9078, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32b9078, pfQOP=0x0) returned 0x0 [0302.756] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0302.756] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0302.756] DecryptMessage (in: phContext=0x32b492c, pMessage=0x32ba2b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ba2b4, pfQOP=0x0) returned 0x0 [0302.757] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0302.757] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0302.757] DecryptMessage (in: phContext=0x32b492c, pMessage=0x32ba3c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ba3c8, pfQOP=0x0) returned 0x0 [0302.757] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0302.757] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0302.757] DecryptMessage (in: phContext=0x32b492c, pMessage=0x32bc72c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32bc72c, pfQOP=0x0) returned 0x0 [0302.758] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0302.758] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0302.758] DecryptMessage (in: phContext=0x32b492c, pMessage=0x32bc840, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32bc840, pfQOP=0x0) returned 0x0 [0302.758] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0302.758] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0302.758] DecryptMessage (in: phContext=0x32b492c, pMessage=0x32bc954, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32bc954, pfQOP=0x0) returned 0x0 [0302.759] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0302.759] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0302.759] DecryptMessage (in: phContext=0x32b492c, pMessage=0x32c0ef0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c0ef0, pfQOP=0x0) returned 0x0 [0302.759] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0302.759] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0302.759] DecryptMessage (in: phContext=0x32b492c, pMessage=0x32c1004, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c1004, pfQOP=0x0) returned 0x0 [0302.759] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0302.760] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0302.760] DecryptMessage (in: phContext=0x32b492c, pMessage=0x32c1118, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c1118, pfQOP=0x0) returned 0x0 [0302.760] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0302.760] recv (in: s=0x74c, buf=0x2f82031, len=1393, flags=0 | out: buf=0x2f82031*) returned 1393 [0302.760] DecryptMessage (in: phContext=0x32b492c, pMessage=0x32c122c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c122c, pfQOP=0x0) returned 0x0 [0302.760] recv (in: s=0x74c, buf=0x2f8202c, len=5, flags=0 | out: buf=0x2f8202c*) returned 5 [0302.760] recv (in: s=0x74c, buf=0x2f82031, len=51, flags=0 | out: buf=0x2f82031*) returned 51 [0302.761] DecryptMessage (in: phContext=0x32b492c, pMessage=0x32c1340, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c1340, pfQOP=0x0) returned 0x0 [0302.761] SetEvent (hEvent=0x4a8) returned 1 [0302.761] QueryContextAttributesW (in: phContext=0x32b492c, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0302.761] DeleteSecurityContext (phContext=0x32b492c) returned 0x0 [0302.762] shutdown (s=0x74c, how=2) returned 0 [0302.762] closesocket (s=0x74c) returned 0 [0302.768] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744052063462) returned 1 [0302.768] SetEvent (hEvent=0x4a8) returned 1 [0302.770] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0302.770] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0302.773] WSAConnect (in: s=0x74c, name=0x32c4710*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0302.783] closesocket (s=0x45c) returned 0 [0302.784] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32c4784, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32c4c64, pOutput=0x32c4bfc, pfContextAttr=0x32c4b14, ptsExpiry=0x73ed80 | out: phNewContext=0x32c4c64, pOutput=0x32c4bfc, pfContextAttr=0x32c4b14, ptsExpiry=0x73ed80) returned 0x90312 [0302.784] FreeContextBuffer (in: pvContextBuffer=0x5725e28 | out: pvContextBuffer=0x5725e28) returned 0x0 [0302.785] send (s=0x74c, buf=0x32c4c78*, len=366, flags=0) returned 366 [0302.785] recv (in: s=0x74c, buf=0x32c4c78, len=5, flags=0 | out: buf=0x32c4c78*) returned 5 [0302.795] recv (in: s=0x74c, buf=0x32c4c7d, len=59, flags=0 | out: buf=0x32c4c7d*) returned 59 [0302.795] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32c4784, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32c4e6c, Reserved2=0x0, phNewContext=0x32c4c64, pOutput=0x32c4e80, pfContextAttr=0x32c4b14, ptsExpiry=0x73ecdc | out: phNewContext=0x32c4c64, pOutput=0x32c4e80, pfContextAttr=0x32c4b14, ptsExpiry=0x73ecdc) returned 0x90312 [0302.795] recv (in: s=0x74c, buf=0x32c4f10, len=5, flags=0 | out: buf=0x32c4f10*) returned 5 [0302.795] recv (in: s=0x74c, buf=0x32c4f29, len=1, flags=0 | out: buf=0x32c4f29*) returned 1 [0302.796] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32c4784, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32c4f9c, Reserved2=0x0, phNewContext=0x32c4c64, pOutput=0x32c4fb0, pfContextAttr=0x32c4b14, ptsExpiry=0x73ec3c | out: phNewContext=0x32c4c64, pOutput=0x32c4fb0, pfContextAttr=0x32c4b14, ptsExpiry=0x73ec3c) returned 0x90312 [0302.796] recv (in: s=0x74c, buf=0x32c5040, len=5, flags=0 | out: buf=0x32c5040*) returned 5 [0302.796] recv (in: s=0x74c, buf=0x32c5059, len=40, flags=0 | out: buf=0x32c5059*) returned 40 [0302.797] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32c4784, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32c50f4, Reserved2=0x0, phNewContext=0x32c4c64, pOutput=0x32c5108, pfContextAttr=0x32c4b14, ptsExpiry=0x73eb9c | out: phNewContext=0x32c4c64, pOutput=0x32c5108, pfContextAttr=0x32c4b14, ptsExpiry=0x73eb9c) returned 0x0 [0302.798] FreeContextBuffer (in: pvContextBuffer=0x9b8330 | out: pvContextBuffer=0x9b8330) returned 0x0 [0302.799] QueryContextAttributesW (in: phContext=0x32c4c64, ulAttribute=0x4, pBuffer=0x32c51d8 | out: pBuffer=0x32c51d8) returned 0x0 [0302.799] QueryContextAttributesW (in: phContext=0x32c4c64, ulAttribute=0x5a, pBuffer=0x32c5214 | out: pBuffer=0x32c5214) returned 0x0 [0302.799] QueryContextAttributesW (in: phContext=0x32c4c64, ulAttribute=0x53, pBuffer=0x32c5260 | out: pBuffer=0x32c5260) returned 0x0 [0302.799] CertDuplicateCertificateContext (pCertContext=0x9b8220) returned 0x9b8220 [0302.800] CertDuplicateStore (hCertStore=0x9bbe78) returned 0x9bbe78 [0302.800] CertEnumCertificatesInStore (hCertStore=0x9bbe78, pPrevCertContext=0x0) returned 0x9b8590 [0302.801] CertDuplicateCertificateContext (pCertContext=0x9b8590) returned 0x9b8590 [0302.801] CertEnumCertificatesInStore (hCertStore=0x9bbe78, pPrevCertContext=0x9b8590) returned 0x9b8220 [0302.801] CertDuplicateCertificateContext (pCertContext=0x9b8220) returned 0x9b8220 [0302.801] CertEnumCertificatesInStore (hCertStore=0x9bbe78, pPrevCertContext=0x9b8220) returned 0x0 [0302.801] CertCloseStore (hCertStore=0x9bbe78, dwFlags=0x0) returned 1 [0302.801] CertFreeCRLContext (pCrlContext=0x9b8220) returned 1 [0302.802] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bbab8 [0302.802] CertAddCRLLinkToStore (in: hCertStore=0x9bbab8, pCrlContext=0x9b8590, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.803] CertAddCRLLinkToStore (in: hCertStore=0x9bbab8, pCrlContext=0x9b8220, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.803] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d4d08 [0302.803] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b8220, pTime=0x73ebb0, hAdditionalStore=0x9bbab8, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0302.804] LocalFree (hMem=0x9d4d08) returned 0x0 [0302.804] CertDuplicateCertificateChain (pChainContext=0x9e1d98) returned 0x9e1d98 [0302.804] CertDuplicateCertificateContext (pCertContext=0x9b8220) returned 0x9b8220 [0302.805] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0302.805] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0302.805] CertFreeCertificateChain (pChainContext=0x9e1d98) [0302.806] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e1d98, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0302.806] SetLastError (dwErrCode=0x0) [0302.806] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e1d98, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0302.806] CertFreeCertificateChain (pChainContext=0x9e1d98) [0302.806] CertFreeCRLContext (pCrlContext=0x9b8220) returned 1 [0302.807] EncryptMessage (in: phContext=0x32c4c64, fQOP=0x0, pMessage=0x32c6990, MessageSeqNo=0x0 | out: pMessage=0x32c6990) returned 0x0 [0302.807] CoTaskMemAlloc (cb=0x10) returned 0x9f3ac8 [0302.807] WSASend (in: s=0x74c, lpBuffers=0x9f3ac8*=((len=0x33, buf=0x32c5184*), (len=0x4f, buf=0x32c68ac*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0302.807] CoTaskMemFree (pv=0x9f3ac8) [0302.808] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0302.808] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0302.823] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0302.823] DecryptMessage (in: phContext=0x32c4c64, pMessage=0x32c6b0c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c6b0c, pfQOP=0x0) returned 0x0 [0302.824] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0302.824] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0302.824] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0302.824] DecryptMessage (in: phContext=0x32c4c64, pMessage=0x32c85a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c85a0, pfQOP=0x0) returned 0x0 [0302.825] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0302.825] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0302.825] DecryptMessage (in: phContext=0x32c4c64, pMessage=0x32c93a4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32c93a4, pfQOP=0x0) returned 0x0 [0302.825] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0302.825] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0302.825] DecryptMessage (in: phContext=0x32c4c64, pMessage=0x32ca5ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ca5ec, pfQOP=0x0) returned 0x0 [0302.825] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0302.826] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0302.826] DecryptMessage (in: phContext=0x32c4c64, pMessage=0x32ca700, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ca700, pfQOP=0x0) returned 0x0 [0302.826] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0302.826] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0302.826] DecryptMessage (in: phContext=0x32c4c64, pMessage=0x32cca64, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32cca64, pfQOP=0x0) returned 0x0 [0302.826] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0302.827] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0302.827] DecryptMessage (in: phContext=0x32c4c64, pMessage=0x32ccb78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ccb78, pfQOP=0x0) returned 0x0 [0302.827] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0302.827] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0302.827] DecryptMessage (in: phContext=0x32c4c64, pMessage=0x32ccc8c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ccc8c, pfQOP=0x0) returned 0x0 [0302.827] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0302.828] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0302.828] DecryptMessage (in: phContext=0x32c4c64, pMessage=0x32d1228, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d1228, pfQOP=0x0) returned 0x0 [0302.828] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0302.828] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0302.828] DecryptMessage (in: phContext=0x32c4c64, pMessage=0x32d133c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d133c, pfQOP=0x0) returned 0x0 [0302.828] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0302.829] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0302.829] DecryptMessage (in: phContext=0x32c4c64, pMessage=0x32d1450, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d1450, pfQOP=0x0) returned 0x0 [0302.829] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0302.829] recv (in: s=0x74c, buf=0x2f8a0a1, len=1393, flags=0 | out: buf=0x2f8a0a1*) returned 1393 [0302.829] DecryptMessage (in: phContext=0x32c4c64, pMessage=0x32d1564, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d1564, pfQOP=0x0) returned 0x0 [0302.829] recv (in: s=0x74c, buf=0x2f8a09c, len=5, flags=0 | out: buf=0x2f8a09c*) returned 5 [0302.829] recv (in: s=0x74c, buf=0x2f8a0a1, len=51, flags=0 | out: buf=0x2f8a0a1*) returned 51 [0302.829] DecryptMessage (in: phContext=0x32c4c64, pMessage=0x32d1678, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d1678, pfQOP=0x0) returned 0x0 [0302.830] SetEvent (hEvent=0x4a8) returned 1 [0302.830] QueryContextAttributesW (in: phContext=0x32c4c64, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0302.830] DeleteSecurityContext (phContext=0x32c4c64) returned 0x0 [0302.831] shutdown (s=0x74c, how=2) returned 0 [0302.832] closesocket (s=0x74c) returned 0 [0302.837] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744058984810) returned 1 [0302.837] SetEvent (hEvent=0x4a8) returned 1 [0302.838] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0302.839] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0302.840] WSAConnect (in: s=0x74c, name=0x32d4a5c*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0302.850] closesocket (s=0x45c) returned 0 [0302.850] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32d4abc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32d4f9c, pOutput=0x32d4f34, pfContextAttr=0x32d4e4c, ptsExpiry=0x73ed80 | out: phNewContext=0x32d4f9c, pOutput=0x32d4f34, pfContextAttr=0x32d4e4c, ptsExpiry=0x73ed80) returned 0x90312 [0302.851] FreeContextBuffer (in: pvContextBuffer=0x5725ca0 | out: pvContextBuffer=0x5725ca0) returned 0x0 [0302.851] send (s=0x74c, buf=0x32d4fb0*, len=366, flags=0) returned 366 [0302.851] recv (in: s=0x74c, buf=0x32d4fb0, len=5, flags=0 | out: buf=0x32d4fb0*) returned 5 [0302.862] recv (in: s=0x74c, buf=0x32d4fb5, len=59, flags=0 | out: buf=0x32d4fb5*) returned 59 [0302.863] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32d4abc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32d51a4, Reserved2=0x0, phNewContext=0x32d4f9c, pOutput=0x32d51b8, pfContextAttr=0x32d4e4c, ptsExpiry=0x73ecdc | out: phNewContext=0x32d4f9c, pOutput=0x32d51b8, pfContextAttr=0x32d4e4c, ptsExpiry=0x73ecdc) returned 0x90312 [0302.863] recv (in: s=0x74c, buf=0x32d5248, len=5, flags=0 | out: buf=0x32d5248*) returned 5 [0302.864] recv (in: s=0x74c, buf=0x32d5261, len=1, flags=0 | out: buf=0x32d5261*) returned 1 [0302.864] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32d4abc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32d52d4, Reserved2=0x0, phNewContext=0x32d4f9c, pOutput=0x32d52e8, pfContextAttr=0x32d4e4c, ptsExpiry=0x73ec3c | out: phNewContext=0x32d4f9c, pOutput=0x32d52e8, pfContextAttr=0x32d4e4c, ptsExpiry=0x73ec3c) returned 0x90312 [0302.864] recv (in: s=0x74c, buf=0x32d5378, len=5, flags=0 | out: buf=0x32d5378*) returned 5 [0302.864] recv (in: s=0x74c, buf=0x32d5391, len=40, flags=0 | out: buf=0x32d5391*) returned 40 [0302.865] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32d4abc, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32d542c, Reserved2=0x0, phNewContext=0x32d4f9c, pOutput=0x32d5440, pfContextAttr=0x32d4e4c, ptsExpiry=0x73eb9c | out: phNewContext=0x32d4f9c, pOutput=0x32d5440, pfContextAttr=0x32d4e4c, ptsExpiry=0x73eb9c) returned 0x0 [0302.866] FreeContextBuffer (in: pvContextBuffer=0x9b88d0 | out: pvContextBuffer=0x9b88d0) returned 0x0 [0302.866] QueryContextAttributesW (in: phContext=0x32d4f9c, ulAttribute=0x4, pBuffer=0x32d5510 | out: pBuffer=0x32d5510) returned 0x0 [0302.866] QueryContextAttributesW (in: phContext=0x32d4f9c, ulAttribute=0x5a, pBuffer=0x32d554c | out: pBuffer=0x32d554c) returned 0x0 [0302.866] QueryContextAttributesW (in: phContext=0x32d4f9c, ulAttribute=0x53, pBuffer=0x32d5598 | out: pBuffer=0x32d5598) returned 0x0 [0302.867] CertDuplicateCertificateContext (pCertContext=0x9b8270) returned 0x9b8270 [0302.867] CertDuplicateStore (hCertStore=0x9bc2b0) returned 0x9bc2b0 [0302.867] CertEnumCertificatesInStore (hCertStore=0x9bc2b0, pPrevCertContext=0x0) returned 0x9b8900 [0302.868] CertDuplicateCertificateContext (pCertContext=0x9b8900) returned 0x9b8900 [0302.868] CertEnumCertificatesInStore (hCertStore=0x9bc2b0, pPrevCertContext=0x9b8900) returned 0x9b8270 [0302.868] CertDuplicateCertificateContext (pCertContext=0x9b8270) returned 0x9b8270 [0302.868] CertEnumCertificatesInStore (hCertStore=0x9bc2b0, pPrevCertContext=0x9b8270) returned 0x0 [0302.868] CertCloseStore (hCertStore=0x9bc2b0, dwFlags=0x0) returned 1 [0302.868] CertFreeCRLContext (pCrlContext=0x9b8270) returned 1 [0302.869] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bbfe0 [0302.869] CertAddCRLLinkToStore (in: hCertStore=0x9bbfe0, pCrlContext=0x9b8900, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.869] CertAddCRLLinkToStore (in: hCertStore=0x9bbfe0, pCrlContext=0x9b8270, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.870] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d4d68 [0302.870] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b8270, pTime=0x73ebb0, hAdditionalStore=0x9bbfe0, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0302.871] LocalFree (hMem=0x9d4d68) returned 0x0 [0302.871] CertDuplicateCertificateChain (pChainContext=0x9e36d8) returned 0x9e36d8 [0302.871] CertDuplicateCertificateContext (pCertContext=0x9b8270) returned 0x9b8270 [0302.872] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0302.872] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0302.872] CertFreeCertificateChain (pChainContext=0x9e36d8) [0302.872] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e36d8, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0302.872] SetLastError (dwErrCode=0x0) [0302.873] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e36d8, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0302.873] CertFreeCertificateChain (pChainContext=0x9e36d8) [0302.873] CertFreeCRLContext (pCrlContext=0x9b8270) returned 1 [0302.874] EncryptMessage (in: phContext=0x32d4f9c, fQOP=0x0, pMessage=0x32d6cc8, MessageSeqNo=0x0 | out: pMessage=0x32d6cc8) returned 0x0 [0302.874] CoTaskMemAlloc (cb=0x10) returned 0x9f39a8 [0302.874] WSASend (in: s=0x74c, lpBuffers=0x9f39a8*=((len=0x33, buf=0x32d54bc*), (len=0x4f, buf=0x32d6be4*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0302.874] CoTaskMemFree (pv=0x9f39a8) [0302.874] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0302.875] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0302.941] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0302.941] DecryptMessage (in: phContext=0x32d4f9c, pMessage=0x32d6e44, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d6e44, pfQOP=0x0) returned 0x0 [0302.942] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0302.942] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0302.942] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0302.942] DecryptMessage (in: phContext=0x32d4f9c, pMessage=0x32d88d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d88d8, pfQOP=0x0) returned 0x0 [0302.943] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0302.943] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0302.943] DecryptMessage (in: phContext=0x32d4f9c, pMessage=0x32d96dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32d96dc, pfQOP=0x0) returned 0x0 [0302.943] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0302.943] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0302.943] DecryptMessage (in: phContext=0x32d4f9c, pMessage=0x32da924, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32da924, pfQOP=0x0) returned 0x0 [0302.944] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0302.944] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0302.944] DecryptMessage (in: phContext=0x32d4f9c, pMessage=0x32daa38, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32daa38, pfQOP=0x0) returned 0x0 [0302.944] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0302.944] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0302.944] DecryptMessage (in: phContext=0x32d4f9c, pMessage=0x32dcd9c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32dcd9c, pfQOP=0x0) returned 0x0 [0302.944] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0302.945] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0302.945] DecryptMessage (in: phContext=0x32d4f9c, pMessage=0x32dceb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32dceb0, pfQOP=0x0) returned 0x0 [0302.945] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0302.945] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0302.945] DecryptMessage (in: phContext=0x32d4f9c, pMessage=0x32dcfc4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32dcfc4, pfQOP=0x0) returned 0x0 [0302.945] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0302.946] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0302.946] DecryptMessage (in: phContext=0x32d4f9c, pMessage=0x32e1560, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e1560, pfQOP=0x0) returned 0x0 [0302.946] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0302.946] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0302.946] DecryptMessage (in: phContext=0x32d4f9c, pMessage=0x32e1674, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e1674, pfQOP=0x0) returned 0x0 [0302.946] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0302.946] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0302.947] DecryptMessage (in: phContext=0x32d4f9c, pMessage=0x32e1788, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e1788, pfQOP=0x0) returned 0x0 [0302.947] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0302.947] recv (in: s=0x74c, buf=0x2fd1349, len=1393, flags=0 | out: buf=0x2fd1349*) returned 1393 [0302.947] DecryptMessage (in: phContext=0x32d4f9c, pMessage=0x32e189c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e189c, pfQOP=0x0) returned 0x0 [0302.947] recv (in: s=0x74c, buf=0x2fd1344, len=5, flags=0 | out: buf=0x2fd1344*) returned 5 [0302.947] recv (in: s=0x74c, buf=0x2fd1349, len=51, flags=0 | out: buf=0x2fd1349*) returned 51 [0302.947] DecryptMessage (in: phContext=0x32d4f9c, pMessage=0x32e19b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e19b0, pfQOP=0x0) returned 0x0 [0302.948] SetEvent (hEvent=0x4a8) returned 1 [0302.948] QueryContextAttributesW (in: phContext=0x32d4f9c, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0302.948] DeleteSecurityContext (phContext=0x32d4f9c) returned 0x0 [0302.949] shutdown (s=0x74c, how=2) returned 0 [0302.949] closesocket (s=0x74c) returned 0 [0302.956] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744070880155) returned 1 [0302.956] SetEvent (hEvent=0x4a8) returned 1 [0302.958] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0302.959] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0302.959] WSAConnect (in: s=0x74c, name=0x32e4d94*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0302.969] closesocket (s=0x45c) returned 0 [0302.970] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32e4df4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32e52d4, pOutput=0x32e526c, pfContextAttr=0x32e5184, ptsExpiry=0x73ed80 | out: phNewContext=0x32e52d4, pOutput=0x32e526c, pfContextAttr=0x32e5184, ptsExpiry=0x73ed80) returned 0x90312 [0302.971] FreeContextBuffer (in: pvContextBuffer=0x5725ca0 | out: pvContextBuffer=0x5725ca0) returned 0x0 [0302.971] send (s=0x74c, buf=0x32e52e8*, len=366, flags=0) returned 366 [0302.971] recv (in: s=0x74c, buf=0x32e52e8, len=5, flags=0 | out: buf=0x32e52e8*) returned 5 [0302.980] recv (in: s=0x74c, buf=0x32e52ed, len=59, flags=0 | out: buf=0x32e52ed*) returned 59 [0302.980] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32e4df4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32e54dc, Reserved2=0x0, phNewContext=0x32e52d4, pOutput=0x32e54f0, pfContextAttr=0x32e5184, ptsExpiry=0x73ecdc | out: phNewContext=0x32e52d4, pOutput=0x32e54f0, pfContextAttr=0x32e5184, ptsExpiry=0x73ecdc) returned 0x90312 [0302.981] recv (in: s=0x74c, buf=0x32e5580, len=5, flags=0 | out: buf=0x32e5580*) returned 5 [0302.981] recv (in: s=0x74c, buf=0x32e5599, len=1, flags=0 | out: buf=0x32e5599*) returned 1 [0302.981] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32e4df4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32e560c, Reserved2=0x0, phNewContext=0x32e52d4, pOutput=0x32e5620, pfContextAttr=0x32e5184, ptsExpiry=0x73ec3c | out: phNewContext=0x32e52d4, pOutput=0x32e5620, pfContextAttr=0x32e5184, ptsExpiry=0x73ec3c) returned 0x90312 [0302.981] recv (in: s=0x74c, buf=0x32e56b0, len=5, flags=0 | out: buf=0x32e56b0*) returned 5 [0302.982] recv (in: s=0x74c, buf=0x32e56c9, len=40, flags=0 | out: buf=0x32e56c9*) returned 40 [0302.982] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32e4df4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32e5764, Reserved2=0x0, phNewContext=0x32e52d4, pOutput=0x32e5778, pfContextAttr=0x32e5184, ptsExpiry=0x73eb9c | out: phNewContext=0x32e52d4, pOutput=0x32e5778, pfContextAttr=0x32e5184, ptsExpiry=0x73eb9c) returned 0x0 [0302.983] FreeContextBuffer (in: pvContextBuffer=0x9b8970 | out: pvContextBuffer=0x9b8970) returned 0x0 [0302.983] QueryContextAttributesW (in: phContext=0x32e52d4, ulAttribute=0x4, pBuffer=0x32e5848 | out: pBuffer=0x32e5848) returned 0x0 [0302.983] QueryContextAttributesW (in: phContext=0x32e52d4, ulAttribute=0x5a, pBuffer=0x32e5884 | out: pBuffer=0x32e5884) returned 0x0 [0302.983] QueryContextAttributesW (in: phContext=0x32e52d4, ulAttribute=0x53, pBuffer=0x32e58d0 | out: pBuffer=0x32e58d0) returned 0x0 [0302.984] CertDuplicateCertificateContext (pCertContext=0x9b89a0) returned 0x9b89a0 [0302.984] CertDuplicateStore (hCertStore=0x9bbb30) returned 0x9bbb30 [0302.984] CertEnumCertificatesInStore (hCertStore=0x9bbb30, pPrevCertContext=0x0) returned 0x9b8450 [0302.985] CertDuplicateCertificateContext (pCertContext=0x9b8450) returned 0x9b8450 [0302.985] CertEnumCertificatesInStore (hCertStore=0x9bbb30, pPrevCertContext=0x9b8450) returned 0x9b89a0 [0302.985] CertDuplicateCertificateContext (pCertContext=0x9b89a0) returned 0x9b89a0 [0302.985] CertEnumCertificatesInStore (hCertStore=0x9bbb30, pPrevCertContext=0x9b89a0) returned 0x0 [0302.985] CertCloseStore (hCertStore=0x9bbb30, dwFlags=0x0) returned 1 [0302.985] CertFreeCRLContext (pCrlContext=0x9b89a0) returned 1 [0302.986] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bbe00 [0302.986] CertAddCRLLinkToStore (in: hCertStore=0x9bbe00, pCrlContext=0x9b8450, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.987] CertAddCRLLinkToStore (in: hCertStore=0x9bbe00, pCrlContext=0x9b89a0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0302.987] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d4d48 [0302.988] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b89a0, pTime=0x73ebb0, hAdditionalStore=0x9bbe00, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0302.988] LocalFree (hMem=0x9d4d48) returned 0x0 [0302.988] CertDuplicateCertificateChain (pChainContext=0x9e3088) returned 0x9e3088 [0302.989] CertDuplicateCertificateContext (pCertContext=0x9b89a0) returned 0x9b89a0 [0302.989] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0302.990] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0302.990] CertFreeCertificateChain (pChainContext=0x9e3088) [0302.990] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e3088, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0302.990] SetLastError (dwErrCode=0x0) [0302.990] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e3088, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0302.991] CertFreeCertificateChain (pChainContext=0x9e3088) [0302.991] CertFreeCRLContext (pCrlContext=0x9b89a0) returned 1 [0302.991] EncryptMessage (in: phContext=0x32e52d4, fQOP=0x0, pMessage=0x32e7000, MessageSeqNo=0x0 | out: pMessage=0x32e7000) returned 0x0 [0302.992] CoTaskMemAlloc (cb=0x10) returned 0x9f3948 [0302.992] WSASend (in: s=0x74c, lpBuffers=0x9f3948*=((len=0x33, buf=0x32e57f4*), (len=0x4f, buf=0x32e6f1c*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0302.992] CoTaskMemFree (pv=0x9f3948) [0302.992] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0302.992] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0303.017] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0303.017] DecryptMessage (in: phContext=0x32e52d4, pMessage=0x32e717c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e717c, pfQOP=0x0) returned 0x0 [0303.018] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0303.018] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0303.018] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0303.018] DecryptMessage (in: phContext=0x32e52d4, pMessage=0x32e8c10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e8c10, pfQOP=0x0) returned 0x0 [0303.018] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0303.018] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0303.019] DecryptMessage (in: phContext=0x32e52d4, pMessage=0x32e9a14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32e9a14, pfQOP=0x0) returned 0x0 [0303.019] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0303.020] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0303.020] DecryptMessage (in: phContext=0x32e52d4, pMessage=0x32eac5c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32eac5c, pfQOP=0x0) returned 0x0 [0303.020] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0303.020] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0303.020] DecryptMessage (in: phContext=0x32e52d4, pMessage=0x32ead70, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ead70, pfQOP=0x0) returned 0x0 [0303.020] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0303.021] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0303.021] DecryptMessage (in: phContext=0x32e52d4, pMessage=0x32ed0d4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ed0d4, pfQOP=0x0) returned 0x0 [0303.021] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0303.021] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0303.021] DecryptMessage (in: phContext=0x32e52d4, pMessage=0x32ed1e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ed1e8, pfQOP=0x0) returned 0x0 [0303.021] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0303.021] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0303.022] DecryptMessage (in: phContext=0x32e52d4, pMessage=0x32ed2fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32ed2fc, pfQOP=0x0) returned 0x0 [0303.022] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0303.022] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0303.022] DecryptMessage (in: phContext=0x32e52d4, pMessage=0x32f1898, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f1898, pfQOP=0x0) returned 0x0 [0303.022] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0303.022] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0303.023] DecryptMessage (in: phContext=0x32e52d4, pMessage=0x32f19ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f19ac, pfQOP=0x0) returned 0x0 [0303.023] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0303.023] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0303.023] DecryptMessage (in: phContext=0x32e52d4, pMessage=0x32f1ac0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f1ac0, pfQOP=0x0) returned 0x0 [0303.023] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0303.023] recv (in: s=0x74c, buf=0x2fc52a1, len=1393, flags=0 | out: buf=0x2fc52a1*) returned 1393 [0303.023] DecryptMessage (in: phContext=0x32e52d4, pMessage=0x32f1bd4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f1bd4, pfQOP=0x0) returned 0x0 [0303.023] recv (in: s=0x74c, buf=0x2fc529c, len=5, flags=0 | out: buf=0x2fc529c*) returned 5 [0303.024] recv (in: s=0x74c, buf=0x2fc52a1, len=51, flags=0 | out: buf=0x2fc52a1*) returned 51 [0303.024] DecryptMessage (in: phContext=0x32e52d4, pMessage=0x32f1ce8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f1ce8, pfQOP=0x0) returned 0x0 [0303.024] SetEvent (hEvent=0x4a8) returned 1 [0303.024] QueryContextAttributesW (in: phContext=0x32e52d4, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0303.024] DeleteSecurityContext (phContext=0x32e52d4) returned 0x0 [0303.025] shutdown (s=0x74c, how=2) returned 0 [0303.026] closesocket (s=0x74c) returned 0 [0303.030] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744078340710) returned 1 [0303.030] SetEvent (hEvent=0x4a8) returned 1 [0303.032] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0303.033] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0303.033] WSAConnect (in: s=0x74c, name=0x32f50cc*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0303.044] closesocket (s=0x45c) returned 0 [0303.044] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x32f512c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x32f560c, pOutput=0x32f55a4, pfContextAttr=0x32f54bc, ptsExpiry=0x73ed80 | out: phNewContext=0x32f560c, pOutput=0x32f55a4, pfContextAttr=0x32f54bc, ptsExpiry=0x73ed80) returned 0x90312 [0303.045] FreeContextBuffer (in: pvContextBuffer=0x57268e0 | out: pvContextBuffer=0x57268e0) returned 0x0 [0303.045] send (s=0x74c, buf=0x32f5620*, len=366, flags=0) returned 366 [0303.045] recv (in: s=0x74c, buf=0x32f5620, len=5, flags=0 | out: buf=0x32f5620*) returned 5 [0303.056] recv (in: s=0x74c, buf=0x32f5625, len=59, flags=0 | out: buf=0x32f5625*) returned 59 [0303.057] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x32f512c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32f5814, Reserved2=0x0, phNewContext=0x32f560c, pOutput=0x32f5828, pfContextAttr=0x32f54bc, ptsExpiry=0x73ecdc | out: phNewContext=0x32f560c, pOutput=0x32f5828, pfContextAttr=0x32f54bc, ptsExpiry=0x73ecdc) returned 0x90312 [0303.057] recv (in: s=0x74c, buf=0x32f58b8, len=5, flags=0 | out: buf=0x32f58b8*) returned 5 [0303.057] recv (in: s=0x74c, buf=0x32f58d1, len=1, flags=0 | out: buf=0x32f58d1*) returned 1 [0303.057] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x32f512c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32f5944, Reserved2=0x0, phNewContext=0x32f560c, pOutput=0x32f5958, pfContextAttr=0x32f54bc, ptsExpiry=0x73ec3c | out: phNewContext=0x32f560c, pOutput=0x32f5958, pfContextAttr=0x32f54bc, ptsExpiry=0x73ec3c) returned 0x90312 [0303.058] recv (in: s=0x74c, buf=0x32f59e8, len=5, flags=0 | out: buf=0x32f59e8*) returned 5 [0303.058] recv (in: s=0x74c, buf=0x32f5a01, len=40, flags=0 | out: buf=0x32f5a01*) returned 40 [0303.058] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x32f512c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x32f5a9c, Reserved2=0x0, phNewContext=0x32f560c, pOutput=0x32f5ab0, pfContextAttr=0x32f54bc, ptsExpiry=0x73eb9c | out: phNewContext=0x32f560c, pOutput=0x32f5ab0, pfContextAttr=0x32f54bc, ptsExpiry=0x73eb9c) returned 0x0 [0303.059] FreeContextBuffer (in: pvContextBuffer=0x9b8600 | out: pvContextBuffer=0x9b8600) returned 0x0 [0303.059] QueryContextAttributesW (in: phContext=0x32f560c, ulAttribute=0x4, pBuffer=0x32f5b80 | out: pBuffer=0x32f5b80) returned 0x0 [0303.059] QueryContextAttributesW (in: phContext=0x32f560c, ulAttribute=0x5a, pBuffer=0x32f5bbc | out: pBuffer=0x32f5bbc) returned 0x0 [0303.060] QueryContextAttributesW (in: phContext=0x32f560c, ulAttribute=0x53, pBuffer=0x32f5c08 | out: pBuffer=0x32f5c08) returned 0x0 [0303.060] CertDuplicateCertificateContext (pCertContext=0x9b8ae0) returned 0x9b8ae0 [0303.061] CertDuplicateStore (hCertStore=0x9bc238) returned 0x9bc238 [0303.061] CertEnumCertificatesInStore (hCertStore=0x9bc238, pPrevCertContext=0x0) returned 0x9b8b30 [0303.061] CertDuplicateCertificateContext (pCertContext=0x9b8b30) returned 0x9b8b30 [0303.061] CertEnumCertificatesInStore (hCertStore=0x9bc238, pPrevCertContext=0x9b8b30) returned 0x9b8ae0 [0303.062] CertDuplicateCertificateContext (pCertContext=0x9b8ae0) returned 0x9b8ae0 [0303.062] CertEnumCertificatesInStore (hCertStore=0x9bc238, pPrevCertContext=0x9b8ae0) returned 0x0 [0303.062] CertCloseStore (hCertStore=0x9bc238, dwFlags=0x0) returned 1 [0303.062] CertFreeCRLContext (pCrlContext=0x9b8ae0) returned 1 [0303.063] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bc058 [0303.063] CertAddCRLLinkToStore (in: hCertStore=0x9bc058, pCrlContext=0x9b8b30, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0303.063] CertAddCRLLinkToStore (in: hCertStore=0x9bc058, pCrlContext=0x9b8ae0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0303.064] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d5328 [0303.064] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b8ae0, pTime=0x73ebb0, hAdditionalStore=0x9bc058, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0303.064] LocalFree (hMem=0x9d5328) returned 0x0 [0303.064] CertDuplicateCertificateChain (pChainContext=0x9e36d8) returned 0x9e36d8 [0303.065] CertDuplicateCertificateContext (pCertContext=0x9b8ae0) returned 0x9b8ae0 [0303.066] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0303.066] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0303.066] CertFreeCertificateChain (pChainContext=0x9e36d8) [0303.067] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e36d8, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0303.067] SetLastError (dwErrCode=0x0) [0303.067] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e36d8, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0303.067] CertFreeCertificateChain (pChainContext=0x9e36d8) [0303.068] CertFreeCRLContext (pCrlContext=0x9b8ae0) returned 1 [0303.068] EncryptMessage (in: phContext=0x32f560c, fQOP=0x0, pMessage=0x32f7338, MessageSeqNo=0x0 | out: pMessage=0x32f7338) returned 0x0 [0303.068] CoTaskMemAlloc (cb=0x10) returned 0x9f39a8 [0303.068] WSASend (in: s=0x74c, lpBuffers=0x9f39a8*=((len=0x33, buf=0x32f5b2c*), (len=0x4f, buf=0x32f7254*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0303.069] CoTaskMemFree (pv=0x9f39a8) [0303.069] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0303.069] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0303.108] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0303.108] DecryptMessage (in: phContext=0x32f560c, pMessage=0x32f74b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f74b4, pfQOP=0x0) returned 0x0 [0303.109] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0303.109] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0303.109] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0303.109] DecryptMessage (in: phContext=0x32f560c, pMessage=0x32f8f48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f8f48, pfQOP=0x0) returned 0x0 [0303.109] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0303.109] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0303.109] DecryptMessage (in: phContext=0x32f560c, pMessage=0x32f9d4c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32f9d4c, pfQOP=0x0) returned 0x0 [0303.110] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0303.110] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0303.110] DecryptMessage (in: phContext=0x32f560c, pMessage=0x32faf94, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32faf94, pfQOP=0x0) returned 0x0 [0303.110] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0303.110] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0303.110] DecryptMessage (in: phContext=0x32f560c, pMessage=0x32fb0a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32fb0a8, pfQOP=0x0) returned 0x0 [0303.110] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0303.111] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0303.111] DecryptMessage (in: phContext=0x32f560c, pMessage=0x32fd40c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32fd40c, pfQOP=0x0) returned 0x0 [0303.111] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0303.111] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0303.111] DecryptMessage (in: phContext=0x32f560c, pMessage=0x32fd520, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32fd520, pfQOP=0x0) returned 0x0 [0303.111] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0303.111] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0303.112] DecryptMessage (in: phContext=0x32f560c, pMessage=0x32fd634, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x32fd634, pfQOP=0x0) returned 0x0 [0303.112] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0303.112] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0303.112] DecryptMessage (in: phContext=0x32f560c, pMessage=0x3301bd0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3301bd0, pfQOP=0x0) returned 0x0 [0303.113] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0303.113] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0303.113] DecryptMessage (in: phContext=0x32f560c, pMessage=0x3301ce4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3301ce4, pfQOP=0x0) returned 0x0 [0303.113] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0303.113] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0303.113] DecryptMessage (in: phContext=0x32f560c, pMessage=0x3301df8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3301df8, pfQOP=0x0) returned 0x0 [0303.113] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0303.114] recv (in: s=0x74c, buf=0x2fd93b9, len=1393, flags=0 | out: buf=0x2fd93b9*) returned 1393 [0303.114] DecryptMessage (in: phContext=0x32f560c, pMessage=0x3301f0c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3301f0c, pfQOP=0x0) returned 0x0 [0303.114] recv (in: s=0x74c, buf=0x2fd93b4, len=5, flags=0 | out: buf=0x2fd93b4*) returned 5 [0303.114] recv (in: s=0x74c, buf=0x2fd93b9, len=49, flags=0 | out: buf=0x2fd93b9*) returned 49 [0303.114] DecryptMessage (in: phContext=0x32f560c, pMessage=0x3302020, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3302020, pfQOP=0x0) returned 0x0 [0303.114] SetEvent (hEvent=0x4a8) returned 1 [0303.114] QueryContextAttributesW (in: phContext=0x32f560c, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0303.115] DeleteSecurityContext (phContext=0x32f560c) returned 0x0 [0303.115] shutdown (s=0x74c, how=2) returned 0 [0303.116] closesocket (s=0x74c) returned 0 [0303.122] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744087552835) returned 1 [0303.123] SetEvent (hEvent=0x4a8) returned 1 [0303.124] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0303.125] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0303.125] WSAConnect (in: s=0x74c, name=0x33053f0*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0303.135] closesocket (s=0x45c) returned 0 [0303.136] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3305464, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3305944, pOutput=0x33058dc, pfContextAttr=0x33057f4, ptsExpiry=0x73ed80 | out: phNewContext=0x3305944, pOutput=0x33058dc, pfContextAttr=0x33057f4, ptsExpiry=0x73ed80) returned 0x90312 [0303.136] FreeContextBuffer (in: pvContextBuffer=0x57262c0 | out: pvContextBuffer=0x57262c0) returned 0x0 [0303.137] send (s=0x74c, buf=0x3305958*, len=366, flags=0) returned 366 [0303.137] recv (in: s=0x74c, buf=0x3305958, len=5, flags=0 | out: buf=0x3305958*) returned 5 [0303.147] recv (in: s=0x74c, buf=0x330595d, len=59, flags=0 | out: buf=0x330595d*) returned 59 [0303.148] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3305464, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3305b4c, Reserved2=0x0, phNewContext=0x3305944, pOutput=0x3305b60, pfContextAttr=0x33057f4, ptsExpiry=0x73ecdc | out: phNewContext=0x3305944, pOutput=0x3305b60, pfContextAttr=0x33057f4, ptsExpiry=0x73ecdc) returned 0x90312 [0303.148] recv (in: s=0x74c, buf=0x3305bf0, len=5, flags=0 | out: buf=0x3305bf0*) returned 5 [0303.148] recv (in: s=0x74c, buf=0x3305c09, len=1, flags=0 | out: buf=0x3305c09*) returned 1 [0303.149] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3305464, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3305c7c, Reserved2=0x0, phNewContext=0x3305944, pOutput=0x3305c90, pfContextAttr=0x33057f4, ptsExpiry=0x73ec3c | out: phNewContext=0x3305944, pOutput=0x3305c90, pfContextAttr=0x33057f4, ptsExpiry=0x73ec3c) returned 0x90312 [0303.149] recv (in: s=0x74c, buf=0x3305d20, len=5, flags=0 | out: buf=0x3305d20*) returned 5 [0303.149] recv (in: s=0x74c, buf=0x3305d39, len=40, flags=0 | out: buf=0x3305d39*) returned 40 [0303.149] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3305464, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3305dd4, Reserved2=0x0, phNewContext=0x3305944, pOutput=0x3305de8, pfContextAttr=0x33057f4, ptsExpiry=0x73eb9c | out: phNewContext=0x3305944, pOutput=0x3305de8, pfContextAttr=0x33057f4, ptsExpiry=0x73eb9c) returned 0x0 [0303.150] FreeContextBuffer (in: pvContextBuffer=0x9b83d0 | out: pvContextBuffer=0x9b83d0) returned 0x0 [0303.151] QueryContextAttributesW (in: phContext=0x3305944, ulAttribute=0x4, pBuffer=0x3305eb8 | out: pBuffer=0x3305eb8) returned 0x0 [0303.151] QueryContextAttributesW (in: phContext=0x3305944, ulAttribute=0x5a, pBuffer=0x3305ef4 | out: pBuffer=0x3305ef4) returned 0x0 [0303.151] QueryContextAttributesW (in: phContext=0x3305944, ulAttribute=0x53, pBuffer=0x3305f40 | out: pBuffer=0x3305f40) returned 0x0 [0303.151] CertDuplicateCertificateContext (pCertContext=0x9b8400) returned 0x9b8400 [0303.152] CertDuplicateStore (hCertStore=0x9bbba8) returned 0x9bbba8 [0303.152] CertEnumCertificatesInStore (hCertStore=0x9bbba8, pPrevCertContext=0x0) returned 0x9b84a0 [0303.152] CertDuplicateCertificateContext (pCertContext=0x9b84a0) returned 0x9b84a0 [0303.152] CertEnumCertificatesInStore (hCertStore=0x9bbba8, pPrevCertContext=0x9b84a0) returned 0x9b8400 [0303.153] CertDuplicateCertificateContext (pCertContext=0x9b8400) returned 0x9b8400 [0303.153] CertEnumCertificatesInStore (hCertStore=0x9bbba8, pPrevCertContext=0x9b8400) returned 0x0 [0303.153] CertCloseStore (hCertStore=0x9bbba8, dwFlags=0x0) returned 1 [0303.153] CertFreeCRLContext (pCrlContext=0x9b8400) returned 1 [0303.154] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bbc20 [0303.154] CertAddCRLLinkToStore (in: hCertStore=0x9bbc20, pCrlContext=0x9b84a0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0303.154] CertAddCRLLinkToStore (in: hCertStore=0x9bbc20, pCrlContext=0x9b8400, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0303.155] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d5288 [0303.155] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b8400, pTime=0x73ebb0, hAdditionalStore=0x9bbc20, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0303.155] LocalFree (hMem=0x9d5288) returned 0x0 [0303.156] CertDuplicateCertificateChain (pChainContext=0x9e2710) returned 0x9e2710 [0303.156] CertDuplicateCertificateContext (pCertContext=0x9b8400) returned 0x9b8400 [0303.157] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0303.157] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0303.157] CertFreeCertificateChain (pChainContext=0x9e2710) [0303.157] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e2710, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0303.157] SetLastError (dwErrCode=0x0) [0303.157] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e2710, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0303.158] CertFreeCertificateChain (pChainContext=0x9e2710) [0303.158] CertFreeCRLContext (pCrlContext=0x9b8400) returned 1 [0303.158] EncryptMessage (in: phContext=0x3305944, fQOP=0x0, pMessage=0x3307670, MessageSeqNo=0x0 | out: pMessage=0x3307670) returned 0x0 [0303.158] CoTaskMemAlloc (cb=0x10) returned 0x9f3948 [0303.159] WSASend (in: s=0x74c, lpBuffers=0x9f3948*=((len=0x33, buf=0x3305e64*), (len=0x4f, buf=0x330758c*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0303.319] CoTaskMemFree (pv=0x9f3948) [0303.319] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0303.319] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0303.320] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0303.320] DecryptMessage (in: phContext=0x3305944, pMessage=0x33077ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33077ec, pfQOP=0x0) returned 0x0 [0303.322] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0303.322] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0303.322] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0303.322] DecryptMessage (in: phContext=0x3305944, pMessage=0x3309280, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3309280, pfQOP=0x0) returned 0x0 [0303.322] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0303.323] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0303.323] DecryptMessage (in: phContext=0x3305944, pMessage=0x330a084, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x330a084, pfQOP=0x0) returned 0x0 [0303.323] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0303.324] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0303.324] DecryptMessage (in: phContext=0x3305944, pMessage=0x330b2cc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x330b2cc, pfQOP=0x0) returned 0x0 [0303.324] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0303.324] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0303.324] DecryptMessage (in: phContext=0x3305944, pMessage=0x330b3e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x330b3e0, pfQOP=0x0) returned 0x0 [0303.325] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0303.325] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0303.325] DecryptMessage (in: phContext=0x3305944, pMessage=0x330d744, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x330d744, pfQOP=0x0) returned 0x0 [0303.325] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0303.325] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0303.326] DecryptMessage (in: phContext=0x3305944, pMessage=0x330d858, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x330d858, pfQOP=0x0) returned 0x0 [0303.326] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0303.326] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0303.326] DecryptMessage (in: phContext=0x3305944, pMessage=0x330d96c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x330d96c, pfQOP=0x0) returned 0x0 [0303.327] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0303.327] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0303.327] DecryptMessage (in: phContext=0x3305944, pMessage=0x3311f08, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3311f08, pfQOP=0x0) returned 0x0 [0303.327] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0303.327] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0303.328] DecryptMessage (in: phContext=0x3305944, pMessage=0x331201c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331201c, pfQOP=0x0) returned 0x0 [0303.328] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0303.328] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0303.328] DecryptMessage (in: phContext=0x3305944, pMessage=0x3312130, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3312130, pfQOP=0x0) returned 0x0 [0303.328] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0303.329] recv (in: s=0x74c, buf=0x2fd5381, len=1393, flags=0 | out: buf=0x2fd5381*) returned 1393 [0303.329] DecryptMessage (in: phContext=0x3305944, pMessage=0x3312244, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3312244, pfQOP=0x0) returned 0x0 [0303.329] recv (in: s=0x74c, buf=0x2fd537c, len=5, flags=0 | out: buf=0x2fd537c*) returned 5 [0303.329] recv (in: s=0x74c, buf=0x2fd5381, len=51, flags=0 | out: buf=0x2fd5381*) returned 51 [0303.329] DecryptMessage (in: phContext=0x3305944, pMessage=0x3312358, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3312358, pfQOP=0x0) returned 0x0 [0303.330] SetEvent (hEvent=0x4a8) returned 1 [0303.331] QueryContextAttributesW (in: phContext=0x3305944, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0303.336] DeleteSecurityContext (phContext=0x3305944) returned 0x0 [0303.337] shutdown (s=0x74c, how=2) returned 0 [0303.338] closesocket (s=0x74c) returned 0 [0303.346] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744109910956) returned 1 [0303.346] SetEvent (hEvent=0x4a8) returned 1 [0303.351] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0303.353] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0303.353] WSAConnect (in: s=0x74c, name=0x331573c*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0303.368] closesocket (s=0x45c) returned 0 [0303.369] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x331579c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3315c7c, pOutput=0x3315c14, pfContextAttr=0x3315b2c, ptsExpiry=0x73ed80 | out: phNewContext=0x3315c7c, pOutput=0x3315c14, pfContextAttr=0x3315b2c, ptsExpiry=0x73ed80) returned 0x90312 [0303.370] FreeContextBuffer (in: pvContextBuffer=0x57262c0 | out: pvContextBuffer=0x57262c0) returned 0x0 [0303.370] send (s=0x74c, buf=0x3315c90*, len=366, flags=0) returned 366 [0303.371] recv (in: s=0x74c, buf=0x3315c90, len=5, flags=0 | out: buf=0x3315c90*) returned 5 [0303.383] recv (in: s=0x74c, buf=0x3315c95, len=59, flags=0 | out: buf=0x3315c95*) returned 59 [0303.383] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x331579c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3315e84, Reserved2=0x0, phNewContext=0x3315c7c, pOutput=0x3315e98, pfContextAttr=0x3315b2c, ptsExpiry=0x73ecdc | out: phNewContext=0x3315c7c, pOutput=0x3315e98, pfContextAttr=0x3315b2c, ptsExpiry=0x73ecdc) returned 0x90312 [0303.384] recv (in: s=0x74c, buf=0x3315f28, len=5, flags=0 | out: buf=0x3315f28*) returned 5 [0303.384] recv (in: s=0x74c, buf=0x3315f41, len=1, flags=0 | out: buf=0x3315f41*) returned 1 [0303.384] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x331579c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3315fb4, Reserved2=0x0, phNewContext=0x3315c7c, pOutput=0x3315fc8, pfContextAttr=0x3315b2c, ptsExpiry=0x73ec3c | out: phNewContext=0x3315c7c, pOutput=0x3315fc8, pfContextAttr=0x3315b2c, ptsExpiry=0x73ec3c) returned 0x90312 [0303.385] recv (in: s=0x74c, buf=0x3316058, len=5, flags=0 | out: buf=0x3316058*) returned 5 [0303.385] recv (in: s=0x74c, buf=0x3316071, len=40, flags=0 | out: buf=0x3316071*) returned 40 [0303.385] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x331579c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x331610c, Reserved2=0x0, phNewContext=0x3315c7c, pOutput=0x3316120, pfContextAttr=0x3315b2c, ptsExpiry=0x73eb9c | out: phNewContext=0x3315c7c, pOutput=0x3316120, pfContextAttr=0x3315b2c, ptsExpiry=0x73eb9c) returned 0x0 [0303.387] FreeContextBuffer (in: pvContextBuffer=0x9b8600 | out: pvContextBuffer=0x9b8600) returned 0x0 [0303.387] QueryContextAttributesW (in: phContext=0x3315c7c, ulAttribute=0x4, pBuffer=0x33161f0 | out: pBuffer=0x33161f0) returned 0x0 [0303.387] QueryContextAttributesW (in: phContext=0x3315c7c, ulAttribute=0x5a, pBuffer=0x331622c | out: pBuffer=0x331622c) returned 0x0 [0303.388] QueryContextAttributesW (in: phContext=0x3315c7c, ulAttribute=0x53, pBuffer=0x3316278 | out: pBuffer=0x3316278) returned 0x0 [0303.388] CertDuplicateCertificateContext (pCertContext=0x9b8630) returned 0x9b8630 [0303.389] CertDuplicateStore (hCertStore=0x9bb7e8) returned 0x9bb7e8 [0303.389] CertEnumCertificatesInStore (hCertStore=0x9bb7e8, pPrevCertContext=0x0) returned 0x9b8680 [0303.389] CertDuplicateCertificateContext (pCertContext=0x9b8680) returned 0x9b8680 [0303.389] CertEnumCertificatesInStore (hCertStore=0x9bb7e8, pPrevCertContext=0x9b8680) returned 0x9b8630 [0303.390] CertDuplicateCertificateContext (pCertContext=0x9b8630) returned 0x9b8630 [0303.390] CertEnumCertificatesInStore (hCertStore=0x9bb7e8, pPrevCertContext=0x9b8630) returned 0x0 [0303.390] CertCloseStore (hCertStore=0x9bb7e8, dwFlags=0x0) returned 1 [0303.390] CertFreeCRLContext (pCrlContext=0x9b8630) returned 1 [0303.391] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bba40 [0303.391] CertAddCRLLinkToStore (in: hCertStore=0x9bba40, pCrlContext=0x9b8680, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0303.391] CertAddCRLLinkToStore (in: hCertStore=0x9bba40, pCrlContext=0x9b8630, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0303.392] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d5328 [0303.392] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b8630, pTime=0x73ebb0, hAdditionalStore=0x9bba40, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0303.392] LocalFree (hMem=0x9d5328) returned 0x0 [0303.393] CertDuplicateCertificateChain (pChainContext=0x9e36d8) returned 0x9e36d8 [0303.393] CertDuplicateCertificateContext (pCertContext=0x9b8630) returned 0x9b8630 [0303.404] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0303.406] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0303.407] CertFreeCertificateChain (pChainContext=0x9e36d8) [0303.407] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e36d8, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0303.407] SetLastError (dwErrCode=0x0) [0303.407] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e36d8, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0303.407] CertFreeCertificateChain (pChainContext=0x9e36d8) [0303.407] CertFreeCRLContext (pCrlContext=0x9b8630) returned 1 [0303.408] EncryptMessage (in: phContext=0x3315c7c, fQOP=0x0, pMessage=0x33179a8, MessageSeqNo=0x0 | out: pMessage=0x33179a8) returned 0x0 [0303.408] CoTaskMemAlloc (cb=0x10) returned 0x9f39a8 [0303.408] WSASend (in: s=0x74c, lpBuffers=0x9f39a8*=((len=0x33, buf=0x331619c*), (len=0x4f, buf=0x33178c4*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0303.409] CoTaskMemFree (pv=0x9f39a8) [0303.409] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0303.409] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0303.428] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0303.428] DecryptMessage (in: phContext=0x3315c7c, pMessage=0x3317b24, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3317b24, pfQOP=0x0) returned 0x0 [0303.429] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0303.429] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0303.429] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0303.429] DecryptMessage (in: phContext=0x3315c7c, pMessage=0x33195ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33195ac, pfQOP=0x0) returned 0x0 [0303.429] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0303.430] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0303.430] DecryptMessage (in: phContext=0x3315c7c, pMessage=0x331a3bc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331a3bc, pfQOP=0x0) returned 0x0 [0303.430] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0303.430] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0303.430] DecryptMessage (in: phContext=0x3315c7c, pMessage=0x331b5f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331b5f8, pfQOP=0x0) returned 0x0 [0303.431] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0303.431] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0303.431] DecryptMessage (in: phContext=0x3315c7c, pMessage=0x331b718, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331b718, pfQOP=0x0) returned 0x0 [0303.431] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0303.431] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0303.431] DecryptMessage (in: phContext=0x3315c7c, pMessage=0x331da7c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331da7c, pfQOP=0x0) returned 0x0 [0303.432] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0303.432] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0303.432] DecryptMessage (in: phContext=0x3315c7c, pMessage=0x331db90, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331db90, pfQOP=0x0) returned 0x0 [0303.432] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0303.432] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0303.432] DecryptMessage (in: phContext=0x3315c7c, pMessage=0x331dca4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x331dca4, pfQOP=0x0) returned 0x0 [0303.433] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0303.433] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0303.433] DecryptMessage (in: phContext=0x3315c7c, pMessage=0x3322240, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3322240, pfQOP=0x0) returned 0x0 [0303.433] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0303.433] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0303.433] DecryptMessage (in: phContext=0x3315c7c, pMessage=0x3322354, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3322354, pfQOP=0x0) returned 0x0 [0303.433] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0303.433] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0303.434] DecryptMessage (in: phContext=0x3315c7c, pMessage=0x3322468, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3322468, pfQOP=0x0) returned 0x0 [0303.434] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0303.434] recv (in: s=0x74c, buf=0x2fc92d9, len=1393, flags=0 | out: buf=0x2fc92d9*) returned 1393 [0303.434] DecryptMessage (in: phContext=0x3315c7c, pMessage=0x332257c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332257c, pfQOP=0x0) returned 0x0 [0303.434] recv (in: s=0x74c, buf=0x2fc92d4, len=5, flags=0 | out: buf=0x2fc92d4*) returned 5 [0303.434] recv (in: s=0x74c, buf=0x2fc92d9, len=29, flags=0 | out: buf=0x2fc92d9*) returned 29 [0303.434] DecryptMessage (in: phContext=0x3315c7c, pMessage=0x3322690, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3322690, pfQOP=0x0) returned 0x0 [0303.435] SetEvent (hEvent=0x4a8) returned 1 [0303.435] QueryContextAttributesW (in: phContext=0x3315c7c, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0303.435] DeleteSecurityContext (phContext=0x3315c7c) returned 0x0 [0303.436] shutdown (s=0x74c, how=2) returned 0 [0303.438] closesocket (s=0x74c) returned 0 [0303.443] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744119626928) returned 1 [0303.443] SetEvent (hEvent=0x4a8) returned 1 [0303.445] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0303.446] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0303.446] WSAConnect (in: s=0x74c, name=0x3325a54*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0303.461] closesocket (s=0x45c) returned 0 [0303.462] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3325ac8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3325fb4, pOutput=0x3325f4c, pfContextAttr=0x3325e64, ptsExpiry=0x73ed80 | out: phNewContext=0x3325fb4, pOutput=0x3325f4c, pfContextAttr=0x3325e64, ptsExpiry=0x73ed80) returned 0x90312 [0303.462] FreeContextBuffer (in: pvContextBuffer=0x5725ca0 | out: pvContextBuffer=0x5725ca0) returned 0x0 [0303.462] send (s=0x74c, buf=0x3325fc8*, len=366, flags=0) returned 366 [0303.463] recv (in: s=0x74c, buf=0x3325fc8, len=5, flags=0 | out: buf=0x3325fc8*) returned 5 [0303.474] recv (in: s=0x74c, buf=0x3325fcd, len=59, flags=0 | out: buf=0x3325fcd*) returned 59 [0303.474] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3325ac8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33261bc, Reserved2=0x0, phNewContext=0x3325fb4, pOutput=0x33261d0, pfContextAttr=0x3325e64, ptsExpiry=0x73ecdc | out: phNewContext=0x3325fb4, pOutput=0x33261d0, pfContextAttr=0x3325e64, ptsExpiry=0x73ecdc) returned 0x90312 [0303.475] recv (in: s=0x74c, buf=0x3326260, len=5, flags=0 | out: buf=0x3326260*) returned 5 [0303.475] recv (in: s=0x74c, buf=0x3326279, len=1, flags=0 | out: buf=0x3326279*) returned 1 [0303.475] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3325ac8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33262ec, Reserved2=0x0, phNewContext=0x3325fb4, pOutput=0x3326300, pfContextAttr=0x3325e64, ptsExpiry=0x73ec3c | out: phNewContext=0x3325fb4, pOutput=0x3326300, pfContextAttr=0x3325e64, ptsExpiry=0x73ec3c) returned 0x90312 [0303.475] recv (in: s=0x74c, buf=0x3326390, len=5, flags=0 | out: buf=0x3326390*) returned 5 [0303.475] recv (in: s=0x74c, buf=0x33263a9, len=40, flags=0 | out: buf=0x33263a9*) returned 40 [0303.476] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3325ac8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3326444, Reserved2=0x0, phNewContext=0x3325fb4, pOutput=0x3326458, pfContextAttr=0x3325e64, ptsExpiry=0x73eb9c | out: phNewContext=0x3325fb4, pOutput=0x3326458, pfContextAttr=0x3325e64, ptsExpiry=0x73eb9c) returned 0x0 [0303.477] FreeContextBuffer (in: pvContextBuffer=0x9b8fb0 | out: pvContextBuffer=0x9b8fb0) returned 0x0 [0303.477] QueryContextAttributesW (in: phContext=0x3325fb4, ulAttribute=0x4, pBuffer=0x3326528 | out: pBuffer=0x3326528) returned 0x0 [0303.477] QueryContextAttributesW (in: phContext=0x3325fb4, ulAttribute=0x5a, pBuffer=0x3326564 | out: pBuffer=0x3326564) returned 0x0 [0303.477] QueryContextAttributesW (in: phContext=0x3325fb4, ulAttribute=0x53, pBuffer=0x33265b0 | out: pBuffer=0x33265b0) returned 0x0 [0303.478] CertDuplicateCertificateContext (pCertContext=0x9b8db0) returned 0x9b8db0 [0303.478] CertDuplicateStore (hCertStore=0x9bb9c8) returned 0x9bb9c8 [0303.478] CertEnumCertificatesInStore (hCertStore=0x9bb9c8, pPrevCertContext=0x0) returned 0x9b8f90 [0303.479] CertDuplicateCertificateContext (pCertContext=0x9b8f90) returned 0x9b8f90 [0303.479] CertEnumCertificatesInStore (hCertStore=0x9bb9c8, pPrevCertContext=0x9b8f90) returned 0x9b8db0 [0303.479] CertDuplicateCertificateContext (pCertContext=0x9b8db0) returned 0x9b8db0 [0303.479] CertEnumCertificatesInStore (hCertStore=0x9bb9c8, pPrevCertContext=0x9b8db0) returned 0x0 [0303.480] CertCloseStore (hCertStore=0x9bb9c8, dwFlags=0x0) returned 1 [0303.480] CertFreeCRLContext (pCrlContext=0x9b8db0) returned 1 [0303.480] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bbd10 [0303.481] CertAddCRLLinkToStore (in: hCertStore=0x9bbd10, pCrlContext=0x9b8f90, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0303.481] CertAddCRLLinkToStore (in: hCertStore=0x9bbd10, pCrlContext=0x9b8db0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0303.481] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d5248 [0303.482] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b8db0, pTime=0x73ebb0, hAdditionalStore=0x9bbd10, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0303.482] LocalFree (hMem=0x9d5248) returned 0x0 [0303.482] CertDuplicateCertificateChain (pChainContext=0x9e33b0) returned 0x9e33b0 [0303.483] CertDuplicateCertificateContext (pCertContext=0x9b8db0) returned 0x9b8db0 [0303.483] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0303.484] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0303.484] CertFreeCertificateChain (pChainContext=0x9e33b0) [0303.484] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e33b0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0303.484] SetLastError (dwErrCode=0x0) [0303.484] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e33b0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0303.484] CertFreeCertificateChain (pChainContext=0x9e33b0) [0303.484] CertFreeCRLContext (pCrlContext=0x9b8db0) returned 1 [0303.485] EncryptMessage (in: phContext=0x3325fb4, fQOP=0x0, pMessage=0x3327cd4, MessageSeqNo=0x0 | out: pMessage=0x3327cd4) returned 0x0 [0303.485] CoTaskMemAlloc (cb=0x10) returned 0x9f39a8 [0303.485] WSASend (in: s=0x74c, lpBuffers=0x9f39a8*=((len=0x33, buf=0x33264d4*), (len=0x4f, buf=0x3327bf0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0303.711] CoTaskMemFree (pv=0x9f39a8) [0303.711] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0303.711] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0303.712] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0303.712] DecryptMessage (in: phContext=0x3325fb4, pMessage=0x3327e5c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3327e5c, pfQOP=0x0) returned 0x0 [0303.712] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0303.712] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0303.712] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0303.713] DecryptMessage (in: phContext=0x3325fb4, pMessage=0x33298e4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33298e4, pfQOP=0x0) returned 0x0 [0303.713] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0303.713] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0303.714] DecryptMessage (in: phContext=0x3325fb4, pMessage=0x332a6f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332a6f4, pfQOP=0x0) returned 0x0 [0303.714] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0303.714] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0303.714] DecryptMessage (in: phContext=0x3325fb4, pMessage=0x332b930, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332b930, pfQOP=0x0) returned 0x0 [0303.714] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0303.714] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0303.715] DecryptMessage (in: phContext=0x3325fb4, pMessage=0x332ba44, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332ba44, pfQOP=0x0) returned 0x0 [0303.715] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0303.715] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0303.715] DecryptMessage (in: phContext=0x3325fb4, pMessage=0x332dda8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332dda8, pfQOP=0x0) returned 0x0 [0303.716] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0303.716] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0303.716] DecryptMessage (in: phContext=0x3325fb4, pMessage=0x332debc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332debc, pfQOP=0x0) returned 0x0 [0303.716] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0303.716] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0303.717] DecryptMessage (in: phContext=0x3325fb4, pMessage=0x332dfdc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x332dfdc, pfQOP=0x0) returned 0x0 [0303.717] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0303.717] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0303.717] DecryptMessage (in: phContext=0x3325fb4, pMessage=0x3332578, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3332578, pfQOP=0x0) returned 0x0 [0303.717] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0303.718] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0303.718] DecryptMessage (in: phContext=0x3325fb4, pMessage=0x333268c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333268c, pfQOP=0x0) returned 0x0 [0303.718] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0303.718] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0303.718] DecryptMessage (in: phContext=0x3325fb4, pMessage=0x33327a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33327a0, pfQOP=0x0) returned 0x0 [0303.718] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0303.719] recv (in: s=0x74c, buf=0x2fcd311, len=1393, flags=0 | out: buf=0x2fcd311*) returned 1393 [0303.719] DecryptMessage (in: phContext=0x3325fb4, pMessage=0x33328b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33328b4, pfQOP=0x0) returned 0x0 [0303.719] recv (in: s=0x74c, buf=0x2fcd30c, len=5, flags=0 | out: buf=0x2fcd30c*) returned 5 [0303.719] recv (in: s=0x74c, buf=0x2fcd311, len=51, flags=0 | out: buf=0x2fcd311*) returned 51 [0303.719] DecryptMessage (in: phContext=0x3325fb4, pMessage=0x33329c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33329c8, pfQOP=0x0) returned 0x0 [0303.720] SetEvent (hEvent=0x4a8) returned 1 [0303.720] QueryContextAttributesW (in: phContext=0x3325fb4, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0303.721] DeleteSecurityContext (phContext=0x3325fb4) returned 0x0 [0303.721] shutdown (s=0x74c, how=2) returned 0 [0303.823] closesocket (s=0x74c) returned 0 [0303.832] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744158473058) returned 1 [0303.832] SetEvent (hEvent=0x4a8) returned 1 [0303.833] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0303.834] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0303.836] WSAConnect (in: s=0x74c, name=0x3335da0*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0303.845] closesocket (s=0x45c) returned 0 [0303.846] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3335e00, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x33362e0, pOutput=0x3336278, pfContextAttr=0x3336190, ptsExpiry=0x73ed80 | out: phNewContext=0x33362e0, pOutput=0x3336278, pfContextAttr=0x3336190, ptsExpiry=0x73ed80) returned 0x90312 [0303.849] FreeContextBuffer (in: pvContextBuffer=0x57268e0 | out: pvContextBuffer=0x57268e0) returned 0x0 [0303.849] send (s=0x74c, buf=0x3336300*, len=366, flags=0) returned 366 [0303.850] recv (in: s=0x74c, buf=0x3336300, len=5, flags=0 | out: buf=0x3336300*) returned 5 [0303.859] recv (in: s=0x74c, buf=0x3336305, len=59, flags=0 | out: buf=0x3336305*) returned 59 [0303.860] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3335e00, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33364f4, Reserved2=0x0, phNewContext=0x33362e0, pOutput=0x3336508, pfContextAttr=0x3336190, ptsExpiry=0x73ecdc | out: phNewContext=0x33362e0, pOutput=0x3336508, pfContextAttr=0x3336190, ptsExpiry=0x73ecdc) returned 0x90312 [0303.860] recv (in: s=0x74c, buf=0x3336598, len=5, flags=0 | out: buf=0x3336598*) returned 5 [0303.860] recv (in: s=0x74c, buf=0x33365b1, len=1, flags=0 | out: buf=0x33365b1*) returned 1 [0303.860] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3335e00, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3336624, Reserved2=0x0, phNewContext=0x33362e0, pOutput=0x3336638, pfContextAttr=0x3336190, ptsExpiry=0x73ec3c | out: phNewContext=0x33362e0, pOutput=0x3336638, pfContextAttr=0x3336190, ptsExpiry=0x73ec3c) returned 0x90312 [0303.861] recv (in: s=0x74c, buf=0x33366c8, len=5, flags=0 | out: buf=0x33366c8*) returned 5 [0303.861] recv (in: s=0x74c, buf=0x33366e1, len=40, flags=0 | out: buf=0x33366e1*) returned 40 [0303.861] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3335e00, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x333677c, Reserved2=0x0, phNewContext=0x33362e0, pOutput=0x3336790, pfContextAttr=0x3336190, ptsExpiry=0x73eb9c | out: phNewContext=0x33362e0, pOutput=0x3336790, pfContextAttr=0x3336190, ptsExpiry=0x73eb9c) returned 0x0 [0303.864] FreeContextBuffer (in: pvContextBuffer=0x9b8bf0 | out: pvContextBuffer=0x9b8bf0) returned 0x0 [0303.864] QueryContextAttributesW (in: phContext=0x33362e0, ulAttribute=0x4, pBuffer=0x3336860 | out: pBuffer=0x3336860) returned 0x0 [0303.864] QueryContextAttributesW (in: phContext=0x33362e0, ulAttribute=0x5a, pBuffer=0x333689c | out: pBuffer=0x333689c) returned 0x0 [0303.864] QueryContextAttributesW (in: phContext=0x33362e0, ulAttribute=0x53, pBuffer=0x33368e8 | out: pBuffer=0x33368e8) returned 0x0 [0303.864] CertDuplicateCertificateContext (pCertContext=0x9b9080) returned 0x9b9080 [0303.865] CertDuplicateStore (hCertStore=0x9bb950) returned 0x9bb950 [0303.865] CertEnumCertificatesInStore (hCertStore=0x9bb950, pPrevCertContext=0x0) returned 0x9b8ea0 [0303.865] CertDuplicateCertificateContext (pCertContext=0x9b8ea0) returned 0x9b8ea0 [0303.865] CertEnumCertificatesInStore (hCertStore=0x9bb950, pPrevCertContext=0x9b8ea0) returned 0x9b9080 [0303.866] CertDuplicateCertificateContext (pCertContext=0x9b9080) returned 0x9b9080 [0303.866] CertEnumCertificatesInStore (hCertStore=0x9bb950, pPrevCertContext=0x9b9080) returned 0x0 [0303.866] CertCloseStore (hCertStore=0x9bb950, dwFlags=0x0) returned 1 [0303.866] CertFreeCRLContext (pCrlContext=0x9b9080) returned 1 [0303.867] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bbd88 [0303.867] CertAddCRLLinkToStore (in: hCertStore=0x9bbd88, pCrlContext=0x9b8ea0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0303.867] CertAddCRLLinkToStore (in: hCertStore=0x9bbd88, pCrlContext=0x9b9080, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0303.868] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x9d50e8 [0303.868] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b9080, pTime=0x73ebb0, hAdditionalStore=0x9bbd88, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0303.868] LocalFree (hMem=0x9d50e8) returned 0x0 [0303.869] CertDuplicateCertificateChain (pChainContext=0x9e23e8) returned 0x9e23e8 [0303.869] CertDuplicateCertificateContext (pCertContext=0x9b9080) returned 0x9b9080 [0303.870] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0303.870] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0303.870] CertFreeCertificateChain (pChainContext=0x9e23e8) [0303.870] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e23e8, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0303.870] SetLastError (dwErrCode=0x0) [0303.870] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e23e8, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0303.871] CertFreeCertificateChain (pChainContext=0x9e23e8) [0303.871] CertFreeCRLContext (pCrlContext=0x9b9080) returned 1 [0303.871] EncryptMessage (in: phContext=0x33362e0, fQOP=0x0, pMessage=0x333800c, MessageSeqNo=0x0 | out: pMessage=0x333800c) returned 0x0 [0303.871] CoTaskMemAlloc (cb=0x10) returned 0x9f3948 [0303.872] WSASend (in: s=0x74c, lpBuffers=0x9f3948*=((len=0x33, buf=0x333680c*), (len=0x4f, buf=0x3337f28*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0303.872] CoTaskMemFree (pv=0x9f3948) [0303.872] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0303.872] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0303.897] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0303.897] DecryptMessage (in: phContext=0x33362e0, pMessage=0x3338188, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3338188, pfQOP=0x0) returned 0x0 [0303.898] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0303.898] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0303.898] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0303.898] DecryptMessage (in: phContext=0x33362e0, pMessage=0x3339c1c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3339c1c, pfQOP=0x0) returned 0x0 [0303.899] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0303.899] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0303.899] DecryptMessage (in: phContext=0x33362e0, pMessage=0x333aa2c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333aa2c, pfQOP=0x0) returned 0x0 [0303.899] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0303.900] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0303.900] DecryptMessage (in: phContext=0x33362e0, pMessage=0x333bc68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333bc68, pfQOP=0x0) returned 0x0 [0303.900] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0303.900] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0303.900] DecryptMessage (in: phContext=0x33362e0, pMessage=0x333bd7c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333bd7c, pfQOP=0x0) returned 0x0 [0303.901] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0303.901] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0303.901] DecryptMessage (in: phContext=0x33362e0, pMessage=0x333e0e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333e0e0, pfQOP=0x0) returned 0x0 [0303.901] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0303.901] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0303.902] DecryptMessage (in: phContext=0x33362e0, pMessage=0x333e1f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333e1f4, pfQOP=0x0) returned 0x0 [0303.902] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0303.902] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0303.902] DecryptMessage (in: phContext=0x33362e0, pMessage=0x333e308, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x333e308, pfQOP=0x0) returned 0x0 [0303.903] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0303.903] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0303.903] DecryptMessage (in: phContext=0x33362e0, pMessage=0x33428a4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33428a4, pfQOP=0x0) returned 0x0 [0303.903] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0303.903] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0303.903] DecryptMessage (in: phContext=0x33362e0, pMessage=0x33429b8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33429b8, pfQOP=0x0) returned 0x0 [0303.904] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0303.904] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0303.904] DecryptMessage (in: phContext=0x33362e0, pMessage=0x3342ad8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3342ad8, pfQOP=0x0) returned 0x0 [0303.904] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0303.905] recv (in: s=0x74c, buf=0x2fb91f9, len=1393, flags=0 | out: buf=0x2fb91f9*) returned 1393 [0303.905] DecryptMessage (in: phContext=0x33362e0, pMessage=0x3342bec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3342bec, pfQOP=0x0) returned 0x0 [0303.905] recv (in: s=0x74c, buf=0x2fb91f4, len=5, flags=0 | out: buf=0x2fb91f4*) returned 5 [0303.905] recv (in: s=0x74c, buf=0x2fb91f9, len=29, flags=0 | out: buf=0x2fb91f9*) returned 29 [0303.905] DecryptMessage (in: phContext=0x33362e0, pMessage=0x3342d00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3342d00, pfQOP=0x0) returned 0x0 [0303.905] SetEvent (hEvent=0x4a8) returned 1 [0303.906] QueryContextAttributesW (in: phContext=0x33362e0, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0303.906] DeleteSecurityContext (phContext=0x33362e0) returned 0x0 [0303.907] shutdown (s=0x74c, how=2) returned 0 [0303.907] closesocket (s=0x74c) returned 0 [0303.916] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744166916279) returned 1 [0303.916] SetEvent (hEvent=0x4a8) returned 1 [0303.918] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0303.922] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0303.923] WSAConnect (in: s=0x74c, name=0x33460c4*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0303.934] closesocket (s=0x45c) returned 0 [0303.935] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3346138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3346618, pOutput=0x33465b0, pfContextAttr=0x33464c8, ptsExpiry=0x73ed80 | out: phNewContext=0x3346618, pOutput=0x33465b0, pfContextAttr=0x33464c8, ptsExpiry=0x73ed80) returned 0x90312 [0303.935] FreeContextBuffer (in: pvContextBuffer=0x5726448 | out: pvContextBuffer=0x5726448) returned 0x0 [0303.935] send (s=0x74c, buf=0x334662c*, len=366, flags=0) returned 366 [0303.936] recv (in: s=0x74c, buf=0x334662c, len=5, flags=0 | out: buf=0x334662c*) returned 5 [0303.946] recv (in: s=0x74c, buf=0x3346631, len=59, flags=0 | out: buf=0x3346631*) returned 59 [0303.946] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3346138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3346820, Reserved2=0x0, phNewContext=0x3346618, pOutput=0x3346834, pfContextAttr=0x33464c8, ptsExpiry=0x73ecdc | out: phNewContext=0x3346618, pOutput=0x3346834, pfContextAttr=0x33464c8, ptsExpiry=0x73ecdc) returned 0x90312 [0303.947] recv (in: s=0x74c, buf=0x33468c4, len=5, flags=0 | out: buf=0x33468c4*) returned 5 [0303.947] recv (in: s=0x74c, buf=0x33468dd, len=1, flags=0 | out: buf=0x33468dd*) returned 1 [0303.947] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3346138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3346950, Reserved2=0x0, phNewContext=0x3346618, pOutput=0x3346964, pfContextAttr=0x33464c8, ptsExpiry=0x73ec3c | out: phNewContext=0x3346618, pOutput=0x3346964, pfContextAttr=0x33464c8, ptsExpiry=0x73ec3c) returned 0x90312 [0303.948] recv (in: s=0x74c, buf=0x33469f4, len=5, flags=0 | out: buf=0x33469f4*) returned 5 [0303.948] recv (in: s=0x74c, buf=0x3346a0d, len=40, flags=0 | out: buf=0x3346a0d*) returned 40 [0303.948] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3346138, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3346aa8, Reserved2=0x0, phNewContext=0x3346618, pOutput=0x3346abc, pfContextAttr=0x33464c8, ptsExpiry=0x73eb9c | out: phNewContext=0x3346618, pOutput=0x3346abc, pfContextAttr=0x33464c8, ptsExpiry=0x73eb9c) returned 0x0 [0303.950] FreeContextBuffer (in: pvContextBuffer=0x9b90f0 | out: pvContextBuffer=0x9b90f0) returned 0x0 [0303.950] QueryContextAttributesW (in: phContext=0x3346618, ulAttribute=0x4, pBuffer=0x3346b98 | out: pBuffer=0x3346b98) returned 0x0 [0303.950] QueryContextAttributesW (in: phContext=0x3346618, ulAttribute=0x5a, pBuffer=0x3346bd4 | out: pBuffer=0x3346bd4) returned 0x0 [0303.950] QueryContextAttributesW (in: phContext=0x3346618, ulAttribute=0x53, pBuffer=0x3346c20 | out: pBuffer=0x3346c20) returned 0x0 [0303.951] CertDuplicateCertificateContext (pCertContext=0x9b8c70) returned 0x9b8c70 [0303.952] CertDuplicateStore (hCertStore=0x9bc0d0) returned 0x9bc0d0 [0303.952] CertEnumCertificatesInStore (hCertStore=0x9bc0d0, pPrevCertContext=0x0) returned 0x9b9120 [0303.952] CertDuplicateCertificateContext (pCertContext=0x9b9120) returned 0x9b9120 [0303.952] CertEnumCertificatesInStore (hCertStore=0x9bc0d0, pPrevCertContext=0x9b9120) returned 0x9b8c70 [0303.953] CertDuplicateCertificateContext (pCertContext=0x9b8c70) returned 0x9b8c70 [0303.953] CertEnumCertificatesInStore (hCertStore=0x9bc0d0, pPrevCertContext=0x9b8c70) returned 0x0 [0303.953] CertCloseStore (hCertStore=0x9bc0d0, dwFlags=0x0) returned 1 [0303.953] CertFreeCRLContext (pCrlContext=0x9b8c70) returned 1 [0303.954] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bc508 [0303.954] CertAddCRLLinkToStore (in: hCertStore=0x9bc508, pCrlContext=0x9b9120, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0303.954] CertAddCRLLinkToStore (in: hCertStore=0x9bc508, pCrlContext=0x9b8c70, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0303.955] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e240 [0303.955] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b8c70, pTime=0x73ebb0, hAdditionalStore=0x9bc508, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0303.956] LocalFree (hMem=0x99e240) returned 0x0 [0303.959] CertDuplicateCertificateChain (pChainContext=0x9e2710) returned 0x9e2710 [0303.960] CertDuplicateCertificateContext (pCertContext=0x9b8c70) returned 0x9b8c70 [0303.961] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0303.961] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0303.961] CertFreeCertificateChain (pChainContext=0x9e2710) [0303.961] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e2710, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0303.961] SetLastError (dwErrCode=0x0) [0303.962] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e2710, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0303.962] CertFreeCertificateChain (pChainContext=0x9e2710) [0303.962] CertFreeCRLContext (pCrlContext=0x9b8c70) returned 1 [0303.963] EncryptMessage (in: phContext=0x3346618, fQOP=0x0, pMessage=0x3348344, MessageSeqNo=0x0 | out: pMessage=0x3348344) returned 0x0 [0303.963] CoTaskMemAlloc (cb=0x10) returned 0x9f3a80 [0303.963] WSASend (in: s=0x74c, lpBuffers=0x9f3a80*=((len=0x33, buf=0x3346b44*), (len=0x4f, buf=0x3348260*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0303.964] CoTaskMemFree (pv=0x9f3a80) [0303.964] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0303.964] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0303.989] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0303.989] DecryptMessage (in: phContext=0x3346618, pMessage=0x33484c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33484c0, pfQOP=0x0) returned 0x0 [0303.990] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0303.990] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0303.990] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0303.990] DecryptMessage (in: phContext=0x3346618, pMessage=0x3349f54, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3349f54, pfQOP=0x0) returned 0x0 [0303.991] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0303.991] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0303.991] DecryptMessage (in: phContext=0x3346618, pMessage=0x334ad64, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334ad64, pfQOP=0x0) returned 0x0 [0303.991] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0303.991] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0303.992] DecryptMessage (in: phContext=0x3346618, pMessage=0x334bfa0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334bfa0, pfQOP=0x0) returned 0x0 [0303.992] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0303.992] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0303.992] DecryptMessage (in: phContext=0x3346618, pMessage=0x334c0b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334c0b4, pfQOP=0x0) returned 0x0 [0303.992] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0303.993] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0303.993] DecryptMessage (in: phContext=0x3346618, pMessage=0x334e418, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334e418, pfQOP=0x0) returned 0x0 [0303.993] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0303.993] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0303.993] DecryptMessage (in: phContext=0x3346618, pMessage=0x334e52c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334e52c, pfQOP=0x0) returned 0x0 [0303.994] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0303.994] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0303.994] DecryptMessage (in: phContext=0x3346618, pMessage=0x334e640, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x334e640, pfQOP=0x0) returned 0x0 [0303.994] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0303.994] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0303.995] DecryptMessage (in: phContext=0x3346618, pMessage=0x3352bdc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3352bdc, pfQOP=0x0) returned 0x0 [0303.995] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0303.995] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0303.995] DecryptMessage (in: phContext=0x3346618, pMessage=0x3352cf0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3352cf0, pfQOP=0x0) returned 0x0 [0303.995] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0303.995] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0303.996] DecryptMessage (in: phContext=0x3346618, pMessage=0x3352e04, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3352e04, pfQOP=0x0) returned 0x0 [0303.996] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0303.996] recv (in: s=0x74c, buf=0x2fe1429, len=1393, flags=0 | out: buf=0x2fe1429*) returned 1393 [0303.996] DecryptMessage (in: phContext=0x3346618, pMessage=0x3352f18, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3352f18, pfQOP=0x0) returned 0x0 [0303.996] recv (in: s=0x74c, buf=0x2fe1424, len=5, flags=0 | out: buf=0x2fe1424*) returned 5 [0303.997] recv (in: s=0x74c, buf=0x2fe1429, len=51, flags=0 | out: buf=0x2fe1429*) returned 51 [0303.997] DecryptMessage (in: phContext=0x3346618, pMessage=0x335302c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335302c, pfQOP=0x0) returned 0x0 [0303.997] SetEvent (hEvent=0x4a8) returned 1 [0303.997] QueryContextAttributesW (in: phContext=0x3346618, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0303.998] DeleteSecurityContext (phContext=0x3346618) returned 0x0 [0303.998] shutdown (s=0x74c, how=2) returned 0 [0303.999] closesocket (s=0x74c) returned 0 [0304.008] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744176131969) returned 1 [0304.008] SetEvent (hEvent=0x4a8) returned 1 [0304.010] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0304.013] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0304.013] WSAConnect (in: s=0x74c, name=0x33563fc*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0304.024] closesocket (s=0x45c) returned 0 [0304.026] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3356470, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3356950, pOutput=0x33568e8, pfContextAttr=0x3356800, ptsExpiry=0x73ed80 | out: phNewContext=0x3356950, pOutput=0x33568e8, pfContextAttr=0x3356800, ptsExpiry=0x73ed80) returned 0x90312 [0304.027] FreeContextBuffer (in: pvContextBuffer=0x5725ca0 | out: pvContextBuffer=0x5725ca0) returned 0x0 [0304.027] send (s=0x74c, buf=0x3356964*, len=366, flags=0) returned 366 [0304.028] recv (in: s=0x74c, buf=0x3356964, len=5, flags=0 | out: buf=0x3356964*) returned 5 [0304.041] recv (in: s=0x74c, buf=0x3356969, len=59, flags=0 | out: buf=0x3356969*) returned 59 [0304.042] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3356470, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3356b58, Reserved2=0x0, phNewContext=0x3356950, pOutput=0x3356b6c, pfContextAttr=0x3356800, ptsExpiry=0x73ecdc | out: phNewContext=0x3356950, pOutput=0x3356b6c, pfContextAttr=0x3356800, ptsExpiry=0x73ecdc) returned 0x90312 [0304.042] recv (in: s=0x74c, buf=0x3356bfc, len=5, flags=0 | out: buf=0x3356bfc*) returned 5 [0304.042] recv (in: s=0x74c, buf=0x3356c15, len=1, flags=0 | out: buf=0x3356c15*) returned 1 [0304.043] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3356470, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3356c88, Reserved2=0x0, phNewContext=0x3356950, pOutput=0x3356c9c, pfContextAttr=0x3356800, ptsExpiry=0x73ec3c | out: phNewContext=0x3356950, pOutput=0x3356c9c, pfContextAttr=0x3356800, ptsExpiry=0x73ec3c) returned 0x90312 [0304.043] recv (in: s=0x74c, buf=0x3356d2c, len=5, flags=0 | out: buf=0x3356d2c*) returned 5 [0304.043] recv (in: s=0x74c, buf=0x3356d45, len=40, flags=0 | out: buf=0x3356d45*) returned 40 [0304.044] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3356470, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3356de0, Reserved2=0x0, phNewContext=0x3356950, pOutput=0x3356df4, pfContextAttr=0x3356800, ptsExpiry=0x73eb9c | out: phNewContext=0x3356950, pOutput=0x3356df4, pfContextAttr=0x3356800, ptsExpiry=0x73eb9c) returned 0x0 [0304.046] FreeContextBuffer (in: pvContextBuffer=0x9b8fb0 | out: pvContextBuffer=0x9b8fb0) returned 0x0 [0304.046] QueryContextAttributesW (in: phContext=0x3356950, ulAttribute=0x4, pBuffer=0x3356ec4 | out: pBuffer=0x3356ec4) returned 0x0 [0304.046] QueryContextAttributesW (in: phContext=0x3356950, ulAttribute=0x5a, pBuffer=0x3356f00 | out: pBuffer=0x3356f00) returned 0x0 [0304.046] QueryContextAttributesW (in: phContext=0x3356950, ulAttribute=0x53, pBuffer=0x3356f4c | out: pBuffer=0x3356f4c) returned 0x0 [0304.047] CertDuplicateCertificateContext (pCertContext=0x9b8c20) returned 0x9b8c20 [0304.048] CertDuplicateStore (hCertStore=0x9bb860) returned 0x9bb860 [0304.048] CertEnumCertificatesInStore (hCertStore=0x9bb860, pPrevCertContext=0x0) returned 0x9b8fe0 [0304.048] CertDuplicateCertificateContext (pCertContext=0x9b8fe0) returned 0x9b8fe0 [0304.048] CertEnumCertificatesInStore (hCertStore=0x9bb860, pPrevCertContext=0x9b8fe0) returned 0x9b8c20 [0304.049] CertDuplicateCertificateContext (pCertContext=0x9b8c20) returned 0x9b8c20 [0304.049] CertEnumCertificatesInStore (hCertStore=0x9bb860, pPrevCertContext=0x9b8c20) returned 0x0 [0304.049] CertCloseStore (hCertStore=0x9bb860, dwFlags=0x0) returned 1 [0304.049] CertFreeCRLContext (pCrlContext=0x9b8c20) returned 1 [0304.054] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bc148 [0304.054] CertAddCRLLinkToStore (in: hCertStore=0x9bc148, pCrlContext=0x9b8fe0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0304.054] CertAddCRLLinkToStore (in: hCertStore=0x9bc148, pCrlContext=0x9b8c20, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0304.055] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e040 [0304.055] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9b8c20, pTime=0x73ebb0, hAdditionalStore=0x9bc148, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0304.055] LocalFree (hMem=0x99e040) returned 0x0 [0304.056] CertDuplicateCertificateChain (pChainContext=0x9e1a70) returned 0x9e1a70 [0304.056] CertDuplicateCertificateContext (pCertContext=0x9b8c20) returned 0x9b8c20 [0304.057] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0304.058] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0304.058] CertFreeCertificateChain (pChainContext=0x9e1a70) [0304.058] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e1a70, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0304.058] SetLastError (dwErrCode=0x0) [0304.058] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e1a70, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0304.058] CertFreeCertificateChain (pChainContext=0x9e1a70) [0304.059] CertFreeCRLContext (pCrlContext=0x9b8c20) returned 1 [0304.059] EncryptMessage (in: phContext=0x3356950, fQOP=0x0, pMessage=0x335867c, MessageSeqNo=0x0 | out: pMessage=0x335867c) returned 0x0 [0304.059] CoTaskMemAlloc (cb=0x10) returned 0x9f3948 [0304.059] WSASend (in: s=0x74c, lpBuffers=0x9f3948*=((len=0x33, buf=0x3356e70*), (len=0x4f, buf=0x3358598*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0304.060] CoTaskMemFree (pv=0x9f3948) [0304.060] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0304.060] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0304.078] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0304.078] DecryptMessage (in: phContext=0x3356950, pMessage=0x33587f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33587f8, pfQOP=0x0) returned 0x0 [0304.079] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0304.079] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0304.079] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0304.080] DecryptMessage (in: phContext=0x3356950, pMessage=0x335a28c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335a28c, pfQOP=0x0) returned 0x0 [0304.080] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0304.080] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0304.080] DecryptMessage (in: phContext=0x3356950, pMessage=0x335b090, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335b090, pfQOP=0x0) returned 0x0 [0304.081] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0304.081] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0304.081] DecryptMessage (in: phContext=0x3356950, pMessage=0x335c2d8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335c2d8, pfQOP=0x0) returned 0x0 [0304.083] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0304.083] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0304.083] DecryptMessage (in: phContext=0x3356950, pMessage=0x335c3ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335c3ec, pfQOP=0x0) returned 0x0 [0304.083] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0304.084] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0304.084] DecryptMessage (in: phContext=0x3356950, pMessage=0x335e750, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335e750, pfQOP=0x0) returned 0x0 [0304.084] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0304.084] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0304.084] DecryptMessage (in: phContext=0x3356950, pMessage=0x335e864, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335e864, pfQOP=0x0) returned 0x0 [0304.084] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0304.085] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0304.085] DecryptMessage (in: phContext=0x3356950, pMessage=0x335e978, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x335e978, pfQOP=0x0) returned 0x0 [0304.085] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0304.086] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0304.086] DecryptMessage (in: phContext=0x3356950, pMessage=0x3362f14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3362f14, pfQOP=0x0) returned 0x0 [0304.086] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0304.086] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0304.086] DecryptMessage (in: phContext=0x3356950, pMessage=0x3363028, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3363028, pfQOP=0x0) returned 0x0 [0304.086] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0304.087] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0304.087] DecryptMessage (in: phContext=0x3356950, pMessage=0x336313c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x336313c, pfQOP=0x0) returned 0x0 [0304.087] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0304.087] recv (in: s=0x74c, buf=0x2fe54ed, len=1393, flags=0 | out: buf=0x2fe54ed*) returned 1393 [0304.087] DecryptMessage (in: phContext=0x3356950, pMessage=0x3363250, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3363250, pfQOP=0x0) returned 0x0 [0304.087] recv (in: s=0x74c, buf=0x2fe54e8, len=5, flags=0 | out: buf=0x2fe54e8*) returned 5 [0304.088] recv (in: s=0x74c, buf=0x2fe54ed, len=29, flags=0 | out: buf=0x2fe54ed*) returned 29 [0304.088] DecryptMessage (in: phContext=0x3356950, pMessage=0x3363364, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3363364, pfQOP=0x0) returned 0x0 [0304.088] SetEvent (hEvent=0x4a8) returned 1 [0304.088] QueryContextAttributesW (in: phContext=0x3356950, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0304.089] DeleteSecurityContext (phContext=0x3356950) returned 0x0 [0304.090] shutdown (s=0x74c, how=2) returned 0 [0304.090] closesocket (s=0x74c) returned 0 [0304.098] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744185098743) returned 1 [0304.098] SetEvent (hEvent=0x4a8) returned 1 [0304.100] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0304.101] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0304.103] WSAConnect (in: s=0x74c, name=0x3366748*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0304.115] closesocket (s=0x45c) returned 0 [0304.116] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x33667a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3366c88, pOutput=0x3366c20, pfContextAttr=0x3366b38, ptsExpiry=0x73ed80 | out: phNewContext=0x3366c88, pOutput=0x3366c20, pfContextAttr=0x3366b38, ptsExpiry=0x73ed80) returned 0x90312 [0304.117] FreeContextBuffer (in: pvContextBuffer=0x5725fb0 | out: pvContextBuffer=0x5725fb0) returned 0x0 [0304.117] send (s=0x74c, buf=0x3366c9c*, len=366, flags=0) returned 366 [0304.117] recv (in: s=0x74c, buf=0x3366c9c, len=5, flags=0 | out: buf=0x3366c9c*) returned 5 [0304.130] recv (in: s=0x74c, buf=0x3366ca1, len=59, flags=0 | out: buf=0x3366ca1*) returned 59 [0304.131] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x33667a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3366e90, Reserved2=0x0, phNewContext=0x3366c88, pOutput=0x3366ea4, pfContextAttr=0x3366b38, ptsExpiry=0x73ecdc | out: phNewContext=0x3366c88, pOutput=0x3366ea4, pfContextAttr=0x3366b38, ptsExpiry=0x73ecdc) returned 0x90312 [0304.131] recv (in: s=0x74c, buf=0x3366f34, len=5, flags=0 | out: buf=0x3366f34*) returned 5 [0304.131] recv (in: s=0x74c, buf=0x3366f4d, len=1, flags=0 | out: buf=0x3366f4d*) returned 1 [0304.132] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x33667a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3366fc0, Reserved2=0x0, phNewContext=0x3366c88, pOutput=0x3366fd4, pfContextAttr=0x3366b38, ptsExpiry=0x73ec3c | out: phNewContext=0x3366c88, pOutput=0x3366fd4, pfContextAttr=0x3366b38, ptsExpiry=0x73ec3c) returned 0x90312 [0304.132] recv (in: s=0x74c, buf=0x3367064, len=5, flags=0 | out: buf=0x3367064*) returned 5 [0304.132] recv (in: s=0x74c, buf=0x336707d, len=40, flags=0 | out: buf=0x336707d*) returned 40 [0304.133] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x33667a8, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3367118, Reserved2=0x0, phNewContext=0x3366c88, pOutput=0x336712c, pfContextAttr=0x3366b38, ptsExpiry=0x73eb9c | out: phNewContext=0x3366c88, pOutput=0x336712c, pfContextAttr=0x3366b38, ptsExpiry=0x73eb9c) returned 0x0 [0304.134] FreeContextBuffer (in: pvContextBuffer=0x9df028 | out: pvContextBuffer=0x9df028) returned 0x0 [0304.134] QueryContextAttributesW (in: phContext=0x3366c88, ulAttribute=0x4, pBuffer=0x33671fc | out: pBuffer=0x33671fc) returned 0x0 [0304.135] QueryContextAttributesW (in: phContext=0x3366c88, ulAttribute=0x5a, pBuffer=0x3367238 | out: pBuffer=0x3367238) returned 0x0 [0304.135] QueryContextAttributesW (in: phContext=0x3366c88, ulAttribute=0x53, pBuffer=0x3367284 | out: pBuffer=0x3367284) returned 0x0 [0304.135] CertDuplicateCertificateContext (pCertContext=0x9dece8) returned 0x9dece8 [0304.136] CertDuplicateStore (hCertStore=0x9bc1c0) returned 0x9bc1c0 [0304.136] CertEnumCertificatesInStore (hCertStore=0x9bc1c0, pPrevCertContext=0x0) returned 0x9df2d8 [0304.137] CertDuplicateCertificateContext (pCertContext=0x9df2d8) returned 0x9df2d8 [0304.137] CertEnumCertificatesInStore (hCertStore=0x9bc1c0, pPrevCertContext=0x9df2d8) returned 0x9dece8 [0304.137] CertDuplicateCertificateContext (pCertContext=0x9dece8) returned 0x9dece8 [0304.137] CertEnumCertificatesInStore (hCertStore=0x9bc1c0, pPrevCertContext=0x9dece8) returned 0x0 [0304.137] CertCloseStore (hCertStore=0x9bc1c0, dwFlags=0x0) returned 1 [0304.138] CertFreeCRLContext (pCrlContext=0x9dece8) returned 1 [0304.139] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bb8d8 [0304.139] CertAddCRLLinkToStore (in: hCertStore=0x9bb8d8, pCrlContext=0x9df2d8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0304.139] CertAddCRLLinkToStore (in: hCertStore=0x9bb8d8, pCrlContext=0x9dece8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0304.140] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e240 [0304.140] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9dece8, pTime=0x73ebb0, hAdditionalStore=0x9bb8d8, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0304.141] LocalFree (hMem=0x99e240) returned 0x0 [0304.141] CertDuplicateCertificateChain (pChainContext=0x9e1d98) returned 0x9e1d98 [0304.141] CertDuplicateCertificateContext (pCertContext=0x9dece8) returned 0x9dece8 [0304.142] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0304.143] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0304.143] CertFreeCertificateChain (pChainContext=0x9e1d98) [0304.143] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e1d98, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0304.143] SetLastError (dwErrCode=0x0) [0304.143] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e1d98, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0304.143] CertFreeCertificateChain (pChainContext=0x9e1d98) [0304.144] CertFreeCRLContext (pCrlContext=0x9dece8) returned 1 [0304.144] EncryptMessage (in: phContext=0x3366c88, fQOP=0x0, pMessage=0x33689b4, MessageSeqNo=0x0 | out: pMessage=0x33689b4) returned 0x0 [0304.145] CoTaskMemAlloc (cb=0x10) returned 0x9f3948 [0304.145] WSASend (in: s=0x74c, lpBuffers=0x9f3948*=((len=0x33, buf=0x33671a8*), (len=0x4f, buf=0x33688d0*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0304.145] CoTaskMemFree (pv=0x9f3948) [0304.145] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0304.146] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0304.159] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0304.160] DecryptMessage (in: phContext=0x3366c88, pMessage=0x3368b30, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3368b30, pfQOP=0x0) returned 0x0 [0304.161] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0304.161] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0304.161] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0304.161] DecryptMessage (in: phContext=0x3366c88, pMessage=0x336a5c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x336a5c4, pfQOP=0x0) returned 0x0 [0304.161] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0304.162] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0304.162] DecryptMessage (in: phContext=0x3366c88, pMessage=0x336b3c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x336b3c8, pfQOP=0x0) returned 0x0 [0304.162] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0304.162] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0304.162] DecryptMessage (in: phContext=0x3366c88, pMessage=0x336c610, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x336c610, pfQOP=0x0) returned 0x0 [0304.163] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0304.163] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0304.163] DecryptMessage (in: phContext=0x3366c88, pMessage=0x336c724, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x336c724, pfQOP=0x0) returned 0x0 [0304.163] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0304.164] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0304.164] DecryptMessage (in: phContext=0x3366c88, pMessage=0x336ea88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x336ea88, pfQOP=0x0) returned 0x0 [0304.164] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0304.164] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0304.164] DecryptMessage (in: phContext=0x3366c88, pMessage=0x336eb9c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x336eb9c, pfQOP=0x0) returned 0x0 [0304.164] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0304.165] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0304.165] DecryptMessage (in: phContext=0x3366c88, pMessage=0x336ecb0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x336ecb0, pfQOP=0x0) returned 0x0 [0304.165] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0304.165] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0304.166] DecryptMessage (in: phContext=0x3366c88, pMessage=0x337324c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x337324c, pfQOP=0x0) returned 0x0 [0304.166] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0304.166] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0304.166] DecryptMessage (in: phContext=0x3366c88, pMessage=0x3373360, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3373360, pfQOP=0x0) returned 0x0 [0304.166] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0304.166] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0304.167] DecryptMessage (in: phContext=0x3366c88, pMessage=0x3373474, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3373474, pfQOP=0x0) returned 0x0 [0304.167] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0304.167] recv (in: s=0x74c, buf=0x2fc1269, len=1393, flags=0 | out: buf=0x2fc1269*) returned 1393 [0304.167] DecryptMessage (in: phContext=0x3366c88, pMessage=0x3373588, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3373588, pfQOP=0x0) returned 0x0 [0304.167] recv (in: s=0x74c, buf=0x2fc1264, len=5, flags=0 | out: buf=0x2fc1264*) returned 5 [0304.167] recv (in: s=0x74c, buf=0x2fc1269, len=51, flags=0 | out: buf=0x2fc1269*) returned 51 [0304.168] DecryptMessage (in: phContext=0x3366c88, pMessage=0x337369c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x337369c, pfQOP=0x0) returned 0x0 [0304.168] SetEvent (hEvent=0x4a8) returned 1 [0304.168] QueryContextAttributesW (in: phContext=0x3366c88, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0304.168] DeleteSecurityContext (phContext=0x3366c88) returned 0x0 [0304.169] shutdown (s=0x74c, how=2) returned 0 [0304.170] closesocket (s=0x74c) returned 0 [0304.178] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744193143245) returned 1 [0304.178] SetEvent (hEvent=0x4a8) returned 1 [0304.180] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0304.183] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0304.183] WSAConnect (in: s=0x74c, name=0x3376a80*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0304.194] closesocket (s=0x45c) returned 0 [0304.195] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3376ae0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x3376fc0, pOutput=0x3376f58, pfContextAttr=0x3376e70, ptsExpiry=0x73ed80 | out: phNewContext=0x3376fc0, pOutput=0x3376f58, pfContextAttr=0x3376e70, ptsExpiry=0x73ed80) returned 0x90312 [0304.196] FreeContextBuffer (in: pvContextBuffer=0x57268e0 | out: pvContextBuffer=0x57268e0) returned 0x0 [0304.196] send (s=0x74c, buf=0x3376fd4*, len=366, flags=0) returned 366 [0304.196] recv (in: s=0x74c, buf=0x3376fd4, len=5, flags=0 | out: buf=0x3376fd4*) returned 5 [0304.211] recv (in: s=0x74c, buf=0x3376fd9, len=59, flags=0 | out: buf=0x3376fd9*) returned 59 [0304.211] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3376ae0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33771c8, Reserved2=0x0, phNewContext=0x3376fc0, pOutput=0x33771dc, pfContextAttr=0x3376e70, ptsExpiry=0x73ecdc | out: phNewContext=0x3376fc0, pOutput=0x33771dc, pfContextAttr=0x3376e70, ptsExpiry=0x73ecdc) returned 0x90312 [0304.212] recv (in: s=0x74c, buf=0x337726c, len=5, flags=0 | out: buf=0x337726c*) returned 5 [0304.212] recv (in: s=0x74c, buf=0x3377285, len=1, flags=0 | out: buf=0x3377285*) returned 1 [0304.212] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3376ae0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x33772f8, Reserved2=0x0, phNewContext=0x3376fc0, pOutput=0x337730c, pfContextAttr=0x3376e70, ptsExpiry=0x73ec3c | out: phNewContext=0x3376fc0, pOutput=0x337730c, pfContextAttr=0x3376e70, ptsExpiry=0x73ec3c) returned 0x90312 [0304.213] recv (in: s=0x74c, buf=0x337739c, len=5, flags=0 | out: buf=0x337739c*) returned 5 [0304.213] recv (in: s=0x74c, buf=0x33773b5, len=40, flags=0 | out: buf=0x33773b5*) returned 40 [0304.213] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3376ae0, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3377450, Reserved2=0x0, phNewContext=0x3376fc0, pOutput=0x3377464, pfContextAttr=0x3376e70, ptsExpiry=0x73eb9c | out: phNewContext=0x3376fc0, pOutput=0x3377464, pfContextAttr=0x3376e70, ptsExpiry=0x73eb9c) returned 0x0 [0304.215] FreeContextBuffer (in: pvContextBuffer=0x9df2f8 | out: pvContextBuffer=0x9df2f8) returned 0x0 [0304.215] QueryContextAttributesW (in: phContext=0x3376fc0, ulAttribute=0x4, pBuffer=0x3377534 | out: pBuffer=0x3377534) returned 0x0 [0304.215] QueryContextAttributesW (in: phContext=0x3376fc0, ulAttribute=0x5a, pBuffer=0x3377570 | out: pBuffer=0x3377570) returned 0x0 [0304.215] QueryContextAttributesW (in: phContext=0x3376fc0, ulAttribute=0x53, pBuffer=0x33775bc | out: pBuffer=0x33775bc) returned 0x0 [0304.216] CertDuplicateCertificateContext (pCertContext=0x9deb08) returned 0x9deb08 [0304.217] CertDuplicateStore (hCertStore=0x9bb6f8) returned 0x9bb6f8 [0304.217] CertEnumCertificatesInStore (hCertStore=0x9bb6f8, pPrevCertContext=0x0) returned 0x9deec8 [0304.217] CertDuplicateCertificateContext (pCertContext=0x9deec8) returned 0x9deec8 [0304.217] CertEnumCertificatesInStore (hCertStore=0x9bb6f8, pPrevCertContext=0x9deec8) returned 0x9deb08 [0304.218] CertDuplicateCertificateContext (pCertContext=0x9deb08) returned 0x9deb08 [0304.218] CertEnumCertificatesInStore (hCertStore=0x9bb6f8, pPrevCertContext=0x9deb08) returned 0x0 [0304.218] CertCloseStore (hCertStore=0x9bb6f8, dwFlags=0x0) returned 1 [0304.218] CertFreeCRLContext (pCrlContext=0x9deb08) returned 1 [0304.219] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bc3a0 [0304.219] CertAddCRLLinkToStore (in: hCertStore=0x9bc3a0, pCrlContext=0x9deec8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0304.220] CertAddCRLLinkToStore (in: hCertStore=0x9bc3a0, pCrlContext=0x9deb08, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0304.220] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e0a0 [0304.220] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9deb08, pTime=0x73ebb0, hAdditionalStore=0x9bc3a0, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0304.221] LocalFree (hMem=0x99e0a0) returned 0x0 [0304.221] CertDuplicateCertificateChain (pChainContext=0x9e33b0) returned 0x9e33b0 [0304.222] CertDuplicateCertificateContext (pCertContext=0x9deb08) returned 0x9deb08 [0304.225] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0304.225] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0304.225] CertFreeCertificateChain (pChainContext=0x9e33b0) [0304.225] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e33b0, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0304.225] SetLastError (dwErrCode=0x0) [0304.226] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e33b0, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0304.226] CertFreeCertificateChain (pChainContext=0x9e33b0) [0304.226] CertFreeCRLContext (pCrlContext=0x9deb08) returned 1 [0304.226] EncryptMessage (in: phContext=0x3376fc0, fQOP=0x0, pMessage=0x3378cec, MessageSeqNo=0x0 | out: pMessage=0x3378cec) returned 0x0 [0304.226] CoTaskMemAlloc (cb=0x10) returned 0x9f3ac8 [0304.227] WSASend (in: s=0x74c, lpBuffers=0x9f3ac8*=((len=0x33, buf=0x33774e0*), (len=0x4f, buf=0x3378c08*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0304.227] CoTaskMemFree (pv=0x9f3ac8) [0304.227] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0304.227] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0304.247] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0304.247] DecryptMessage (in: phContext=0x3376fc0, pMessage=0x3378e68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3378e68, pfQOP=0x0) returned 0x0 [0304.247] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0304.248] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0304.248] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0304.248] DecryptMessage (in: phContext=0x3376fc0, pMessage=0x337a8fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x337a8fc, pfQOP=0x0) returned 0x0 [0304.248] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0304.248] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0304.248] DecryptMessage (in: phContext=0x3376fc0, pMessage=0x337b700, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x337b700, pfQOP=0x0) returned 0x0 [0304.249] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0304.249] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0304.249] DecryptMessage (in: phContext=0x3376fc0, pMessage=0x337c948, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x337c948, pfQOP=0x0) returned 0x0 [0304.249] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0304.249] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0304.249] DecryptMessage (in: phContext=0x3376fc0, pMessage=0x337ca5c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x337ca5c, pfQOP=0x0) returned 0x0 [0304.250] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0304.250] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0304.250] DecryptMessage (in: phContext=0x3376fc0, pMessage=0x337edc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x337edc0, pfQOP=0x0) returned 0x0 [0304.250] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0304.250] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0304.250] DecryptMessage (in: phContext=0x3376fc0, pMessage=0x337eed4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x337eed4, pfQOP=0x0) returned 0x0 [0304.250] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0304.250] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0304.251] DecryptMessage (in: phContext=0x3376fc0, pMessage=0x337efe8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x337efe8, pfQOP=0x0) returned 0x0 [0304.251] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0304.251] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0304.251] DecryptMessage (in: phContext=0x3376fc0, pMessage=0x3383584, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3383584, pfQOP=0x0) returned 0x0 [0304.251] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0304.251] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0304.252] DecryptMessage (in: phContext=0x3376fc0, pMessage=0x3383698, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x3383698, pfQOP=0x0) returned 0x0 [0304.252] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0304.252] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0304.252] DecryptMessage (in: phContext=0x3376fc0, pMessage=0x33837ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33837ac, pfQOP=0x0) returned 0x0 [0304.252] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0304.252] recv (in: s=0x74c, buf=0x2fb1189, len=1393, flags=0 | out: buf=0x2fb1189*) returned 1393 [0304.252] DecryptMessage (in: phContext=0x3376fc0, pMessage=0x33838c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33838c0, pfQOP=0x0) returned 0x0 [0304.253] recv (in: s=0x74c, buf=0x2fb1184, len=5, flags=0 | out: buf=0x2fb1184*) returned 5 [0304.253] recv (in: s=0x74c, buf=0x2fb1189, len=51, flags=0 | out: buf=0x2fb1189*) returned 51 [0304.255] DecryptMessage (in: phContext=0x3376fc0, pMessage=0x33839d4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33839d4, pfQOP=0x0) returned 0x0 [0304.255] SetEvent (hEvent=0x4a8) returned 1 [0304.255] QueryContextAttributesW (in: phContext=0x3376fc0, ulAttribute=0x1a, pBuffer=0x73eeec | out: pBuffer=0x73eeec) returned 0x0 [0304.255] DeleteSecurityContext (phContext=0x3376fc0) returned 0x0 [0304.256] shutdown (s=0x74c, how=2) returned 0 [0304.257] closesocket (s=0x74c) returned 0 [0304.262] QueryPerformanceCounter (in: lpPerformanceCount=0x73f344 | out: lpPerformanceCount=0x73f344*=2744201553160) returned 1 [0304.263] SetEvent (hEvent=0x4a8) returned 1 [0304.265] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x74c [0304.265] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x45c [0304.268] WSAConnect (in: s=0x74c, name=0x3386db8*(sa_family=2, sin_port=0x1bb, sin_addr="104.20.67.143"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0304.303] closesocket (s=0x45c) returned 0 [0304.304] InitializeSecurityContextW (in: phCredential=0x73ed88, phContext=0x0, pTargetName=0x3386e18, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x33872f8, pOutput=0x3387290, pfContextAttr=0x33871a8, ptsExpiry=0x73ed80 | out: phNewContext=0x33872f8, pOutput=0x3387290, pfContextAttr=0x33871a8, ptsExpiry=0x73ed80) returned 0x90312 [0304.305] FreeContextBuffer (in: pvContextBuffer=0x5725ca0 | out: pvContextBuffer=0x5725ca0) returned 0x0 [0304.305] send (s=0x74c, buf=0x338730c*, len=366, flags=0) returned 366 [0304.306] recv (in: s=0x74c, buf=0x338730c, len=5, flags=0 | out: buf=0x338730c*) returned 5 [0304.318] recv (in: s=0x74c, buf=0x3387311, len=59, flags=0 | out: buf=0x3387311*) returned 59 [0304.319] InitializeSecurityContextW (in: phCredential=0x73ece4, phContext=0x73ecd4, pTargetName=0x3386e18, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3387500, Reserved2=0x0, phNewContext=0x33872f8, pOutput=0x3387514, pfContextAttr=0x33871a8, ptsExpiry=0x73ecdc | out: phNewContext=0x33872f8, pOutput=0x3387514, pfContextAttr=0x33871a8, ptsExpiry=0x73ecdc) returned 0x90312 [0304.319] recv (in: s=0x74c, buf=0x33875a4, len=5, flags=0 | out: buf=0x33875a4*) returned 5 [0304.319] recv (in: s=0x74c, buf=0x33875bd, len=1, flags=0 | out: buf=0x33875bd*) returned 1 [0304.319] InitializeSecurityContextW (in: phCredential=0x73ec44, phContext=0x73ec34, pTargetName=0x3386e18, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3387630, Reserved2=0x0, phNewContext=0x33872f8, pOutput=0x3387644, pfContextAttr=0x33871a8, ptsExpiry=0x73ec3c | out: phNewContext=0x33872f8, pOutput=0x3387644, pfContextAttr=0x33871a8, ptsExpiry=0x73ec3c) returned 0x90312 [0304.320] recv (in: s=0x74c, buf=0x33876d4, len=5, flags=0 | out: buf=0x33876d4*) returned 5 [0304.320] recv (in: s=0x74c, buf=0x33876ed, len=40, flags=0 | out: buf=0x33876ed*) returned 40 [0304.320] InitializeSecurityContextW (in: phCredential=0x73eba4, phContext=0x73eb94, pTargetName=0x3386e18, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x3387788, Reserved2=0x0, phNewContext=0x33872f8, pOutput=0x338779c, pfContextAttr=0x33871a8, ptsExpiry=0x73eb9c | out: phNewContext=0x33872f8, pOutput=0x338779c, pfContextAttr=0x33871a8, ptsExpiry=0x73eb9c) returned 0x0 [0304.321] FreeContextBuffer (in: pvContextBuffer=0x9def88 | out: pvContextBuffer=0x9def88) returned 0x0 [0304.321] QueryContextAttributesW (in: phContext=0x33872f8, ulAttribute=0x4, pBuffer=0x338786c | out: pBuffer=0x338786c) returned 0x0 [0304.321] QueryContextAttributesW (in: phContext=0x33872f8, ulAttribute=0x5a, pBuffer=0x33878a8 | out: pBuffer=0x33878a8) returned 0x0 [0304.322] QueryContextAttributesW (in: phContext=0x33872f8, ulAttribute=0x53, pBuffer=0x33878f4 | out: pBuffer=0x33878f4) returned 0x0 [0304.322] CertDuplicateCertificateContext (pCertContext=0x9dea18) returned 0x9dea18 [0304.323] CertDuplicateStore (hCertStore=0x9bc328) returned 0x9bc328 [0304.323] CertEnumCertificatesInStore (hCertStore=0x9bc328, pPrevCertContext=0x0) returned 0x9dec48 [0304.324] CertDuplicateCertificateContext (pCertContext=0x9dec48) returned 0x9dec48 [0304.324] CertEnumCertificatesInStore (hCertStore=0x9bc328, pPrevCertContext=0x9dec48) returned 0x9dea18 [0304.324] CertDuplicateCertificateContext (pCertContext=0x9dea18) returned 0x9dea18 [0304.324] CertEnumCertificatesInStore (hCertStore=0x9bc328, pPrevCertContext=0x9dea18) returned 0x0 [0304.324] CertCloseStore (hCertStore=0x9bc328, dwFlags=0x0) returned 1 [0304.325] CertFreeCRLContext (pCrlContext=0x9dea18) returned 1 [0304.326] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x9bc418 [0304.326] CertAddCRLLinkToStore (in: hCertStore=0x9bc418, pCrlContext=0x9dec48, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0304.326] CertAddCRLLinkToStore (in: hCertStore=0x9bc418, pCrlContext=0x9dea18, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0304.327] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x99e1c0 [0304.327] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x9dea18, pTime=0x73ebb0, hAdditionalStore=0x9bc418, pChainPara=0x73eaf0, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x73eae4 | out: ppChainContext=0x73eae4) returned 1 [0304.328] LocalFree (hMem=0x99e1c0) returned 0x0 [0304.328] CertDuplicateCertificateChain (pChainContext=0x9e23e8) returned 0x9e23e8 [0304.328] CertDuplicateCertificateContext (pCertContext=0x9dea18) returned 0x9dea18 [0304.329] CertDuplicateCertificateContext (pCertContext=0x9fd478) returned 0x9fd478 [0304.330] CertDuplicateCertificateContext (pCertContext=0x9fd1f8) returned 0x9fd1f8 [0304.330] CertFreeCertificateChain (pChainContext=0x9e23e8) [0304.330] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x9e23e8, pPolicyPara=0x73ec90, pPolicyStatus=0x73ec7c | out: pPolicyStatus=0x73ec7c) returned 1 [0304.330] SetLastError (dwErrCode=0x0) [0304.330] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x9e23e8, pPolicyPara=0x73ecf0, pPolicyStatus=0x73eca4 | out: pPolicyStatus=0x73eca4) returned 1 [0304.331] CertFreeCertificateChain (pChainContext=0x9e23e8) [0304.451] CertFreeCRLContext (pCrlContext=0x9dea18) returned 1 [0304.452] EncryptMessage (in: phContext=0x33872f8, fQOP=0x0, pMessage=0x3389024, MessageSeqNo=0x0 | out: pMessage=0x3389024) returned 0x0 [0304.452] CoTaskMemAlloc (cb=0x10) returned 0x9f3a80 [0304.452] WSASend (in: s=0x74c, lpBuffers=0x9f3a80*=((len=0x33, buf=0x3387818*), (len=0x4f, buf=0x3388f40*)), dwBufferCount=0x2, lpNumberOfBytesSent=0x73efec, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x73efec*=0x82, lpOverlapped=0x0) returned 0 [0304.453] CoTaskMemFree (pv=0x9f3a80) [0304.453] setsockopt (s=0x74c, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0304.453] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0304.469] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0304.469] DecryptMessage (in: phContext=0x33872f8, pMessage=0x33891a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x33891a0, pfQOP=0x0) returned 0x0 [0304.470] setsockopt (s=0x74c, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0304.470] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0304.470] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0304.470] DecryptMessage (in: phContext=0x33872f8, pMessage=0x338ac34, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x338ac34, pfQOP=0x0) returned 0x0 [0304.471] recv (in: s=0x74c, buf=0x2f86064, len=5, flags=0 | out: buf=0x2f86064*) returned 5 [0304.471] recv (in: s=0x74c, buf=0x2f86069, len=1393, flags=0 | out: buf=0x2f86069*) returned 1393 [0304.471] DecryptMessage (in: phContext=0x33872f8, pMessage=0x338ba38, MessageSeqNo=0x0,